CN107798238A - The detection method and device of malicious application - Google Patents
The detection method and device of malicious application Download PDFInfo
- Publication number
- CN107798238A CN107798238A CN201610806073.9A CN201610806073A CN107798238A CN 107798238 A CN107798238 A CN 107798238A CN 201610806073 A CN201610806073 A CN 201610806073A CN 107798238 A CN107798238 A CN 107798238A
- Authority
- CN
- China
- Prior art keywords
- file
- application
- malicious application
- malicious
- topology
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Abstract
The invention discloses a kind of detection method of malicious application, mainly for the Android malicious application with UI interfaces, based on the analysis to existing malicious application, file content keyword common in malicious application and sensitive permission are predefined, then by detecting in topology file whether include above-mentioned file content keyword and sensitive permission respectively in the word content of control and AndroidManifest.xml configuration files to judge whether an application program is malicious application.Because topology file is unrelated with code, it can effectively evade the bad situation of malicious application Detection results caused by due to the means such as being obscured code, encrypted.The invention also discloses a kind of detection means for application of anticipating.
Description
Technical field
The present invention relates to the detection method and device of field of information security technology, more particularly to malicious application.
Background technology
The detection mode of traditional malicious application is mainly to obtain the content of malicious application path or specific code block, and with it is pre-
If feature is matched, if the match is successful, it is determined that be malicious application.But the producer of malicious application is to disliking
In the continuous maintenance process of application of anticipating, use more obscure, encrypt etc. and resisted processing means, the detection mode based on path
Malicious application can not be effectively detected if obscuring;Detection mode based on code block, for the word string of encryption, Detection results
It is not ideal.In addition, with the continuous development of information technology, the type of malicious application is increasingly enriched, in order to improve application-specific
Malicious application recall rate, it is necessary to work out more detection method and device with targetedly malicious application.
The content of the invention
It is an object of the invention to provide the detection method and device of malicious application, mainly for the Android with UI interfaces
Using can effectively avoid the occurrence of the situation that malicious application can not detect.
To achieve these goals, the invention discloses a kind of detection method of malicious application, comprise the following steps:
Predefined file content keyword and sensitive permission;
The topology file of application is parsed, obtains the word content of control in topology file;
When the word content for detecting control in topology file includes the file content keyword, the application is parsed
AndroidManifest.xml configuration files obtain all permissions of the application, described when detecting
When AndroidManifest.xml configuration files include the sensitive permission, then judge the application for malicious application.
Further, the file content keyword and sensitive permission are obtained by the statistical result applied to a variety of known malicious
.
Further, predefined file content keyword and sensitive permission are updated according to default rule.
To achieve these goals, the invention also discloses a kind of detection means of malicious application, its scheme are as follows:It is a kind of
The detection means of malicious application, including predefined module, parsing module, judge module, wherein:
The predefined module is used to predefine file content keyword and sensitive permission;
The parsing module is used for the topology file for parsing application, obtains the word content of control in topology file, the parsing
Module is additionally operable to parse AndroidManifest.xml configuration files, obtains all permissions of the application;
The judge module is used for when the word content for detecting control in topology file includes the file content keyword,
Judge whether the AndroidManifest.xml configuration files include the sensitive permission according to all permissions of the application,
If comprising judging the application for malicious application.
Further, the presetting module is additionally operable to update predefined file content keyword and quick according to default rule
Feel authority.
For large-scale application, in order to improve detection efficiency, the invention also discloses the detection method of another malicious application,
Comprise the following steps:
Predefined file name key, file content keyword and sensitive permission;
Topology file is parsed, obtains the All Files name of topology file and the word content of control;
Whether the filename for detecting the topology file obtained includes the file name key, if crucial comprising the filename
Word, then file corresponding with file name is directly entered, when detecting that this document includes the file content keyword, parsing
The AndroidManifest.xml configuration files of the application obtain all permissions of the application, described when detecting
When AndroidManifest.xml configuration files include the sensitive permission, judge the application for malicious application;If do not include
Whether the file name key, the then word content that control in topology file is detected according to default rule include the file
Content-keyword, when the word content for detecting control in topology file includes the file content keyword, parsing should answer
AndroidManifest.xml configuration files obtain all permissions of the application, described when detecting
When AndroidManifest.xml configuration files include the sensitive permission, then judge the application for malicious application.
