CN107330325A - The authentication method and device of application file - Google Patents

The authentication method and device of application file Download PDF

Info

Publication number
CN107330325A
CN107330325A CN201710531799.0A CN201710531799A CN107330325A CN 107330325 A CN107330325 A CN 107330325A CN 201710531799 A CN201710531799 A CN 201710531799A CN 107330325 A CN107330325 A CN 107330325A
Authority
CN
China
Prior art keywords
application file
application
run
generation
dynamic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710531799.0A
Other languages
Chinese (zh)
Inventor
晋晓宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Security Management System Technology Co Ltd
Original Assignee
Beijing Kingsoft Security Management System Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Security Management System Technology Co Ltd filed Critical Beijing Kingsoft Security Management System Technology Co Ltd
Priority to CN201710531799.0A priority Critical patent/CN107330325A/en
Publication of CN107330325A publication Critical patent/CN107330325A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of authentication method of application file and device.Wherein, this method includes:It is determined that the auth type identified application file, wherein, the auth type includes:Dynamic identification and static identification;According to the auth type of determination, application file is identified, qualification result is obtained.The present invention solves the technical problem that can not carry out effectively completely identifying to the application file of mobile end equipment in correlation technique, improves Consumer's Experience.

Description

The authentication method and device of application file
Technical field
The present invention relates to computer network field, in particular to the authentication method and device of a kind of application file.
Background technology
In the related art, the problem of whether having potential safety hazard for application file, generally, can find After suspicious application file, these suspicious application files can be uploaded to security centre, by above-mentioned suspicious application file with by The suspicious application file feature occurred before is simply compared, specifically, that is to say the feature of suspicious application file It is compared, can not be looked in feature samples storehouse for some with the feature samples storehouse of existing suspicious application file feature composition To may be matched suspicious application file, manual analysis will be carried out, using manual analysis, it is necessary to which monitoring these in real time can Doubtful application file, so as to can cause that time-consuming, wastes substantial amounts of manpower, in addition, using people's work point to a certain extent Analysis may have some errors, can cause the incomplete problem of identification to application file.
For it is above-mentioned the problem of, effective solution is not yet proposed at present.
The content of the invention
The embodiments of the invention provide a kind of authentication method of application file and device, at least to solve nothing in correlation technique The technical problem that method to the application file of mobile end equipment effectively completely identify.
One side according to embodiments of the present invention there is provided a kind of authentication method of application file, including:It is determined that correspondence The auth type identified with file, wherein, auth type includes:Dynamic identification and static identification;According to the identification of determination Type, is identified application file, obtains qualification result.
Alternatively, according to the auth type of determination, application file is identified, obtaining qualification result includes:It is determined that Auth type for static identification in the case of, read the attribute information of application file;According to the attribute information of reading, generation should Static probation report under the scene not being run with file.
Alternatively, according to the attribute information of reading, the static probation report under the scene that generation application file is not run Including:Application corresponding to application file carries out decompiling, generates the source code of application, and source code is carried out to check acquisition source generation Code inspection result;According to the attribute information of reading and the source code inspection result obtained, the field that generation application file is not run Static probation report under scape;And/or, the leak present in application corresponding to application file is checked, obtains leak inspection Come to an end fruit;According to the attribute information of reading and the leak inspection result obtained, under the scene that generation application file is not run Static probation report.
Alternatively, according to the auth type of determination, application file is identified, obtaining qualification result includes:It is determined that Auth type for dynamic identification in the case of, obtain operation action information of application file when being run;According to the fortune of acquisition Dynamic probation report under row behavioural information, the scene that generation application file is run.
Alternatively, according to the operation action information of acquisition, the dynamic identification report under the scene that generation application file is run Announcement includes at least one of:The authority applied when being run to the application corresponding to application file is monitored, and obtains authority List, generation includes the dynamic probation report of permissions list;To application file when being run to the application corresponding to application file The read-write operation carried out is recorded, and obtains read-write record, and generation includes the dynamic probation report of read-write record;To practical writing The access operation conducted interviews when application corresponding to part is run to network is recorded, and obtains network access record, generation The dynamic probation report recorded including network access;The interception feelings of picture are intercepted when being run to the application corresponding to application file Condition is recorded, and obtains picture interception record, and generation includes the dynamic probation report of picture interception record.
