CN107330325A - The authentication method and device of application file - Google Patents
The authentication method and device of application file Download PDFInfo
- Publication number
- CN107330325A CN107330325A CN201710531799.0A CN201710531799A CN107330325A CN 107330325 A CN107330325 A CN 107330325A CN 201710531799 A CN201710531799 A CN 201710531799A CN 107330325 A CN107330325 A CN 107330325A
- Authority
- CN
- China
- Prior art keywords
- application file
- application
- run
- generation
- dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of authentication method of application file and device.Wherein, this method includes:It is determined that the auth type identified application file, wherein, the auth type includes:Dynamic identification and static identification;According to the auth type of determination, application file is identified, qualification result is obtained.The present invention solves the technical problem that can not carry out effectively completely identifying to the application file of mobile end equipment in correlation technique, improves Consumer's Experience.
Description
Technical field
The present invention relates to computer network field, in particular to the authentication method and device of a kind of application file.
Background technology
In the related art, the problem of whether having potential safety hazard for application file, generally, can find
After suspicious application file, these suspicious application files can be uploaded to security centre, by above-mentioned suspicious application file with by
The suspicious application file feature occurred before is simply compared, specifically, that is to say the feature of suspicious application file
It is compared, can not be looked in feature samples storehouse for some with the feature samples storehouse of existing suspicious application file feature composition
To may be matched suspicious application file, manual analysis will be carried out, using manual analysis, it is necessary to which monitoring these in real time can
Doubtful application file, so as to can cause that time-consuming, wastes substantial amounts of manpower, in addition, using people's work point to a certain extent
Analysis may have some errors, can cause the incomplete problem of identification to application file.
For it is above-mentioned the problem of, effective solution is not yet proposed at present.
The content of the invention
The embodiments of the invention provide a kind of authentication method of application file and device, at least to solve nothing in correlation technique
The technical problem that method to the application file of mobile end equipment effectively completely identify.
One side according to embodiments of the present invention there is provided a kind of authentication method of application file, including:It is determined that correspondence
The auth type identified with file, wherein, auth type includes:Dynamic identification and static identification;According to the identification of determination
Type, is identified application file, obtains qualification result.
Alternatively, according to the auth type of determination, application file is identified, obtaining qualification result includes:It is determined that
Auth type for static identification in the case of, read the attribute information of application file;According to the attribute information of reading, generation should
Static probation report under the scene not being run with file.
Alternatively, according to the attribute information of reading, the static probation report under the scene that generation application file is not run
Including:Application corresponding to application file carries out decompiling, generates the source code of application, and source code is carried out to check acquisition source generation
Code inspection result;According to the attribute information of reading and the source code inspection result obtained, the field that generation application file is not run
Static probation report under scape;And/or, the leak present in application corresponding to application file is checked, obtains leak inspection
Come to an end fruit;According to the attribute information of reading and the leak inspection result obtained, under the scene that generation application file is not run
Static probation report.
Alternatively, according to the auth type of determination, application file is identified, obtaining qualification result includes:It is determined that
Auth type for dynamic identification in the case of, obtain operation action information of application file when being run;According to the fortune of acquisition
Dynamic probation report under row behavioural information, the scene that generation application file is run.
Alternatively, according to the operation action information of acquisition, the dynamic identification report under the scene that generation application file is run
Announcement includes at least one of:The authority applied when being run to the application corresponding to application file is monitored, and obtains authority
List, generation includes the dynamic probation report of permissions list;To application file when being run to the application corresponding to application file
The read-write operation carried out is recorded, and obtains read-write record, and generation includes the dynamic probation report of read-write record;To practical writing
The access operation conducted interviews when application corresponding to part is run to network is recorded, and obtains network access record, generation
The dynamic probation report recorded including network access;The interception feelings of picture are intercepted when being run to the application corresponding to application file
Condition is recorded, and obtains picture interception record, and generation includes the dynamic probation report of picture interception record.
Another aspect according to embodiments of the present invention, additionally provides a kind of identification apparatus of application file, the application
The identification apparatus of file includes:Determining unit, applied to mobile end equipment, for the identification for determining to identify application file
Type, wherein, auth type includes:Dynamic identification and static identification;Acquiring unit is right for the auth type according to determination
Application file is identified, obtains qualification result.