Further, if not including the file name key, the word content detection of control in topology file is traveled through
Whether the file content keyword is included.
Further, predefined file name key, file content keyword and sensitive power are updated according to default rule
Limit.
To achieve these goals, the invention also discloses a kind of detection means of malicious application, its scheme are as follows:
A kind of detection means of malicious application, including predefined module, parsing module, judge module, wherein:The predefined mould
Block is used to predefine file name key, file content keyword and sensitive permission;
The parsing module is used for the topology file for parsing application, obtains in the All Files name of topology file and the word of control
Hold, the parsing module is additionally operable to parse AndroidManifest.xml configuration files, obtains all permissions of the application;
Whether the filename that the judge module is used to detect the topology file obtained includes the file name key, if comprising
The file name key, be then directly entered file corresponding with file name, when detect this document include the file in
Hold keyword, and detect the AndroidManifest.xml configuration files comprising described according to all permissions of the application
Sensitive permission, judge the application for malicious application;If the file name key is not included, when judge module is according to default
The word content that rule detection goes out control in topology file includes the file content keyword, and
When AndroidManifest.xml configuration files include the sensitive permission, judge the application for malicious application.
Further, the module that becheduled for is additionally operable to update predefined file name key, text according to default rule
Part content-keyword and sensitive permission.
Compared with the prior art, the invention has the advantages that:Present invention is generally directed to the Android application with UI interfaces,
Based on the analysis to existing malicious application, file content keyword common in malicious application and sensitive permission are predefined, so
Whether wrapped respectively in the word content of control and AndroidManifest.xml configuration files by detecting in topology file afterwards
Judge whether an application program is malicious application containing above-mentioned file content keyword and sensitive permission.Due to topology file with
Code is unrelated, and it is bad can effectively to evade malicious application Detection results caused by due to the means such as being obscured code, encrypted
Situation.
Brief description of the drawings
Fig. 1 is a kind of flow chart of malicious application detection method of the present invention.
Fig. 2 is a kind of structural representation of malicious application detection means of the present invention.
Fig. 3 is the flow chart of another malicious application detection method of the present invention.
Fig. 4 is the structural representation of another malicious application detection means of the present invention.
Embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, the present invention is made below in conjunction with accompanying drawing into
One step it is described in detail.
Although the step in the present invention is arranged with label, it is not used to limit the precedence of step, unless
It specify that the order of step or based on the execution of certain step needs other steps, otherwise the relative rank of step is
It is adjustable.
Present invention is generally directed to UI interfaces(User Interface, user interface)Android application, including extort
Using, privacy steal using etc..In general is extorted forces top set user can not carry out other operations using by interface, from
And implement to extort behavior;Privacy steal using it is common be by Gao Fang social software to borrow face, as QQ interfaces, Alipay interface and
Bank client login interface induces the user to input account and password so as to obtain privacy of user.The common feature of these applications
It is to be respectively provided with specific interface, specific character content is often included such as " user cipher please be input " on the specific interface, and typically
Also need to realize sensitive permission such as activation equipment manager authority, authority of sending short messages etc. of malicious operation with reference to some.It is above-mentioned
Specific interface all realizes that topology file is unrelated with code by topology file, can effectively evade due to entering to code
Row such as obscures, encrypted at the bad situation of malicious application Detection results caused by means.The present invention is according to the malice with UI interfaces
Using possessed feature, the detection of malicious application is realized from the angle of topology file and sensitive permission.
Embodiment 1
As shown in figure 1, the detection method of the malicious application of the present invention comprises the following steps:
S01, predefine file content keyword and sensitive permission.
The a variety of malicious applications being currently known are counted and then obtain predefined file content keyword and sensitivity
Authority.
