CN106845234A - A kind of Android malware detection method based on the monitoring of function flow key point - Google Patents
A kind of Android malware detection method based on the monitoring of function flow key point Download PDFInfo
- Publication number
- CN106845234A CN106845234A CN201710006412.XA CN201710006412A CN106845234A CN 106845234 A CN106845234 A CN 106845234A CN 201710006412 A CN201710006412 A CN 201710006412A CN 106845234 A CN106845234 A CN 106845234A
- Authority
- CN
- China
- Prior art keywords
- function
- monitoring
- analysis
- key point
- calling sequence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The invention discloses a kind of Android malware detection method based on the monitoring of function flow key point, by decompressing analysis apk files, the calling sequence tree for obtaining function flow is analyzed to dex files, with reference to the inventory file after static analysis, reduction performs application program, crucial stream calling sequence and the behavioural information of track record function;After the completion of execution, comprehensive analysis is carried out to application key point, realize that the malware detection present invention solves the problems, such as that prior art lacks and carries out fine granularity monitoring to the function flow calling sequence of whole application, realize the monitoring of SQL and Framework layer functions.Analyzed using the fine granularity of behavior, effectively prevent the leakage analysis situation of behavior, improve the degree of accuracy of applied behavior analysis.
Description
Technical field
The present invention relates to a kind of Android malware detection method based on the monitoring of function flow key point.
Background technology
With the fast-developing and a large amount of popularization of smart mobile phone, the safety of mobile Internet has been current main flow security threat
One of.Android is the maximum intelligent movable equipment platform of existing market occupancy volume, and it also turns into what numerous malicious codes were attacked
Target.In recent years, Android platform had become a popular mobile phone operating system platform, and occupied
In the world more than the mobile phone operating system market share of half.Industry-by-industry is penetrated into, to our life, working and learning band
Huge change is carried out.With the popularization of Android intelligent and Android panel computers, based on Android malware
Also develop rapidly, therefore the Malicious Code Detection technology based on Android platform starts to be suggested.Although Android is intelligently
System is younger compared to the IOS systems of apple, and the safety detection technology research in some Android platforms is issued, such as system
Access control mechanisms, malware detection, application permission analysis, interior nuclear hardening etc..Substantial amounts of Android platform needs to propose more
Plus sane safety detection technology.Android malware detection is that static and dynamic behaviour monitoring is carried out to the application in terminal,
Now traditional is typically all the experience for being analyzed using the mode of static and dynamic bind and being accumulated using safe team
Behavior to software is analyzed, and analyzes corresponding behavioural information, including file, network, Android four big components and power
The contents such as limit.The quantity of the Malware on the platform is on the increase, and Android becomes the main attack mesh of Malware
Mark.Android malice is counted according to Trend Micro and is roughly divided into seven classes, it is all the malice that can abuse value-added service almost to have half
Software, they can be subscribed to and unwanted service for user.Ad ware is also increased recently, and this kind of software can be issued ceaselessly
Disguise oneself as the advertisement of emergency notice, occupies second.Data theft software, malicious downloading software, maliciously crack, click on swindle
Software, and spy's instrument all followed by.These movement softwares can bring the danger that personal and finance data is stolen.
It is domestic at present that main using the killing of antivirus software feature and based on ccf layer is detected to Android application malice
(Framework) method and technology of function hook (API Hook), usual malicious application changes by using methods such as shell adding, encryptions
Become unique characteristics and escape antivirus software detection.
The content of the invention
In order to overcome the shortcoming of prior art, the invention provides a kind of Android based on the monitoring of function flow key point maliciously
Software detecting method, is decompressed by apk files, and the calling sequence tree for obtaining function flow is analyzed to dex therein
Shape structure, and static analysis is carried out to inventory file;Application program after Dynamic Execution reduction, track record performs flow behavior letter
Breath;Integrated Static is analyzed and dynamic analysis is extracted using the crucial stream calling sequence of function.The present invention can solve existing very well
Technology can not carry out fine-grained monitoring problem to the function flow calling sequence of whole application, contain SQL and
The monitoring of Framework layer functions, can carry out more fine-grained analysis to application behavior, it is to avoid the leakage analysis feelings of behavior
Condition, improves the degree of accuracy of applied behavior analysis.