Alternatively, acquiring unit includes:Read module, for it is determined that auth type for static identification in the case of,
Read the attribute information of application file;First generation module, for the attribute information according to reading, generation application file is not transported
Static probation report under capable scene.
Alternatively, the first generation module, is additionally operable to carry out decompiling to the corresponding application of application file, generates the source of application
Code, carries out checking acquisition source code inspection result to source code;According to the attribute information of reading and the source code inspection obtained
As a result, the static probation report under the scene that generation application file is not run;And/or, the first generation module is additionally operable to correspondence
Checked with the leak present in the corresponding application of file, obtain leak inspection result;Second generation submodule, for basis
Static identification report under the attribute information of reading and the leak inspection result obtained, the scene that generation application file is not run
Accuse.
Alternatively, acquiring unit includes:Acquisition module, for it is determined that auth type for dynamic identification in the case of,
Obtain operation action information when application file is run;Second generation module, it is raw for the operation action information according to acquisition
Dynamic probation report under the scene being run into application file.
Alternatively, the second generation module includes at least one of:3rd generation submodule, for right to application file institute
The authority that the application answered is applied when being run is monitored, and obtains permissions list, and generation includes the dynamic identification report of permissions list
Accuse;4th generation submodule, the read-write behaviour carried out during for being run to the application corresponding to application file to application file
As being recorded, read-write record is obtained, generation includes the dynamic probation report of read-write record;5th generation submodule, for pair
The access operation conducted interviews when application corresponding to application file is run to network is recorded, and obtains network access note
Record, generation includes the dynamic probation report of network access record;6th generation submodule, for answering corresponding to application file
Recorded with the interception situation that picture is intercepted when being run, obtain picture interception record, generation includes picture interception record
Dynamic probation report.
Another aspect according to embodiments of the present invention, additionally provides a kind of storage medium, and storage medium includes storage
Program, wherein, equipment performs the identification of the application file of above-mentioned any one where controlling storage medium when program is run
Method.
Another aspect according to embodiments of the present invention, additionally provides a kind of processor, and processor is used for operation program,
Wherein, the authentication method of the application file of above-mentioned middle any one is performed when program is run.
In embodiments of the present invention, the auth type identified using determination application file, wherein, auth type bag
Include:Dynamic identification and static identification;Then according to the auth type of determination, to being identified for file, qualification result is obtained,
So as to effectively reduce in correlation technique to the drawbacks of the efficiency identified application file is low, and then solve related skill
The technical problem effectively completely identified can not be carried out in art to the application file of mobile end equipment, the identification of application file is improved
Efficiency, also improves Consumer's Experience.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of application file authentication method according to embodiments of the present invention;
Fig. 2 is the schematic diagram of the identification apparatus of application file according to embodiments of the present invention;
Fig. 3 be application file according to embodiments of the present invention identification apparatus in acquiring unit 23 preferred schematic diagram one;
Fig. 4 be application file according to embodiments of the present invention identification apparatus in acquiring unit 23 preferred schematic diagram two;
And
Fig. 5 be application file according to embodiments of the present invention identification apparatus in the second generation module 43 preferred signal
Figure.
Embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people
The every other embodiment that member is obtained under the premise of creative work is not made, should all belong to the model that the present invention is protected
Enclose.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, "
Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so using
Data can exchange in the appropriate case, so as to embodiments of the invention described herein can with except illustrating herein or
Order beyond those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover
Lid is non-exclusive to be included, for example, the process, method, system, product or the equipment that contain series of steps or unit are not necessarily limited to
Those steps or unit clearly listed, but may include not list clearly or for these processes, method, product
Or the intrinsic other steps of equipment or unit.
According to embodiments of the present invention there is provided a kind of embodiment of the method for the identification of application file, it is necessary to explanation,
The step of flow of accompanying drawing is illustrated can perform in the computer system of such as one group computer executable instructions, also,
, in some cases, can be shown to be performed different from order herein although showing logical order in flow charts
The step of going out or describe.