The file content keyword of in general malicious application topology file includes:" unblock ", " unlocking pin ", " unblock sequence
Row number ", " by locking ", " mobile phone is locked ", " QQ accounts ", " Alipay account ", " bank card account number ", " credit card account ", " social security
Account etc. ".
Sensitive permission includes:Activation equipment manager authority(android.app.device_admin 、
android.app.action.DEVICE_ADMIN_ENABLE), authority of sending short messages(android.permission.SEND_
SMS)Deng.
Table 1 shows several frequently seen malicious application operation:
Table 1
Content+authority of topology file | Operation |
Credit card account+android.permission.SEND_SMS | Credit card account is sent in the form of short message |
By lock+android.app.action.DEVICE_ADMIN_ENABLED | Activation equipment manager |
Certainly, because the producer of malicious application can constantly update to malicious application, therefore file content keyword and quick
Sense authority is probably change, it is necessary to update predefined file content keyword and sensitive permission.The method of renewal includes the cycle
Property renewal or according to actual conditions actively addition etc..
S02, the topology file of application is parsed, obtain the word content of control in topology file.
Reverse, the word content of control in acquisition topology file is carried out to the Android application program.Topology file is peace
The common method of view defined in tall and erect system, is stored under res/layout files.In this manual, by res/layout
File in file is referred to as topology file, and the topology file is by defining the different attribute of control, to determine different controls
Display and arrangement effect.
Whether S03, the word content for detecting control in topology file include the file content keyword.
The present invention combines detection sensitive permission to determine malicious application based on detecting file content keyword.According to pre-
If method, as preamble traversal S02 obtains the content of topology file, whether detection this document includes the predefined texts of S01 institutes
Part content-keyword.If the word content of control includes the file content keyword in topology file, step S031 is performed,
Otherwise judge the application for non-malicious application.
S031, the AndroidManifest.xml configuration files of the application are parsed, obtain all permissions of the application, when
When detecting that the AndroidManifest.xml configuration files include predefined sensitive permission in S01, then judge to answer
With for malicious application.
If the word content of control includes the file content keyword in topology file, but
AndroidManifest.xml configuration files do not include predefined sensitive permission, in order to improve the accuracy of detection, typically
Need to combine other detection modes or the application is directly judged as non-malicious application.
Present invention is generally directed to the Android application with UI interfaces, based on the analysis to existing malicious application, predefine
Common file content keyword and sensitive permission in malicious application, then by detecting the word content of control in topology file
Whether and predefined file content keyword and sensitive permission are included respectively in AndroidManifest.xml configuration files
To judge whether an application program is malicious application.Because topology file is unrelated with code, can effectively evade due to generation
Code such as is obscured, encrypted at the bad situation of malicious application Detection results caused by means.
Embodiment 2
Present invention also offers a kind of detection means of malicious application, as shown in Fig. 2 the detection means of malicious application includes always
Predefined module 10, parsing module 20, judge module 30, wherein:
Predefined module 10 is used to predefine file content keyword and sensitive permission.
The file content keyword of malicious application topology file generally comprises:" unblock ", " unlocking pin ", " unblock sequence
Number ", " by locking ", " mobile phone is locked ", " QQ accounts ", " Alipay account ", " bank card account number ", " credit card account ", " social security account
Number etc. ".
Sensitive permission includes:Activation equipment manager authority(android.app.device_admin 、
android.app.action.DEVICE_ADMIN_ENABLE), authority of sending short messages(android.permission.SEND_
SMS)Deng.
Because the producer of malicious application can constantly update to malicious application, file content keyword and sensitive permission
It is probably change, therefore the predefined module 10 is additionally operable to update the predefined file content keyword according to default rule
And sensitive permission.
Parsing module 20 is used for the topology file for parsing application, obtains the word content of control in topology file, and solution
AndroidManifest.xml configuration files are analysed, obtain all permissions of the application.