Traditional analysis generally extract application component, authority, network, resource file, configuration file, facility information,
The static informations such as Content Observers, Content Queries, user account carry out simple analysis;Or it is right
Intent, Uri, File IO, Network IO, Database, ContentResolver, SMS, telephone supervisor, Digest,
The dynamic behaviours such as Cipher carry out interception monitoring, carry out malicious act discovery.The present invention uses a kind of based on function flow pass
The Android malware detection method of key point monitoring technology, by analysis program and static resource, rebuilds and performs application program,
The calling sequence of the function flow of analysis of key, then carries out fine-grained monitor and detection and day to the crucial function calling sequence for flowing
Will is stored and analyzed, according to the corresponding report of behavioural analysis in detail of rule base generation.Program performs the monitoring range of stream to frame
The monitoring of rack-layer function flow, extend to the monitoring to every layer functions stream more than system layer.
The technical solution adopted in the present invention is:A kind of Android malware detection side based on the monitoring of function flow key point
Method, comprises the following steps:
Step one, static behavior analysis module are decompressed to apk files, dex therein is analyzed and obtains one
The calling sequence tree of function flow, and static analysis is carried out to inventory file;
Step 2, Dynamic Execution rebuild reduction application program, keep track of process performing;
Step 3, Integrated Static behavioural analysis and obtain the crucial stream calling sequence of function using dynamic behaviour;
Step 4, the calling sequence that flows crucial to function carry out fine-grained monitor and detection and daily record storage and analyze, generation
Detailed behavioural analysis report.
Compared with prior art, the positive effect of the present invention is:
1. the present invention is to carry out static and dynamic analysis by function controlling stream calling sequence to be combined and carry out function flow
Monitoring, the method solves the analysis of the isolated point of invocation of conventional monitoring systems, improves rogue program behavior accuracy and detailed row
It is analysis.
2. the present invention carries out fine-grained in-depth monitoring to calling sequence in the whole function flow of application, and generation is more detailed
Function flow function call information, excavates more valuable malicious code behavioural informations and provides data basis for complexity.
3. fine granularity analytical plan proposed by the present invention, is no longer limited to the monitoring of conventional part sensory system function,
But to the monitoring of whole application function flow calling sequence, effectively prevent the situation of application behavioural information gaps and omissions monitoring.
Brief description of the drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is schematic flow sheet of the invention;
Fig. 2 is system architecture diagram of the invention;
Fig. 3 is a tree schematic diagram for program function stream calling sequence;
Fig. 4 is critical data stream function structural generation schematic diagram.
Specific embodiment
A kind of Android malware detection method based on the monitoring of function flow key point, as shown in figure 1, including following step
Suddenly:
Step 1:Decompiling is carried out to apk files by apktool, can be by class, the side in the dex files in apk files
Method etc. is mapped to object, obtains the smali codes after decompiling and AndroidManifest.xml inventory files.
Step 2:A profound analysis for source code level is carried out to the class in dex files, method, a function call is generated
The execution stream tree construction of relation.
Step 3:By the static analysis to AndroidMainfest.xml, obtain Service, receivers,
The sensing assembly information such as permissions.
Step 4:By Dynamic Execution application program, record application performs function flow calling sequence.To function call stream tree
The detailed calling sequence of the components such as sensitive API and Service, Receivers, permissions in shape structure is analyzed,
And the operation such as invoke, return therein is recorded.
Step 5:The document misregistration on hard disk is obtained by invoke appropriate address, after each dynamic load, according to phase
Answer module base address that the entrance of function is obtained plus document misregistration, the end address for obtaining function is instructed by return.
Step 6:Effectively to overcome the anti-hook technologies of existing Malware, after function entrance address, insertion is redirected
Code, insertion point is positioned at function entrance plus respective offsets and (is set according to dalvik virtual machines or art virtual machine instructions principles
Put skew).It is underway to turn before device sets, code in first saving scene environment, insertion, perform proxy function, acquisition and post
The site environment such as storage, stack value, the site environment for recovering current function etc..
Step 7:The function flow calling sequence of the whole application according to above static analysis is corresponding with dynamic behaviour to be performed
Point, total score separates out Key Functions stream calling sequence.
Step 8:By performing into proxy function the monitoring of ruuning situation to program code, and, letter is obtained from stack
Several parameters and return value, generates corresponding detection module.
Step 9:The incubator process (zygote) of heavily loaded system, by injecting detection module to the process.
Step 10:Apk is to system running environment for loading, by the way that the proxy function of detection module is to the parameter value of function and returns
Return value and function site environment is recorded, be transmitted to corresponding daily record memory module.
Step 11:Log analysis module reads by the crucial stream of function and static behavior engine analysis in log memory
The daily record for going out, is matched and is analyzed.