One side according to embodiments of the present invention there is provided a kind of authentication method of application file, the application file
Authentication method is applied to mobile end equipment, and Fig. 1 is the flow chart of application file authentication method according to embodiments of the present invention, such as schemes
Shown in 1, the application file authentication method that should be applied to mobile end equipment comprises the following steps:
Step S102, it is determined that the auth type identified application file, wherein, the auth type includes:Dynamic mirror
Fixed and static identification.
Step S104, according to the auth type of determination, is identified application file, obtains qualification result.
By above-mentioned steps, the auth type identified using determination application file, wherein, auth type includes:
Dynamic identification and static identification;Then according to the auth type of determination, to being identified for file, qualification result is obtained, from
And the technical problem that can not carry out effectively completely identifying to the application file of mobile end equipment in correlation technique is efficiently solved, lead to
Cross and application file is classified, and carry out static identification and dynamic identification, be effectively improved and application file is reflected
Fixed validity, and integrality, also improve Consumer's Experience.
It should be noted that when application file is under the scene not being run, it is corresponding that application file is reflected
Fixed type can be the static auth type identified.Therefore, in the auth type according to determination, application file is reflected
It is fixed, when obtaining qualification result, numerous embodiments can be used, for example, can include:It is determined that auth type reflected to be static
In the case of fixed, the attribute information of application file is read;According to the attribute information of reading, the field that generation application file is not run
Static probation report under scape.Wherein, when the information of the attribute of the application file of reading is not run by application file possibility
Including all information, can include:It is read-only:Represent that the application file can not be changed;Hide:Represent this document in systems
It is hiding, in default situations, user is it cannot be seen that these files;System:It is a part for operating system to represent this document;
Achieve:This document modified mistake before Last Backup is represented, some backup softwares can write from memory these files after standby system
That recognizes is set to archive attribute.Here static probation report is that file is deployed inside reading in itself in particular static system
Information, forms static probation report.For example, in the static identification report using static authentication method generation mobile terminal Android application
Accuse, following information can be included:(1) reports header:1. md5 algorithm values of application file, this value pin within the specific limits
It is unique value to different files;2. the original title of file, for example, music, picture, video and audio-visual etc.;3. file
Uplink time;4. the judgement threat level of file, for example, threat level is always divided into 5 stars, 5 stars are highest threat level, generation
Biao Gaowei files;(2) essential information:It should be noted that the essential information of application file can be including a variety of, for example, can wrap
Include at least one of:The file size of application file, the Apply Names of application file, the file bag name of application file, application
The date created of file, the md5 values of application file, the file name of application file, the certificate information of application file, application file
Certificate md5 values, the SHA-1 of application file, the version information of application file, the qualification result of application file, application file
Virus Name etc..
In addition, when the authentication method of selection is static identification, according to the attribute information of reading, generation application file not by
Static probation report under the scene of operation can also include some more special information, be exemplified below.For example, correspondence
Decompiling is carried out with the corresponding application of file, the source code of application is generated, source code is carried out to check acquisition source code inspection knot
Really;It is quiet under the scene that generation application file is not run according to the attribute information of reading and the source code inspection result obtained
State probation report.For example, application programming interfaces (Application can be passed through to the corresponding application of some sensitive behaviors
Process interface, referred to as API) mode called carries out decompiling, wherein it is desired to explanation, correspondence sensitivity row
For API Calls be that implicit Internet is called, leaking data may be caused;Behavior pair can also be kidnapped to some Activity
The application answered carries out decompiling by way of API Calls, wherein it is desired to which explanation, corresponding A ctivity kidnaps behavior
API Calls may cause the influence that can not be estimated during user behavior is responded;Further for example, corresponding to application file
Checked using existing leak, obtain leak inspection result;According to the attribute information of reading and the leak inspection obtained
As a result, the static probation report under the scene that generation application file is not run.It should be noted that to application file correspondence
Application existing leak when being checked, SQL (Structured Query can be passed through
Language, referred to as SQL) mode of injection carries out leak inspection.It should be noted that due to using character string connection side
Formula constructing SQL statement, therefore, causes the leak position in injection SQL to there is SQL injection point.Answered to application file is corresponding
With carry out decompiling with when checking the leak present in the corresponding application of application file or above-mentioned two situations
Combination, will not be described here.Wherein, decompiling, general also referred to as reversely compiling, or computer software reduction engineering, refer to
" conversed analysis, research " is carried out by the target program (such as executable program) to other people softwares to work, to derive other people
Software product used in the design considerations, some specific feelings such as thinking, principle, structure, algorithm, processing procedure, operation method
Source code may be derived under condition.