Whether the word content that judge module 30 is used to detect control in topology file includes the predefined file content
Keyword, continue whether to judge the AndroidManifest.xml configuration files if comprising the file content keyword
Comprising the sensitive permission, if comprising the sensitive permission, judge the application for malicious application.
If for example, detect that the content of topology file includes " credit card account ", and AndroidManifest.xml matches somebody with somebody
Put file and include " android.permission.SEND_SMS ", then judge there is send credit card account in the form of short message
Malicious act, therefore judge the application for malicious application.
It should be understood that the present invention judges to dislike based on detecting file content keyword in combination with sensitive permission
Meaning application, therefore, the word content that control in topology file is detected when judge module 30 are crucial not comprising predefined file content
During word, then judge the application for non-malicious application.If it is crucial to include the file content for the word content of control in topology file
Word, but AndroidManifest.xml configuration files do not include predefined sensitive permission, in order to improve the accuracy of detection,
Generally require with reference to other detection modes or the application is judged as non-malicious application.
This detection means is mainly for the Android application with UI interfaces, based on the analysis to existing malicious application, with inspection
Survey based on file content keyword, judge malicious application in combination with sensitive permission.Because topology file is unrelated with code,
Therefore this detection means can effectively evade malicious application Detection results caused by due to the means such as being obscured code, encrypted
Bad situation.
Embodiment 3
When application software is large software, in order to improve detection efficiency, appropriate detection entrance can be designed to improve detection effect
Rate.According to the analysis to current malicious application, the topology file of many malicious applications includes some special filenames, therefore can
First to detect the filename of each file in topology file, to find suitable entrance to detect the content of each topology file.With reference to
Fig. 3, the detection method are as follows:
S ' 01, predefine file name key, file content keyword and sensitive permission.
The a variety of malicious applications being currently known are counted, and then predefined file name key, file content are crucial
Word and sensitive permission.
The file name key of malicious application topology file generally comprises:“lock”、“admin”、“device”、
" DEVICE_ADMIN ", " device-admin " etc..
The file content keyword of topology file includes:" unblock ", " unlocking pin ", " unblock sequence number ", " by locking ",
" mobile phone is locked ", " QQ accounts ", " Alipay account ", " bank card account number ", " credit card account ", " social security account etc. ".
Sensitive permission includes:Activation equipment manager authority(android.app.device_admin 、
android.app.action.DEVICE_ADMIN_ENABLE), authority of sending short messages(android.permission.SEND_
SMS)Deng.
Table 2 shows a kind of common malicious application operation:
Table 2
Content+authority of topology file name+topology file | Operation |
Lock+ unblocks+android.app.action.DEVICE_ADMIN_ENABLED | Activation equipment manager |
It should be understood that file name key, file content keyword and sensitive permission be also required to be periodically updated or
Actively added according to actual conditions.
S ' 02, the topology file of application is parsed, obtain the All Files name of topology file and the word content of control.
S ' 03, whether the filename for detecting the topology file of acquisition includes the file name key, if including the text
Part name keyword, then step S ' 031 is carried out, otherwise carry out step S ' 032.
S ' 031, is directly entered file corresponding with file name, preferentially detects whether in this document pre- comprising the institutes of S ' 01
The file content keyword of definition.When detecting that this document includes the file content keyword, step S ' 033 is carried out, it is no
Then it is judged as non-malicious program.
The content for the topology file that S ' 032, order traversal S ' 02 are obtained, detect whether comprising the predefined file of the institutes of S ' 01
Content-keyword, if comprising carrying out step S ' 033, be otherwise judged as non-malicious program.
S ' 033, the AndroidManifest.xml configuration files for parsing the application obtain all permissions of the application, and
Judge whether the AndroidManifest.xml configuration files include predefined sensitive permission in S ' 01.If
The sensitive permission is included in AndroidManifest.xml, then judges the application for malicious application, otherwise judges that the application is
Non-malicious application.