Step 12:The corresponding report of generation after being analyzed to the daily record for storing by the rule base formulated.
Fig. 2 is system architecture diagram of the invention, including function flow analysis module, function static behavior analysis module, dynamic
Detection module, Key Functions stream detection module, log analysis module, daily record memory module.
The function flow generation module is the apk files after static analysis is decompressed, the tune of the function flow being applied
Sequence tree construction is used, then by loading apk, reconstruction application program is performed, Dynamic Execution stream is recorded and tracked, analyzed
Calling sequence tree construction, optimization most accurately action-function stream key point.After the key point for obtaining function flow, insertion detection
Module;Dynamic operation simultaneously keeps track of crucial stream function process performing;It is comprehensive with reference to the current function performing environment state for preserving
Analyze final more accurate report.
The static behavior analysis module is by apktool or by andrguard etc. similar instrument to applying apk
File carries out conversed analysis.To generate inventory file carry out authority, the big components of Android tetra-, reflective function, encryption function,
Locally (native method) function is analyzed, and generates detailed analysis result.
The dynamic behaviour detection module, insertion is detected in the application of current detection, according to application module stress state
Automatic perform detection function.Execution flow to behavior is recorded, and synthesis is carried out with reference to the function calling sequence of static generation
Analysis, obtains the calling sequence of the Key Functions stream of sensitivity.
Key Functions stream detection module heavy duty incubator (zygote), and the module injected by it, whenever startup
During detection module can be automatically loaded into using independent environment during new application, when judging application corresponding module loading success
Afterwards, the detection of Key Functions flow point is performed.
The daily record memory module, to each test point of Key Functions stream in detection module, preserves stack in functional environment, deposit
The information such as device, return value, parameter;With reference to and with sensitive spot static information in AndroidMainfest.xml files, deposit in the lump
In database or other storage organizations.
The log analysis module is to take out the log information in storage organization by application bag name, CRC or MD5 etc. to enter
Row comprehensive descision.
Fig. 3 is static generating function stream calling sequence schematic diagram.There are one or more point of invocation, letter in one function the inside
Number call relation forms tree-like calling sequence, and whole calling sequence includes SQL and ccf layer function call stream.
When program is when reduction act operation current function fun1 is simulated, function fun1 was both defeated comprising input when being called
Go out data, also comprising each Key Functions point for calling underlying function.By preserving function site environment (as preserved control point position
The opcode for putting, it is ensured that revert to corresponding performing environment after having performed monitoring), it is inclined by detection method porch entering row address
Modification application heap authority is moved, and adds monitor code;By the detection that code goes to be performed in proxy function that redirects for setting
Code, it is to avoid the destruction of functional environment, can continue executing with the primitive behavior of itself after having detected.Stack data can be obtained during detection,
Or current function performs conditions Ambient information, such as a range of character information and parameter.Behavioral data covers tradition
SQL in framework layers and Key Functions stream calling sequence.Extract after completing function current context value, can recover
The initial environment of function, continues function original path and performs.When program runs to last function, system is performed to function and terminated
Operation, discharges operating-system resources.It is final that crucial letter is generated according to Dynamic Execution function flow result record and staticaanalysis results
Number stream calling sequence.
Fig. 4 is that Key Functions flow structure generates schematic diagram, and the function flow generation module is to decompression by static analysis
Dex document codes afterwards, the tree structure of the function flow that is applied calling sequence;Reduction application is rebuild by load operating, it is right
Execution flows into line trace record, and analysis calling sequence extracts most accurately action-function stream key point.
Android system framework is divided into four-layer structure, is respectively application layer, application framework layer, system fortune from upper strata
Row storehouse layer and Linux inner core;Calling sequence and dynamic application behavior of the present invention by static function stream, can cover above-mentioned
The behavioral value of whole four-layer structure function flow key points.
Claims (8)
1. it is a kind of based on function flow key point monitoring Android malware detection method, it is characterised in that:Comprise the following steps:
Step one, static behavior analysis module are decompressed to apk files, dex therein is analyzed and obtains function flow
Calling sequence tree, while carrying out static analysis to inventory file;
Application program after step 2, Dynamic Execution reduction, track record performs flow behavior;
Step 3, Integrated Static behavior and reduction obtain the crucial stream calling sequence of function using dynamic behaviour;
Step 4, the calling sequence that flows crucial to function carry out fine-grained monitor and detection and daily record storage and analyze, and generation is detailed
Behavioural analysis is reported.