Another aspect according to embodiments of the present invention, additionally provides a kind of identification apparatus of application file, the application The identification apparatus of file includes:Determining unit, applied to mobile end equipment, for the identification for determining to identify application file Type, wherein, auth type includes:Dynamic identification and static identification;Acquiring unit is right for the auth type according to determination Application file is identified, obtains qualification result.
Alternatively, acquiring unit includes:Read module, for it is determined that auth type for static identification in the case of, Read the attribute information of application file;First generation module, for the attribute information according to reading, generation application file is not transported Static probation report under capable scene.
Alternatively, the first generation module, is additionally operable to carry out decompiling to the corresponding application of application file, generates the source of application Code, carries out checking acquisition source code inspection result to source code;According to the attribute information of reading and the source code inspection obtained As a result, the static probation report under the scene that generation application file is not run;And/or, the first generation module is additionally operable to correspondence Checked with the leak present in the corresponding application of file, obtain leak inspection result;Second generation submodule, for basis Static identification report under the attribute information of reading and the leak inspection result obtained, the scene that generation application file is not run Accuse.
Alternatively, acquiring unit includes:Acquisition module, for it is determined that auth type for dynamic identification in the case of, Obtain operation action information when application file is run;Second generation module, it is raw for the operation action information according to acquisition Dynamic probation report under the scene being run into application file.
Alternatively, the second generation module includes at least one of:3rd generation submodule, for right to application file institute The authority that the application answered is applied when being run is monitored, and obtains permissions list, and generation includes the dynamic identification report of permissions list Accuse;4th generation submodule, the read-write behaviour carried out during for being run to the application corresponding to application file to application file As being recorded, read-write record is obtained, generation includes the dynamic probation report of read-write record;5th generation submodule, for pair The access operation conducted interviews when application corresponding to application file is run to network is recorded, and obtains network access note Record, generation includes the dynamic probation report of network access record;6th generation submodule, for answering corresponding to application file Recorded with the interception situation that picture is intercepted when being run, obtain picture interception record, generation includes picture interception record Dynamic probation report.
Another aspect according to embodiments of the present invention, additionally provides a kind of storage medium, and storage medium includes storage Program, wherein, equipment performs the identification of the application file of above-mentioned any one where controlling storage medium when program is run Method.
Another aspect according to embodiments of the present invention, additionally provides a kind of processor, and processor is used for operation program, Wherein, the authentication method of the application file of above-mentioned middle any one is performed when program is run.
In embodiments of the present invention, the auth type identified using determination application file, wherein, auth type bag Include:Dynamic identification and static identification;Then according to the auth type of determination, to being identified for file, qualification result is obtained, So as to effectively reduce in correlation technique to the drawbacks of the efficiency identified application file is low, and then solve related skill The technical problem effectively completely identified can not be carried out in art to the application file of mobile end equipment, the identification of application file is improved Efficiency, also improves Consumer's Experience.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this hair Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of application file authentication method according to embodiments of the present invention;
Fig. 2 is the schematic diagram of the identification apparatus of application file according to embodiments of the present invention;
Fig. 3 be application file according to embodiments of the present invention identification apparatus in acquiring unit 23 preferred schematic diagram one;
Fig. 4 be application file according to embodiments of the present invention identification apparatus in acquiring unit 23 preferred schematic diagram two; And
Fig. 5 be application file according to embodiments of the present invention identification apparatus in the second generation module 43 preferred signal Figure.
Embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people The every other embodiment that member is obtained under the premise of creative work is not made, should all belong to the model that the present invention is protected Enclose.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, " Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so using Data can exchange in the appropriate case, so as to embodiments of the invention described herein can with except illustrating herein or Order beyond those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover Lid is non-exclusive to be included, for example, the process, method, system, product or the equipment that contain series of steps or unit are not necessarily limited to Those steps or unit clearly listed, but may include not list clearly or for these processes, method, product Or the intrinsic other steps of equipment or unit.
According to embodiments of the present invention there is provided a kind of embodiment of the method for the identification of application file, it is necessary to explanation, The step of flow of accompanying drawing is illustrated can perform in the computer system of such as one group computer executable instructions, also, , in some cases, can be shown to be performed different from order herein although showing logical order in flow charts The step of going out or describe.