When being identified when application file is in the state of operation, corresponding auth type should be dynamic identification, for example,
According to the auth type of determination, application file is identified, obtaining qualification result can include:It is determined that auth type be
In the case of dynamic identification, operation action information when application file is run is obtained;It is raw according to the operation action information of acquisition
Dynamic probation report under the scene being run into application file.Wherein, dynamic probation report be by file in background system
Independent operating, the user behaviors log of running paper is recorded, and then by a series of analyses, the dynamic probation report of generation.Together
Sample can equally include application file essential information included in static report in the dynamic probation report of generation, for example,
The file size of application file, the Apply Names of application file, the file bag name of application file, the date created of application file,
The md5 values of application file, the file name of application file, the certificate information of application file, the certificate md5 values of application file should
With the SHA-1 of file, the version information of application file, the qualification result of application file, the Virus Name of application file etc..When
The monitored results of some other behaviors can also so be included, when recording monitored results, some behaviors to monitoring can be included
Description, for example, the description to SQL injection behavior, the description kidnapped Activity, to implicit Internet operation behaviors
Description etc..
Specifically, according to the operation action information of acquisition, the dynamic identification report under the scene that generation application file is run
Accusing can be including a variety of, for example, can include at least one of:Apply when being run to the application corresponding to application file
Authority is monitored, and obtains permissions list, and generation includes the dynamic probation report of permissions list, wherein, institute in the permissions list
Including authority can be with a variety of, for example, at least one of can be included:Whether the authority that accesses network is allowed, if supported
Access the authority of download management (ACCESS_DOWNLOAD_MANAGER), if allow the authority for obtaining mission bit stream, if permit
Perhaps the authority of network state is obtained, if allow the authority for obtaining WiFi states, if allow the authority for obtaining exact position, be
The no authority for allowing to show system windows, if allow the authority of recording, if allow the authority using vibration, if allow outer
Read the authority of storage (READ_EXTERNAL_STORAGE) in portion, if allow the authority for obtaining wrong slightly position, if allow to call out
The authority of awake locking, if allow the authority for accessing positioning additional command, if allow to write authority of external storage etc.;Correspondence
The read-write operation that application file is carried out is recorded when being run with the application corresponding to file, read-write record is obtained, it is raw
Into the dynamic probation report of read-write record is included, for example, the title of record read operation, reads the size of file, and read
Path of file etc.;The access operation conducted interviews when being run to the application corresponding to application file to network is recorded,
Network access record is obtained, generation includes the dynamic probation report of network access record, for example, the network of record access network
Location, access times etc.;The interception situation that picture is intercepted when being run to the application corresponding to application file is recorded, and is schemed
Piece interception record, generation includes the dynamic probation report that picture intercepts record, wherein, when interception picture can include operation beginning
Picture, the picture in running, the picture after end of run etc..For example, being run to the application corresponding to application file
When the authority applied be monitored, obtaining permissions list includes, network access authority, obtain task right, obtain network state,
Wake up the authorities such as locking.
The embodiment of the present invention additionally provides a kind of identification apparatus of application file, it is necessary to explanation, the embodiment of the present invention
The identification apparatus of application file can be used for performing the authentication method for application file that is provided of the embodiment of the present invention.With
Under the identification apparatus of application file provided in an embodiment of the present invention is introduced.
Fig. 2 is the schematic diagram of the identification apparatus of application file according to embodiments of the present invention, as shown in Fig. 2 the practical writing
Part identification apparatus includes:Determining unit 21 and acquiring unit 23, are carried out specifically to the identification apparatus of the application file below
It is bright.
Determining unit 21, applied to mobile end equipment, for the auth type for determining to identify application file, its
In, auth type includes:Dynamic identification and static identification.
Acquiring unit 23, is connected with above-mentioned determining unit 21, and for the auth type according to determination, application file is carried out
Identification, obtains qualification result.