2. a kind of Android malware detection method based on the monitoring of function flow key point according to claim 1, it is special
Levy and be:The static behavior analysis module carries out conversed analysis, opposite by apktool or andrguard to apk files
Into inventory file carry out authority, the big components of Android tetra-, reflective function, encryption function, local function and be analyzed, generate
Detailed analysis result.
3. a kind of Android malware detection method based on the monitoring of function flow key point according to claim 2, it is special
Levy and be:The static behavior analysis module carries out decompiling by apktool to apk files, by the dex texts in apk files
Part, class or method are mapped to object, obtain the smali codes after decompiling and AndroidManifest.xml inventory files.
4. a kind of Android malware detection method based on the monitoring of function flow key point according to claim 3, it is special
Levy and be:The static behavior analysis module carries out a profound analysis for source code level, generation to the class or method of dex files
One calling sequence tree of function flow.
5. a kind of Android malware detection method based on the monitoring of function flow key point according to claim 4, it is special
Levy and be:The calling sequence calls stream comprising SQL and Framework layer functions.
6. a kind of Android malware detection method based on the monitoring of function flow key point according to claim 3, it is special
Levy and be:The static behavior analysis module to AndroidMainfest.xml scan, to register sensing assembly Service,
Receivers or permissions are recorded.
7. a kind of Android malware detection method based on the monitoring of function flow key point according to claim 1, it is special
Levy and be:Behavior execution flow is recorded described in step 2 to be included:The function flow calling sequence that record application behavior is performed, to function
Call flow tree shape structure sensitive API and called in detail accordingly using components such as Service, Receivers, permissions
Invoke, return in sequence etc. are recorded.
8. a kind of Android malware detection method based on the monitoring of function flow key point according to claim 1, it is special
Levy and be:Integrated Static behavioural analysis described in step 3 and reduction application dynamic behaviour, obtain the crucial stream calling sequence of function
Method is:Document misregistration on hard disk is obtained by address behind invoke, according to corresponding module base after each dynamic load
Location obtains the entry address of function plus document misregistration, and the end address of discriminant function is instructed by return;In function entrance
Plus insert monitoring transfer code at offset address, it is underway turn first saving scene environment before device is set, insertion transfer code,
Perform proxy function, obtain the site environment values such as register, stack;Reconstruction shows after obtaining all values in function current environment
Into environment;When program runs to last function, android system carries out end operation, release operating system money to function
Source.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710006412.XA CN106845234A (en) | 2017-01-05 | 2017-01-05 | A kind of Android malware detection method based on the monitoring of function flow key point |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710006412.XA CN106845234A (en) | 2017-01-05 | 2017-01-05 | A kind of Android malware detection method based on the monitoring of function flow key point |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106845234A true CN106845234A (en) | 2017-06-13 |
Family
ID=59116808
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710006412.XA Pending CN106845234A (en) | 2017-01-05 | 2017-01-05 | A kind of Android malware detection method based on the monitoring of function flow key point |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106845234A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107608849A (en) * | 2017-08-10 | 2018-01-19 | 中国科学院软件研究所 | A kind of method for quickly identifying and system towards Android APP encrypted contents |
| CN107844687A (en) * | 2017-11-22 | 2018-03-27 | 上海勋立信息科技有限公司 | A kind of Android information intercepting method and device |
| CN109829312A (en) * | 2019-01-29 | 2019-05-31 | 北京启明星辰信息安全技术有限公司 | JAVA leak detection method and detection system based on call chain |
| CN111382424A (en) * | 2018-12-27 | 2020-07-07 | 全球能源互联网研究院有限公司 | Mobile application sensitive behavior detection method and system based on controlled environment |
| CN109558304B (en) * | 2017-09-27 | 2020-10-30 | 北京邮电大学 | Component association analysis method and device and electronic equipment |
| CN113392416A (en) * | 2021-06-28 | 2021-09-14 | 北京恒安嘉新安全技术有限公司 | Method, device, equipment and storage medium for acquiring application program encryption and decryption data |
| CN113672902A (en) * | 2021-08-31 | 2021-11-19 | 挂号网(杭州)科技有限公司 | Application program detection method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7703081B1 (en) * | 2005-09-22 | 2010-04-20 | Symantec Corporation | Fast system call hooking on x86-64 bit windows XP platforms |