One side according to embodiments of the present invention there is provided a kind of authentication method of application file, the application file Authentication method is applied to mobile end equipment, and Fig. 1 is the flow chart of application file authentication method according to embodiments of the present invention, such as schemes Shown in 1, the application file authentication method that should be applied to mobile end equipment comprises the following steps:
Step S102, it is determined that the auth type identified application file, wherein, the auth type includes:Dynamic mirror Fixed and static identification.
Step S104, according to the auth type of determination, is identified application file, obtains qualification result.
By above-mentioned steps, the auth type identified using determination application file, wherein, auth type includes: Dynamic identification and static identification;Then according to the auth type of determination, to being identified for file, qualification result is obtained, from And the technical problem that can not carry out effectively completely identifying to the application file of mobile end equipment in correlation technique is efficiently solved, lead to Cross and application file is classified, and carry out static identification and dynamic identification, be effectively improved and application file is reflected Fixed validity, and integrality, also improve Consumer's Experience.
It should be noted that when application file is under the scene not being run, it is corresponding that application file is reflected Fixed type can be the static auth type identified.Therefore, in the auth type according to determination, application file is reflected It is fixed, when obtaining qualification result, numerous embodiments can be used, for example, can include:It is determined that auth type reflected to be static In the case of fixed, the attribute information of application file is read;According to the attribute information of reading, the field that generation application file is not run Static probation report under scape.Wherein, when the information of the attribute of the application file of reading is not run by application file possibility Including all information, can include:It is read-only:Represent that the application file can not be changed;Hide:Represent this document in systems It is hiding, in default situations, user is it cannot be seen that these files;System:It is a part for operating system to represent this document; Achieve:This document modified mistake before Last Backup is represented, some backup softwares can write from memory these files after standby system That recognizes is set to archive attribute.Here static probation report is that file is deployed inside reading in itself in particular static system Information, forms static probation report.For example, in the static identification report using static authentication method generation mobile terminal Android application Accuse, following information can be included:(1) reports header:1. md5 algorithm values of application file, this value pin within the specific limits It is unique value to different files;2. the original title of file, for example, music, picture, video and audio-visual etc.;3. file Uplink time;4. the judgement threat level of file, for example, threat level is always divided into 5 stars, 5 stars are highest threat level, generation Biao Gaowei files;(2) essential information:It should be noted that the essential information of application file can be including a variety of, for example, can wrap Include at least one of:The file size of application file, the Apply Names of application file, the file bag name of application file, application The date created of file, the md5 values of application file, the file name of application file, the certificate information of application file, application file Certificate md5 values, the SHA-1 of application file, the version information of application file, the qualification result of application file, application file Virus Name etc..
In addition, when the authentication method of selection is static identification, according to the attribute information of reading, generation application file not by Static probation report under the scene of operation can also include some more special information, be exemplified below.For example, correspondence Decompiling is carried out with the corresponding application of file, the source code of application is generated, source code is carried out to check acquisition source code inspection knot Really;It is quiet under the scene that generation application file is not run according to the attribute information of reading and the source code inspection result obtained State probation report.For example, application programming interfaces (Application can be passed through to the corresponding application of some sensitive behaviors Process interface, referred to as API) mode called carries out decompiling, wherein it is desired to explanation, correspondence sensitivity row For API Calls be that implicit Internet is called, leaking data may be caused;Behavior pair can also be kidnapped to some Activity The application answered carries out decompiling by way of API Calls, wherein it is desired to which explanation, corresponding A ctivity kidnaps behavior API Calls may cause the influence that can not be estimated during user behavior is responded;Further for example, corresponding to application file Checked using existing leak, obtain leak inspection result;According to the attribute information of reading and the leak inspection obtained As a result, the static probation report under the scene that generation application file is not run.It should be noted that to application file correspondence Application existing leak when being checked, SQL (Structured Query can be passed through Language, referred to as SQL) mode of injection carries out leak inspection.It should be noted that due to using character string connection side Formula constructing SQL statement, therefore, causes the leak position in injection SQL to there is SQL injection point.Answered to application file is corresponding With carry out decompiling with when checking the leak present in the corresponding application of application file or above-mentioned two situations Combination, will not be described here.Wherein, decompiling, general also referred to as reversely compiling, or computer software reduction engineering, refer to " conversed analysis, research " is carried out by the target program (such as executable program) to other people softwares to work, to derive other people Software product used in the design considerations, some specific feelings such as thinking, principle, structure, algorithm, processing procedure, operation method Source code may be derived under condition.