By the identification apparatus of application file provided in an embodiment of the present invention, using determining unit 21, applied to mobile terminal
Equipment, for the auth type for determining to identify application file, wherein, auth type includes:Dynamic identification and static mirror
It is fixed;Acquiring unit 23, for the auth type according to determination, is identified application file, obtains qualification result.And then solve
The technical problem that effectively completely identify can not be carried out in correlation technique to the application file of mobile end equipment, by practical writing
Part is classified, and carries out static identification and dynamic identification, is effectively improved the validity identified application file,
And integrality, also improve Consumer's Experience.
Fig. 3 be application file according to embodiments of the present invention identification apparatus in acquiring unit 23 preferred schematic diagram one,
As shown in figure 3, acquiring unit 23 includes:The generation module 33 of read module 31 and first, is carried out to the acquiring unit 23 below
Describe in detail.
Read module 31, for it is determined that auth type for static identification in the case of, read the attribute of application file
Information;First generation module 33, is connected with above-mentioned read module 31, for the attribute information according to reading, generates application file
Static probation report under the scene not being run.
Alternatively, the first generation module 33, is additionally operable to carry out application file corresponding application decompiling, generation application
Source code, carries out checking acquisition source code inspection result to source code;According to the attribute information of reading and the source code obtained inspection
Come to an end fruit, the static probation report under the scene that generation application file is not run;And/or, the first generation module 33 is additionally operable to
Leak present in application corresponding to application file is checked, obtains leak inspection result;Second generation submodule, is used for
According to the attribute information of reading and the leak inspection result obtained, the static identification under the scene that generation application file is not run
Report.
Fig. 4 be application file according to embodiments of the present invention identification apparatus in acquiring unit 23 preferred schematic diagram two,
As shown in figure 4, acquiring unit 23 includes:The generation module 43 of acquisition module 41 and second.The acquiring unit 23 is carried out below
Describe in detail.
Acquisition module 41, for it is determined that auth type for dynamic identification in the case of, obtain application file be run
When operation action information;Second generation module 43, is connected with above-mentioned acquisition module 41, for being believed according to the operation action of acquisition
Dynamic probation report under breath, the scene that generation application file is run.
Fig. 5 be application file according to embodiments of the present invention identification apparatus in the second generation module 43 preferred signal
Figure, as shown in figure 5, the second generation module 43 includes at least one of:The 3rd generation generation submodule of submodule the 51, the 4th
53rd, the 5th generation generation submodule 57 of submodule 55 and the 6th.Second generation module 43 is described in detail below.
3rd generation submodule 51, the authority applied during for being run to the application corresponding to application file is supervised
Control, obtains permissions list, and generation includes the dynamic probation report of permissions list;4th generation submodule 53, for practical writing
The read-write operation that application file is carried out is recorded when application corresponding to part is run, read-write record, generation bag is obtained
Include the dynamic probation report of read-write record;5th generation submodule 55, during for being run to the application corresponding to application file
The access operation conducted interviews to network is recorded, and obtains network access record, and generation includes the dynamic of network access record
Probation report;6th generation submodule 57, intercepts the interception feelings of picture during for being run to the application corresponding to application file
Condition is recorded, and obtains picture interception record, and generation includes the dynamic probation report of picture interception record.
Another aspect according to embodiments of the present invention, additionally provides a kind of storage medium, and storage medium includes storage
Program, wherein, equipment performs the identification of the application file of above-mentioned any one where controlling storage medium when program is run
Method.
Another aspect according to embodiments of the present invention, additionally provides a kind of processor, and processor is used for operation program,
Wherein, the authentication method of the application file of above-mentioned middle any one is performed when program is run.
The embodiments of the present invention are for illustration only, and the quality of embodiment is not represented.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment
The part of detailed description, may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed technology contents, others can be passed through
Mode is realized.Wherein, device embodiment described above is only schematical, such as division of described unit, Ke Yiwei
A kind of division of logic function, can there is other dividing mode when actually realizing, such as multiple units or component can combine or
Person is desirably integrated into another system, or some features can be ignored, or does not perform.Another, shown or discussed is mutual
Between coupling or direct-coupling or communication connection can be the INDIRECT COUPLING or communication link of unit or module by some interfaces
Connect, can be electrical or other forms.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On unit.Some or all of unit therein can be selected to realize the purpose of this embodiment scheme according to the actual needs.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used
When, it can be stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially
The part contributed in other words to prior art or all or part of the technical scheme can be in the form of software products
Embody, the computer software product is stored in a storage medium, including some instructions are to cause a computer
Equipment (can for personal computer, server or network equipment etc.) perform each embodiment methods described of the invention whole or
Part steps.And foregoing storage medium includes:USB flash disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. are various can be with store program codes
Medium.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.