For example, the file for the topology file that S ' 02 is obtained is entitled " lockYourPhone ", it includes predefined filename
Keyword " lock ", therefore, preferentially detected whether in " lockYourPhone " file comprising in the predefined file of the institutes of S ' 01
Hold keyword.This method is used as the inspection for detecting entrance and improving malicious application by the file name key of special topology file
Survey efficiency.
Embodiment 4
For large-scale application software, in order to improve detection efficiency, present invention also offers a kind of detection means of malicious application, such as
Shown in Fig. 4, the detection means of malicious application includes predefined module 10 ', parsing module 20 ', judge module 30 ' always, wherein:
Predefined module 10 ' is used to predefine file name key, file content keyword and sensitive permission.
The file name key of malicious application topology file generally comprise " lock ", " admin ", " device ",
" DEVICE_ADMIN ", " device-admin " etc..
The file content keyword of topology file includes:" unblock ", " unlocking pin ", " unblock sequence number ", " by locking ",
" mobile phone is locked ", " QQ accounts ", " Alipay account ", " bank card account number ", " credit card account ", " social security account " etc..
Sensitive permission includes:Activation equipment manager authority(android.app.device_admin 、
android.app.action.DEVICE_ADMIN_ENABLE), authority of sending short messages(android.permission.SEND_
SMS)Deng.
Because the producer of malicious application can constantly update to malicious application, file content keyword and sensitive permission
Be probably change, thus the predefined module 10 ' be additionally operable to according to default rule update the predefined file name key,
File content keyword and sensitive permission.
Parsing module 10 ' is used for the topology file for parsing application, obtains the All Files name of topology file and the text of control
Word content, the parsing module 10 ' are additionally operable to parse AndroidManifest.xml configuration files, obtain all of the application
Authority.
Judge module 30 ' can directly judge to apply as malicious application in both cases.
(1)Whether the filename for detecting the topology file obtained includes the file name key, if including the file
Name keyword, then be directly entered file corresponding with file name, when detecting that this document includes the file content keyword,
And detect that the AndroidManifest.xml configuration files include the sensitive permission according to all permissions of the application
When, judge the application for malicious application.
(2)Although the filename of topology file does not include the file name key, when judge module 30 ' is according to default
Rule(Such as preamble traversal, inorder traversal or each topology file of postorder traversal)Detect the word content of control in topology file
Comprising the file content keyword, and when AndroidManifest.xml configuration files include the sensitive permission, judge
The application is malicious application.
This detection means is mainly for the Android application with UI interfaces, based on the analysis to existing malicious application, with inspection
Survey based on file content keyword, judge malicious application in combination with sensitive permission.Therefore, when application to be detected comprising
When file content keyword and sensitive permission, just judge it for malicious application.In the present embodiment, based on to existing malicious application
A large amount of analyses, have directiveness thinks that the probability of predefined file content keyword occurs in file corresponding to some filenames
Greatly, therefore the preferential filename for detecting topology file can effectively improve the detection efficiency of malicious application.
Some embodiments of the present invention have shown and described in described above, but as previously described, it should be understood that the present invention is not
Form disclosed herein is confined to, is not to be taken as the exclusion to other embodiment, and available for various other combinations, modification
And environment, and can be carried out in the scope of the invention is set forth herein by the technology or knowledge of above-mentioned teaching or association area
Change., then all should be in institute of the present invention and the change and change that those skilled in the art are carried out do not depart from the spirit and scope of the present invention
In attached scope of the claims.
Claims (9)
1. a kind of detection method of malicious application, applied to the Android application with UI interfaces, it is characterised in that the malice should
Detection method comprises the following steps:
Predefined file content keyword and sensitive permission;
The topology file of application is parsed, obtains the word content of control in topology file;
When the word content for detecting control in topology file includes the file content keyword, the application is parsed
AndroidManifest.xml configuration files obtain all permissions of the application, described when detecting
When AndroidManifest.xml configuration files include the sensitive permission, then judge the application for malicious application.
2. the detection method of malicious application as claimed in claim 1, it is characterised in that the file content keyword and sensitivity
Authority is obtained by the statistical result applied to a variety of known malicious.