| CN104809397A (en) * | 2015-05-12 | 2015-07-29 | 上海斐讯数据通信技术有限公司 | Android malicious software detection method and system based on dynamic monitoring |
-
2017
- 2017-01-05 CN CN201710006412.XA patent/CN106845234A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7703081B1 (en) * | 2005-09-22 | 2010-04-20 | Symantec Corporation | Fast system call hooking on x86-64 bit windows XP platforms |
| CN104809397A (en) * | 2015-05-12 | 2015-07-29 | 上海斐讯数据通信技术有限公司 | Android malicious software detection method and system based on dynamic monitoring |
Non-Patent Citations (3)
| Title |
|---|
| 刘敏: "基于Android平台的软件行为分析系统的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 李铭: "Android平台下基于行为的恶意代码检测技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 邱凌志: "Android应用程序安全的分析方法研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107608849A (en) * | 2017-08-10 | 2018-01-19 | 中国科学院软件研究所 | A kind of method for quickly identifying and system towards Android APP encrypted contents |
| CN109558304B (en) * | 2017-09-27 | 2020-10-30 | 北京邮电大学 | Component association analysis method and device and electronic equipment |
| CN107844687A (en) * | 2017-11-22 | 2018-03-27 | 上海勋立信息科技有限公司 | A kind of Android information intercepting method and device |
| CN107844687B (en) * | 2017-11-22 | 2021-06-25 | 上海勋立信息科技有限公司 | Android information intercepting method and device |
| CN111382424A (en) * | 2018-12-27 | 2020-07-07 | 全球能源互联网研究院有限公司 | Mobile application sensitive behavior detection method and system based on controlled environment |
| CN109829312A (en) * | 2019-01-29 | 2019-05-31 | 北京启明星辰信息安全技术有限公司 | JAVA leak detection method and detection system based on call chain |
| CN109829312B (en) * | 2019-01-29 | 2021-01-01 | 北京启明星辰信息安全技术有限公司 | JAVA vulnerability detection method and detection system based on call chain |
| CN113392416A (en) * | 2021-06-28 | 2021-09-14 | 北京恒安嘉新安全技术有限公司 | Method, device, equipment and storage medium for acquiring application program encryption and decryption data |
| CN113392416B (en) * | 2021-06-28 | 2024-03-22 | 北京恒安嘉新安全技术有限公司 | Method, device, equipment and storage medium for acquiring application program encryption and decryption data |
| CN113672902A (en) * | 2021-08-31 | 2021-11-19 | 挂号网(杭州)科技有限公司 | Application program detection method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106845234A (en) | A kind of Android malware detection method based on the monitoring of function flow key point | |
| CN108133139B (en) | Android malicious application detection system based on multi-operation environment behavior comparison | |
| Sharma et al. | Malicious application detection in android—a systematic literature review | |
| Berthome et al. | Repackaging android applications for auditing access to private data | |
| Tang et al. | A novel hybrid method to analyze security vulnerabilities in android applications | |
| CN104700026A (en) | Detecting JAVA sandbox escaping attacks based on JAVA bytecode instrumentation and JAVA method hooking | |
| CN107766728A (en) | Mobile application security managing device, method and mobile operation safety protection system | |
| Jahanshahi et al. | You shall not pass: Mitigating sql injection attacks on legacy web applications | |
| Cepeda et al. | Feature selection and improving classification performance for malware detection | |
| CN108763924B (en) | Method for controlling access authority of untrusted third party library in android application program | |
| Suarez-Tangil et al. | Thwarting obfuscated malware via differential fault analysis | |
| Lo et al. | Towards an effective and efficient malware detection system | |
| Yang et al. | {Iframes/Popups} Are Dangerous in Mobile {WebView}: Studying and Mitigating Differential Context Vulnerabilities | |
| CN113901465A (en) | Heterogeneous network-based Android malicious software detection method | |
| Pedro et al. | From prompt injections to sql injection attacks: How protected is your llm-integrated web application? | |
| Kandukuru et al. | Android malicious application detection using permission vector and network traffic analysis | |
| Wang et al. | Uncovering and exploiting hidden apis in mobile super apps | |
| CN109697339A (en) | A kind of Android application method for security protection based on dynamic virtual instruction map | |
| Stirparo et al. | In-memory credentials robbery on android phones | |
| CN109284590A (en) | Access method, equipment, storage medium and the device of behavior safety protection | |
| CN103942494B (en) | Method and system for auditing malicious software | |
| Xu et al. | Security analysis and protection based on smali injection for android applications | |
| Niu et al. | Clone analysis and detection in android applications | |
| Myat et al. | Analysis of Android Applications by Using Reverse Engineering Techniques | |
| CN109165509A (en) | The software method of credible measurement, equipment, system and storage medium in real time |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170613 |
|
| RJ01 | Rejection of invention patent application after publication |