When being identified when application file is in the state of operation, corresponding auth type should be dynamic identification, for example, According to the auth type of determination, application file is identified, obtaining qualification result can include:It is determined that auth type be In the case of dynamic identification, operation action information when application file is run is obtained;It is raw according to the operation action information of acquisition Dynamic probation report under the scene being run into application file.Wherein, dynamic probation report be by file in background system Independent operating, the user behaviors log of running paper is recorded, and then by a series of analyses, the dynamic probation report of generation.Together Sample can equally include application file essential information included in static report in the dynamic probation report of generation, for example, The file size of application file, the Apply Names of application file, the file bag name of application file, the date created of application file, The md5 values of application file, the file name of application file, the certificate information of application file, the certificate md5 values of application file should With the SHA-1 of file, the version information of application file, the qualification result of application file, the Virus Name of application file etc..When The monitored results of some other behaviors can also so be included, when recording monitored results, some behaviors to monitoring can be included Description, for example, the description to SQL injection behavior, the description kidnapped Activity, to implicit Internet operation behaviors Description etc..
Specifically, according to the operation action information of acquisition, the dynamic identification report under the scene that generation application file is run Accusing can be including a variety of, for example, can include at least one of:Apply when being run to the application corresponding to application file Authority is monitored, and obtains permissions list, and generation includes the dynamic probation report of permissions list, wherein, institute in the permissions list Including authority can be with a variety of, for example, at least one of can be included:Whether the authority that accesses network is allowed, if supported Access the authority of download management (ACCESS_DOWNLOAD_MANAGER), if allow the authority for obtaining mission bit stream, if permit Perhaps the authority of network state is obtained, if allow the authority for obtaining WiFi states, if allow the authority for obtaining exact position, be The no authority for allowing to show system windows, if allow the authority of recording, if allow the authority using vibration, if allow outer Read the authority of storage (READ_EXTERNAL_STORAGE) in portion, if allow the authority for obtaining wrong slightly position, if allow to call out The authority of awake locking, if allow the authority for accessing positioning additional command, if allow to write authority of external storage etc.;Correspondence The read-write operation that application file is carried out is recorded when being run with the application corresponding to file, read-write record is obtained, it is raw Into the dynamic probation report of read-write record is included, for example, the title of record read operation, reads the size of file, and read Path of file etc.;The access operation conducted interviews when being run to the application corresponding to application file to network is recorded, Network access record is obtained, generation includes the dynamic probation report of network access record, for example, the network of record access network Location, access times etc.;The interception situation that picture is intercepted when being run to the application corresponding to application file is recorded, and is schemed Piece interception record, generation includes the dynamic probation report that picture intercepts record, wherein, when interception picture can include operation beginning Picture, the picture in running, the picture after end of run etc..For example, being run to the application corresponding to application file When the authority applied be monitored, obtaining permissions list includes, network access authority, obtain task right, obtain network state, Wake up the authorities such as locking.
The embodiment of the present invention additionally provides a kind of identification apparatus of application file, it is necessary to explanation, the embodiment of the present invention The identification apparatus of application file can be used for performing the authentication method for application file that is provided of the embodiment of the present invention.With Under the identification apparatus of application file provided in an embodiment of the present invention is introduced.
Fig. 2 is the schematic diagram of the identification apparatus of application file according to embodiments of the present invention, as shown in Fig. 2 the practical writing Part identification apparatus includes:Determining unit 21 and acquiring unit 23, are carried out specifically to the identification apparatus of the application file below It is bright.
Determining unit 21, applied to mobile end equipment, for the auth type for determining to identify application file, its In, auth type includes:Dynamic identification and static identification.
Acquiring unit 23, is connected with above-mentioned determining unit 21, and for the auth type according to determination, application file is carried out Identification, obtains qualification result.
By the identification apparatus of application file provided in an embodiment of the present invention, using determining unit 21, applied to mobile terminal Equipment, for the auth type for determining to identify application file, wherein, auth type includes:Dynamic identification and static mirror It is fixed;Acquiring unit 23, for the auth type according to determination, is identified application file, obtains qualification result.And then solve The technical problem that effectively completely identify can not be carried out in correlation technique to the application file of mobile end equipment, by practical writing Part is classified, and carries out static identification and dynamic identification, is effectively improved the validity identified application file, And integrality, also improve Consumer's Experience.