Claims (10)
1. a kind of authentication method of application file, it is characterised in that applied to mobile end equipment, including:
It is determined that the auth type identified application file, wherein, the auth type includes:Dynamic identification and static mirror
It is fixed;
According to the auth type of determination, the application file is identified, qualification result is obtained.
2. according to the method described in claim 1, it is characterised in that according to the auth type of determination, the application file is entered
Row identification, obtaining qualification result includes:
It is determined that the auth type for static identification in the case of, read the attribute information of the application file;
According to the attribute information of reading, the static probation report under the scene that the application file is not run is generated.
3. method according to claim 2, it is characterised in that according to the attribute information of reading, generates the application
The static probation report under the scene that file is not run includes:
Application corresponding to the application file carries out decompiling, generates the source code of the application, and the source code is carried out
Check and obtain source code inspection result;According to the attribute information of reading and the source code inspection result obtained, generation
The static probation report under the scene that the application file is not run;
And/or,
Leak present in application corresponding to the application file is checked, obtains leak inspection result;According to reading
The attribute information and the leak inspection result obtained, are generated described quiet under the scene that the application file is not run
State probation report.
4. according to the method described in claim 1, it is characterised in that according to the auth type of determination, the application file is entered
Row identification, obtaining qualification result includes:
It is determined that the auth type for dynamic identification in the case of, obtain the operation action when application file is run
Information;
According to the operation action information of acquisition, the dynamic probation report under the scene that the application file is run is generated.
5. method according to claim 4, it is characterised in that according to the operation action information of acquisition, generation is described
Dynamic probation report under the scene that application file is run includes at least one of:
The authority applied when being run to the application corresponding to the application file is monitored, and obtains permissions list, generation bag
Include the dynamic probation report of the permissions list;
The read-write operation that the application file is carried out is recorded when being run to the application corresponding to the application file,
Read-write record is obtained, generation includes the dynamic probation report of the read-write record;
The access operation conducted interviews when being run to the application corresponding to the application file to network is recorded, and obtains net
Network accesses record, and generation includes the dynamic probation report of the network access record;
The interception situation that picture is intercepted when being run to the application corresponding to the application file is recorded, and obtains picture interception
Record, generation includes the dynamic probation report of the picture interception record.
6. a kind of identification apparatus of application file, it is characterised in that including:
Determining unit, applied to mobile end equipment, for the auth type for determining to identify application file, wherein, it is described
Auth type includes:Dynamic identification and static identification;
Acquiring unit, for the auth type according to determination, is identified the application file, obtains qualification result.
7. device according to claim 6, it is characterised in that the acquiring unit includes:
Read module, for it is determined that the auth type for static identification in the case of, read the category of the application file
Property information;
First generation module, for the attribute information according to reading, is generated under the scene that the application file is not run
Static probation report.
8. device according to claim 7, it is characterised in that
First generation module, is additionally operable to carry out decompiling to the corresponding application of the application file, generates the application
Source code, carries out checking acquisition source code inspection result to the source code;According to the attribute information of reading and acquisition
The source code inspection result, generates the static probation report under the scene that the application file is not run;
And/or,
First generation module, is additionally operable to check the leak present in the corresponding application of the application file, obtains
Leak inspection result;Second generation submodule, for the attribute information according to reading and the leak inspection knot obtained
Really, the static probation report under the scene that the application file is not run is generated.
9. device according to claim 6, it is characterised in that the acquiring unit includes:
Acquisition module, for it is determined that the auth type for dynamic identification in the case of, obtain the application file and transported
Operation action information during row;
Second generation module, for the operation action information according to acquisition, generates the scene that the application file is run
Under dynamic probation report.