3. the detection method of malicious application as claimed in claim 1, it is characterised in that the detection method is according to default rule
Then update predefined file content keyword and sensitive permission.
4. a kind of detection means of malicious application, has used the detection method of malicious application as claimed in claim 1, its feature
It is, the detection means of the malicious application includes predefined module, parsing module, judge module, wherein:
The predefined module is used to predefine file content keyword and sensitive permission;
The parsing module is used for the topology file for parsing application, obtains the word content of control in topology file, the parsing
Module is additionally operable to parse AndroidManifest.xml configuration files, obtains all permissions of the application;
The judge module is used for when the word content for detecting control in topology file includes the file content keyword,
Judge whether the AndroidManifest.xml configuration files include the sensitive permission according to all permissions of the application,
If comprising judging the application for malicious application.
5. the detection means of malicious application as claimed in claim 4, it is characterised in that it is described becheduled for module be additionally operable to according to
The predefined file content keyword of default rule renewal and sensitive permission.
6. a kind of detection method of malicious application, applied to the Android application with UI interfaces, it is characterised in that the malice should
Detection method comprises the following steps:
Predefined file name key, file content keyword and sensitive permission;
Topology file is parsed, obtains the All Files name of topology file and the word content of control;
Whether the filename for detecting the topology file obtained includes the file name key, if crucial comprising the filename
Word, then file corresponding with file name is directly entered, when detecting that this document includes the file content keyword, parsing
The AndroidManifest.xml configuration files of the application obtain all permissions of the application, described when detecting
When AndroidManifest.xml configuration files include the sensitive permission, judge the application for malicious application;If do not include
Whether the file name key, the then word content that control in topology file is detected according to default rule include the file
Content-keyword, when the word content for detecting control in topology file includes the file content keyword, parsing should answer
AndroidManifest.xml configuration files obtain all permissions of the application, described when detecting
When AndroidManifest.xml configuration files include the sensitive permission, then judge the application for malicious application.
7. the detection method of malicious application as claimed in claim 6, it is characterised in that the detection method is according to default rule
Then update predefined file name key, file content keyword and sensitive permission.
8. a kind of detection means of malicious application, has used the detection method of malicious application as claimed in claim 6, its feature
It is, the detection means of the malicious application includes predefined module, parsing module, judge module, wherein:
The predefined module is used to predefine file name key, file content keyword and sensitive permission;
The parsing module is used for the topology file for parsing application, obtains in the All Files name of topology file and the word of control
Hold, the parsing module is additionally operable to parse AndroidManifest.xml configuration files, obtains all permissions of the application;
Whether the filename that the judge module is used to detect the topology file obtained includes the file name key, if comprising
The file name key, be then directly entered file corresponding with file name, when detect this document include the file in
Hold keyword, and detect the AndroidManifest.xml configuration files comprising described according to all permissions of the application
During sensitive permission, judge the application for malicious application;If not including the file name key, when judge module is according to default
Rule detection go out the word content of control in topology file and include the file content keyword, and
When AndroidManifest.xml configuration files include the sensitive permission, judge the application for malicious application.