Fig. 3 be application file according to embodiments of the present invention identification apparatus in acquiring unit 23 preferred schematic diagram one, As shown in figure 3, acquiring unit 23 includes:The generation module 33 of read module 31 and first, is carried out to the acquiring unit 23 below Describe in detail.
Read module 31, for it is determined that auth type for static identification in the case of, read the attribute of application file Information;First generation module 33, is connected with above-mentioned read module 31, for the attribute information according to reading, generates application file Static probation report under the scene not being run.
Alternatively, the first generation module 33, is additionally operable to carry out application file corresponding application decompiling, generation application Source code, carries out checking acquisition source code inspection result to source code;According to the attribute information of reading and the source code obtained inspection Come to an end fruit, the static probation report under the scene that generation application file is not run;And/or, the first generation module 33 is additionally operable to Leak present in application corresponding to application file is checked, obtains leak inspection result;Second generation submodule, is used for According to the attribute information of reading and the leak inspection result obtained, the static identification under the scene that generation application file is not run Report.
Fig. 4 be application file according to embodiments of the present invention identification apparatus in acquiring unit 23 preferred schematic diagram two, As shown in figure 4, acquiring unit 23 includes:The generation module 43 of acquisition module 41 and second.The acquiring unit 23 is carried out below Describe in detail.
Acquisition module 41, for it is determined that auth type for dynamic identification in the case of, obtain application file be run When operation action information;Second generation module 43, is connected with above-mentioned acquisition module 41, for being believed according to the operation action of acquisition Dynamic probation report under breath, the scene that generation application file is run.
Fig. 5 be application file according to embodiments of the present invention identification apparatus in the second generation module 43 preferred signal Figure, as shown in figure 5, the second generation module 43 includes at least one of:The 3rd generation generation submodule of submodule the 51, the 4th 53rd, the 5th generation generation submodule 57 of submodule 55 and the 6th.Second generation module 43 is described in detail below.
3rd generation submodule 51, the authority applied during for being run to the application corresponding to application file is supervised Control, obtains permissions list, and generation includes the dynamic probation report of permissions list;4th generation submodule 53, for practical writing The read-write operation that application file is carried out is recorded when application corresponding to part is run, read-write record, generation bag is obtained Include the dynamic probation report of read-write record;5th generation submodule 55, during for being run to the application corresponding to application file The access operation conducted interviews to network is recorded, and obtains network access record, and generation includes the dynamic of network access record Probation report;6th generation submodule 57, intercepts the interception feelings of picture during for being run to the application corresponding to application file Condition is recorded, and obtains picture interception record, and generation includes the dynamic probation report of picture interception record.
Another aspect according to embodiments of the present invention, additionally provides a kind of storage medium, and storage medium includes storage Program, wherein, equipment performs the identification of the application file of above-mentioned any one where controlling storage medium when program is run Method.
Another aspect according to embodiments of the present invention, additionally provides a kind of processor, and processor is used for operation program, Wherein, the authentication method of the application file of above-mentioned middle any one is performed when program is run.
The embodiments of the present invention are for illustration only, and the quality of embodiment is not represented.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment The part of detailed description, may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed technology contents, others can be passed through Mode is realized.Wherein, device embodiment described above is only schematical, such as division of described unit, Ke Yiwei A kind of division of logic function, can there is other dividing mode when actually realizing, such as multiple units or component can combine or Person is desirably integrated into another system, or some features can be ignored, or does not perform.Another, shown or discussed is mutual Between coupling or direct-coupling or communication connection can be the INDIRECT COUPLING or communication link of unit or module by some interfaces Connect, can be electrical or other forms.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On unit.Some or all of unit therein can be selected to realize the purpose of this embodiment scheme according to the actual needs.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used When, it can be stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially The part contributed in other words to prior art or all or part of the technical scheme can be in the form of software products Embody, the computer software product is stored in a storage medium, including some instructions are to cause a computer Equipment (can for personal computer, server or network equipment etc.) perform each embodiment methods described of the invention whole or Part steps.And foregoing storage medium includes:USB flash disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. are various can be with store program codes Medium.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should It is considered as protection scope of the present invention.