10. device according to claim 9, it is characterised in that second generation module includes at least one of:
3rd generation submodule, the authority applied during for being run to the application corresponding to the application file is monitored,
Permissions list is obtained, generation includes the dynamic probation report of the permissions list;
4th generation submodule, is carried out during for being run to the application corresponding to the application file to the application file
Read-write operation recorded, obtain read-write record, generation include it is described read-write record dynamic probation report;
5th generation submodule, the access conducted interviews during for being run to the application corresponding to the application file to network
Operation is recorded, and obtains network access record, and generation includes the dynamic probation report of the network access record;
6th generation submodule, the interception situation that picture is intercepted during for being run to the application corresponding to the application file is entered
Row record, obtains picture interception record, and generation includes the dynamic probation report of the picture interception record.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710531799.0A CN107330325A (en) | 2017-06-30 | 2017-06-30 | The authentication method and device of application file |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710531799.0A CN107330325A (en) | 2017-06-30 | 2017-06-30 | The authentication method and device of application file |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107330325A true CN107330325A (en) | 2017-11-07 |
Family
ID=60197765
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710531799.0A Pending CN107330325A (en) | 2017-06-30 | 2017-06-30 | The authentication method and device of application file |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107330325A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104123501A (en) * | 2014-08-06 | 2014-10-29 | 厦门大学 | Online virus detection method based on assembly of multiple detectors |
CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
CN104866763A (en) * | 2015-05-28 | 2015-08-26 | 天津大学 | Permission-based Android malicious software hybrid detection method |
CN106845236A (en) * | 2017-01-18 | 2017-06-13 | 东南大学 | A kind of application program various dimensions privacy leakage detection method and system for iOS platforms |
CN106874765A (en) * | 2017-03-03 | 2017-06-20 | 努比亚技术有限公司 | A kind of Malware hold-up interception method, device and terminal |
-
2017
- 2017-06-30 CN CN201710531799.0A patent/CN107330325A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104123501A (en) * | 2014-08-06 | 2014-10-29 | 厦门大学 | Online virus detection method based on assembly of multiple detectors |
CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
CN104866763A (en) * | 2015-05-28 | 2015-08-26 | 天津大学 | Permission-based Android malicious software hybrid detection method |
CN106845236A (en) * | 2017-01-18 | 2017-06-13 | 东南大学 | A kind of application program various dimensions privacy leakage detection method and system for iOS platforms |
CN106874765A (en) * | 2017-03-03 | 2017-06-20 | 努比亚技术有限公司 | A kind of Malware hold-up interception method, device and terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20240121266A1 (en) | Malicious script detection | |
US10154066B1 (en) | Context-aware compromise assessment | |
CN103679031B (en) | A kind of immune method and apparatus of file virus | |
US9697063B2 (en) | Allocating data based on hardware faults | |
CN108133139A (en) | A kind of Android malicious application detecting system compared based on more running environment behaviors | |
CN104992117B (en) | The anomaly detection method and behavior model method for building up of HTML5 mobile applications | |
US10652255B2 (en) | Forensic analysis | |
CN104115117A (en) | Automatic synthesis of unit tests for security testing | |
CN107302586A (en) | A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing | |
CN108334404A (en) | The operation method and device of application program | |
CN110048932A (en) | Validation checking method, apparatus, equipment and the storage medium of mail Monitoring function | |
Martinelli et al. | Classifying android malware through subgraph mining | |
US9191397B2 (en) | Extension model for improved parsing and describing protocols | |
CN111259382A (en) | Malicious behavior identification method, device and system and storage medium | |
CN109783316A (en) | The recognition methods and device, storage medium, computer equipment of system security log tampering | |
CN105760761A (en) | Software behavior analyzing method and device | |
CN115828256B (en) | Unauthorized and unauthorized logic vulnerability detection method | |
CN107330325A (en) | The authentication method and device of application file | |
CN115600201A (en) | User account information safety processing method for power grid system software | |
US11983272B2 (en) | Method and system for detecting and preventing application privilege escalation attacks | |
CN114880667A (en) | Script detection method and device | |
CN111045891B (en) | Monitoring method, device, equipment and storage medium based on java multithreading | |
CN107995198A (en) | Information processing method, device, electronic equipment and storage medium | |
CN110309646A (en) | Personal information protecting method, protective device and vehicle | |
KR20190135752A (en) | Method and apparatus for detection ransomware in file systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171107 |