9. the detection means of malicious application as claimed in claim 8, it is characterised in that it is described becheduled for module be additionally operable to according to
Default rule renewal predefined file name key, file content keyword and sensitive permission.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610806073.9A CN107798238A (en) | 2016-09-07 | 2016-09-07 | The detection method and device of malicious application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610806073.9A CN107798238A (en) | 2016-09-07 | 2016-09-07 | The detection method and device of malicious application |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107798238A true CN107798238A (en) | 2018-03-13 |
Family
ID=61529951
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610806073.9A Pending CN107798238A (en) | 2016-09-07 | 2016-09-07 | The detection method and device of malicious application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107798238A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109766692A (en) * | 2018-12-07 | 2019-05-17 | 百度在线网络技术(北京)有限公司 | Judge that privacy calls rational method and apparatus and machine readable storage medium |
CN111259374A (en) * | 2020-01-08 | 2020-06-09 | 苏宁云计算有限公司 | Authority abnormity detection method and device, computer equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103473506A (en) * | 2013-08-30 | 2013-12-25 | 北京奇虎科技有限公司 | Method and device of recognizing malicious APK files |
CN103605920A (en) * | 2013-11-10 | 2014-02-26 | 电子科技大学 | Method and system for dynamic application program safety management based on SEAndroid platform |
CN104462961A (en) * | 2014-12-24 | 2015-03-25 | 北京奇虎科技有限公司 | Mobile terminal and privacy permission optimizing method thereof |
-
2016
- 2016-09-07 CN CN201610806073.9A patent/CN107798238A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103473506A (en) * | 2013-08-30 | 2013-12-25 | 北京奇虎科技有限公司 | Method and device of recognizing malicious APK files |
CN103605920A (en) * | 2013-11-10 | 2014-02-26 | 电子科技大学 | Method and system for dynamic application program safety management based on SEAndroid platform |
CN104462961A (en) * | 2014-12-24 | 2015-03-25 | 北京奇虎科技有限公司 | Mobile terminal and privacy permission optimizing method thereof |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109766692A (en) * | 2018-12-07 | 2019-05-17 | 百度在线网络技术(北京)有限公司 | Judge that privacy calls rational method and apparatus and machine readable storage medium |
CN109766692B (en) * | 2018-12-07 | 2021-07-27 | 百度在线网络技术(北京)有限公司 | Method and device for judging privacy calling rationality and machine-readable storage medium |
CN111259374A (en) * | 2020-01-08 | 2020-06-09 | 苏宁云计算有限公司 | Authority abnormity detection method and device, computer equipment and storage medium |
WO2021139139A1 (en) * | 2020-01-08 | 2021-07-15 | 苏宁云计算有限公司 | Permission abnormality detection method and apparatus, computer device, and storage medium |
CN111259374B (en) * | 2020-01-08 | 2021-10-12 | 南京苏宁加电子商务有限公司 | Authority abnormity detection method and device, computer equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11178148B2 (en) | Out-of-band authentication to access web-service with indication of physical access to client device | |
RU2608243C2 (en) | Method and device for screen and terminal unlocking | |
CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
US10320556B2 (en) | Method, mobile terminal, device, and readable storage medium for preventing accessed data from being tampered with | |
US9917817B1 (en) | Selective encryption of outgoing data | |
US20140282978A1 (en) | Method and apparatus for secure interaction with a computer service provider | |
CN109241484B (en) | Method and equipment for sending webpage data based on encryption technology | |
CN103310150A (en) | Method and device for detecting portable document format (PDF) vulnerability | |
US11868450B2 (en) | Network and device security system, method, and apparatus | |
Chen et al. | You {Shouldn’t} Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile {IME} Apps | |
CN115795538B (en) | Anti-desensitization method, device, computer equipment and storage medium for desensitizing document | |
EP2973182B1 (en) | Methods and apparatus for securing user input in a mobile device | |
CN105975867A (en) | Data processing method | |
US11288381B2 (en) | Calculation device, calculation method, calculation program and calculation system | |
CN113239853A (en) | Biological identification method, device and equipment based on privacy protection | |
CN113704826A (en) | Privacy protection-based business risk detection method, device and equipment | |
CN114416773B (en) | Data processing method, device, storage medium and server | |
CN105205376A (en) | Method for logging into intelligent application through fingerprints based on Android system | |
CN107798238A (en) | The detection method and device of malicious application | |
CN116055067A (en) | Weak password detection method, device, electronic equipment and medium | |
CN110990848A (en) | Sensitive word encryption method and device based on hive data warehouse and storage medium | |
US11909865B2 (en) | Method and device for securing a communication path | |
CN102710416A (en) | Password encryption method for social website | |
JP2007188307A (en) | Data file monitor apparatus | |
US11263328B2 (en) | Encrypted log aggregation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180313 |
|
RJ01 | Rejection of invention patent application after publication |