Claims (10)

1. a kind of authentication method of application file, it is characterised in that applied to mobile end equipment, including:
It is determined that the auth type identified application file, wherein, the auth type includes:Dynamic identification and static mirror It is fixed;
According to the auth type of determination, the application file is identified, qualification result is obtained.
2. according to the method described in claim 1, it is characterised in that according to the auth type of determination, the application file is entered Row identification, obtaining qualification result includes:
It is determined that the auth type for static identification in the case of, read the attribute information of the application file;
According to the attribute information of reading, the static probation report under the scene that the application file is not run is generated.
3. method according to claim 2, it is characterised in that according to the attribute information of reading, generates the application The static probation report under the scene that file is not run includes:
Application corresponding to the application file carries out decompiling, generates the source code of the application, and the source code is carried out Check and obtain source code inspection result;According to the attribute information of reading and the source code inspection result obtained, generation The static probation report under the scene that the application file is not run;
And/or,
Leak present in application corresponding to the application file is checked, obtains leak inspection result;According to reading The attribute information and the leak inspection result obtained, are generated described quiet under the scene that the application file is not run State probation report.
4. according to the method described in claim 1, it is characterised in that according to the auth type of determination, the application file is entered Row identification, obtaining qualification result includes:
It is determined that the auth type for dynamic identification in the case of, obtain the operation action when application file is run Information;
According to the operation action information of acquisition, the dynamic probation report under the scene that the application file is run is generated.
5. method according to claim 4, it is characterised in that according to the operation action information of acquisition, generation is described Dynamic probation report under the scene that application file is run includes at least one of:
The authority applied when being run to the application corresponding to the application file is monitored, and obtains permissions list, generation bag Include the dynamic probation report of the permissions list;
The read-write operation that the application file is carried out is recorded when being run to the application corresponding to the application file, Read-write record is obtained, generation includes the dynamic probation report of the read-write record;
The access operation conducted interviews when being run to the application corresponding to the application file to network is recorded, and obtains net Network accesses record, and generation includes the dynamic probation report of the network access record;
The interception situation that picture is intercepted when being run to the application corresponding to the application file is recorded, and obtains picture interception Record, generation includes the dynamic probation report of the picture interception record.
6. a kind of identification apparatus of application file, it is characterised in that including:
Determining unit, applied to mobile end equipment, for the auth type for determining to identify application file, wherein, it is described Auth type includes:Dynamic identification and static identification;
Acquiring unit, for the auth type according to determination, is identified the application file, obtains qualification result.
7. device according to claim 6, it is characterised in that the acquiring unit includes:
Read module, for it is determined that the auth type for static identification in the case of, read the category of the application file Property information;
First generation module, for the attribute information according to reading, is generated under the scene that the application file is not run Static probation report.
8. device according to claim 7, it is characterised in that
First generation module, is additionally operable to carry out decompiling to the corresponding application of the application file, generates the application Source code, carries out checking acquisition source code inspection result to the source code;According to the attribute information of reading and acquisition The source code inspection result, generates the static probation report under the scene that the application file is not run;
And/or,
First generation module, is additionally operable to check the leak present in the corresponding application of the application file, obtains Leak inspection result;Second generation submodule, for the attribute information according to reading and the leak inspection knot obtained Really, the static probation report under the scene that the application file is not run is generated.
9. device according to claim 6, it is characterised in that the acquiring unit includes:
Acquisition module, for it is determined that the auth type for dynamic identification in the case of, obtain the application file and transported Operation action information during row;
Second generation module, for the operation action information according to acquisition, generates the scene that the application file is run Under dynamic probation report.
10. device according to claim 9, it is characterised in that second generation module includes at least one of:
3rd generation submodule, the authority applied during for being run to the application corresponding to the application file is monitored, Permissions list is obtained, generation includes the dynamic probation report of the permissions list;
4th generation submodule, is carried out during for being run to the application corresponding to the application file to the application file Read-write operation recorded, obtain read-write record, generation include it is described read-write record dynamic probation report;
5th generation submodule, the access conducted interviews during for being run to the application corresponding to the application file to network Operation is recorded, and obtains network access record, and generation includes the dynamic probation report of the network access record;
6th generation submodule, the interception situation that picture is intercepted during for being run to the application corresponding to the application file is entered Row record, obtains picture interception record, and generation includes the dynamic probation report of the picture interception record.
CN201710531799.0A 2017-06-30 2017-06-30 The authentication method and device of application file Pending CN107330325A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710531799.0A CN107330325A (en) 2017-06-30 2017-06-30 The authentication method and device of application file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710531799.0A CN107330325A (en) 2017-06-30 2017-06-30 The authentication method and device of application file

Publications (1)

Publication Number Publication Date
CN107330325A true CN107330325A (en) 2017-11-07

Family

ID=60197765

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710531799.0A Pending CN107330325A (en) 2017-06-30 2017-06-30 The authentication method and device of application file

Country Status (1)

Country Link
CN (1) CN107330325A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104123501A (en) * 2014-08-06 2014-10-29 厦门大学 Online virus detection method based on assembly of multiple detectors
CN104484607A (en) * 2014-12-16 2015-04-01 上海交通大学 Universal method and universal system for performing safety testing on Android application programs
CN104866763A (en) * 2015-05-28 2015-08-26 天津大学 Permission-based Android malicious software hybrid detection method
CN106845236A (en) * 2017-01-18 2017-06-13 东南大学 A kind of application program various dimensions privacy leakage detection method and system for iOS platforms
CN106874765A (en) * 2017-03-03 2017-06-20 努比亚技术有限公司 A kind of Malware hold-up interception method, device and terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104123501A (en) * 2014-08-06 2014-10-29 厦门大学 Online virus detection method based on assembly of multiple detectors
CN104484607A (en) * 2014-12-16 2015-04-01 上海交通大学 Universal method and universal system for performing safety testing on Android application programs
CN104866763A (en) * 2015-05-28 2015-08-26 天津大学 Permission-based Android malicious software hybrid detection method
CN106845236A (en) * 2017-01-18 2017-06-13 东南大学 A kind of application program various dimensions privacy leakage detection method and system for iOS platforms
CN106874765A (en) * 2017-03-03 2017-06-20 努比亚技术有限公司 A kind of Malware hold-up interception method, device and terminal

Similar Documents

Publication Publication Date Title
US20240121266A1 (en) Malicious script detection
US10154066B1 (en) Context-aware compromise assessment
CN103679031B (en) A kind of immune method and apparatus of file virus
US9697063B2 (en) Allocating data based on hardware faults
CN108133139A (en) A kind of Android malicious application detecting system compared based on more running environment behaviors
CN104992117B (en) The anomaly detection method and behavior model method for building up of HTML5 mobile applications
US10652255B2 (en) Forensic analysis
CN104115117A (en) Automatic synthesis of unit tests for security testing
CN107302586A (en) A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing
CN108334404A (en) The operation method and device of application program
CN110048932A (en) Validation checking method, apparatus, equipment and the storage medium of mail Monitoring function
Martinelli et al. Classifying android malware through subgraph mining
US9191397B2 (en) Extension model for improved parsing and describing protocols
CN111259382A (en) Malicious behavior identification method, device and system and storage medium
CN109783316A (en) The recognition methods and device, storage medium, computer equipment of system security log tampering
CN105760761A (en) Software behavior analyzing method and device
CN115828256B (en) Unauthorized and unauthorized logic vulnerability detection method
CN107330325A (en) The authentication method and device of application file
CN115600201A (en) User account information safety processing method for power grid system software
US11983272B2 (en) Method and system for detecting and preventing application privilege escalation attacks
CN114880667A (en) Script detection method and device
CN111045891B (en) Monitoring method, device, equipment and storage medium based on java multithreading
CN107995198A (en) Information processing method, device, electronic equipment and storage medium
CN110309646A (en) Personal information protecting method, protective device and vehicle
KR20190135752A (en) Method and apparatus for detection ransomware in file systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171107