CN108062463A - It is a kind of that packet inspection method and system are beaten again based on screenshot picture - Google Patents
It is a kind of that packet inspection method and system are beaten again based on screenshot picture Download PDFInfo
- Publication number
- CN108062463A CN108062463A CN201610978199.4A CN201610978199A CN108062463A CN 108062463 A CN108062463 A CN 108062463A CN 201610978199 A CN201610978199 A CN 201610978199A CN 108062463 A CN108062463 A CN 108062463A
- Authority
- CN
- China
- Prior art keywords
- application
- atlas
- measured
- snapshot
- legal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000007689 inspection Methods 0.000 title claims abstract description 11
- 238000004088 simulation Methods 0.000 claims description 12
- 238000010009 beating Methods 0.000 claims description 6
- 239000000284 extract Substances 0.000 claims description 6
- 238000012856 packing Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 5
- 230000008447 perception Effects 0.000 claims description 2
- 238000001514 detection method Methods 0.000 abstract description 15
- 238000005516 engineering process Methods 0.000 description 6
- 239000000243 solution Substances 0.000 description 4
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003014 reinforcing effect Effects 0.000 description 2
- 238000011524 similarity measure Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000000105 evaporative light scattering detection Methods 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000006116 polymerization reaction Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Multimedia (AREA)
- Life Sciences & Earth Sciences (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Packet inspection method is beaten again based on screenshot picture the invention discloses a kind of, including:The snapshot at each interface of legal application is obtained, forms the first atlas;The snapshot to be measured using each interface is obtained, forms the second atlas;Compare the similarity of the second atlas and the first atlas, when similarity meets a preset value, be determined as similar snapshot;The similar screenshotss map number of the second atlas is counted, if similar snapshot quantity is more than a preset value, the authentication information of legal application and application to be measured is obtained and is compared, judges that application to be measured is attached most importance to if authentication information difference and is packaged application.This detection method has the advantages that strong applicability, accuracy are high.Bag detecting system is beaten again based on screenshot picture the invention also provides a kind of.
Description
Technical field
The present invention relates to field of information security technology more particularly to it is a kind of based on screenshot picture beat again packet inspection method and
System.
Background technology
Smart mobile phone and tablet computer have become a part indispensable in people's daily life, and are based in market
The mobile equipment accounting of Android alreadys exceed 80%.However, the safety problem of the mobile equipment based on Android platform is also more tight
Weight.Since third party market does not have stringent APP to examine, the Malware in Android is caused largely to come from third party city
.And by investigation, 86% Malware is using packet technology is beaten again, and by beating again packet technology, Malware developer is to just
Version Android application carries out decompiling, embedded malicious code or modification partial code.When user downloads installation, these beat again bag generation
After code, the malicious acts such as malice is deducted fees, personal information is stolen may be met with, and then serious economic damage is brought to user
It loses.
Current packet inspection method of beating again mainly beats again the similitude wrapped between application and legal Android application by comparison
It distinguishes.And Similarity measures are divided into the similarity detection method to be detected based on Code Clones and the phase based on resource file
Like two kinds of property detection method.
Similarity detection method based on Code Clones is the executable file in being applied by decompiling Android, such as
DroidMOSS methods are by extracting the sequence of opcodes in Dalvik bytecodes, using the method for fuzzy hash to applying journey
Sequence generates a fingerprint signature simultaneously as feature, is applied program by comparing the editing distance between application program fingerprint
Similarity.Static characteristic information is extracted from the Dalvik bytecodes that decompiling goes out, but DroidMOSS methods are easily subject to
The influence of Code obfuscation, by interchange code order or increasing delete operation code all can cause the fingerprint of application program to change
Become and fail so as to cause detection method;DNADroid methods beat again bag by comparing the program dependency graph (PDG) applied to detect
Using it utilizes the semantic information of program, and Detection accuracy increases, but the detection method of the dependency graph based on program is held
Line efficiency is not high, is very difficult to apply in large-scale beat again in bag application detection.
Similarity detection method based on file, mainly by extracting resource file in being applied from Android, including XML cloth
Office file, audio files, picture file etc., are generated with this using feature.Latent structure structure tree or Kazakhstan are applied by these
Uncommon value, carries out Similarity measures.However this method is also required to decompiling Android application, and the consumption of the polymerization classification used
Duration is unfavorable for detecting on a large scale, and can not detect the interface of dynamic load in sample operational process.
The content of the invention
For above-mentioned technical problem, the present invention realizes with the following method:It is a kind of that bag inspection is beaten again based on screenshot picture
Survey method, including:
The snapshot at each interface of legal application is obtained, forms the first atlas;
The snapshot to be measured using each interface is obtained, forms the second atlas;
Compare the similarity of the second atlas and the first atlas, when similarity meets a preset value, be determined as similar snapshot;
The similar screenshotss map number of the second atlas is counted, if similar snapshot quantity is more than a preset value, obtains application to be measured
With legal copy application authentication information and compared, if mismatch, judge application to be measured attach most importance to packing application.
Further, the application to be measured and legal application are installed and run in same environment.
Further, application to be measured and the legal copy of obtaining is using the method for the snapshot under each interface:
HOOK applications to be measured and the behavior of legal application, make it possess Auto Cut-screen Function when interface redirects;
Application to be measured described in simulated operation and legal application so that all interfaces are traveled through, and obtain the snapshot under each interface;
Wherein, the simulated operation includes:Simulation is clicked on or simulation input.
Further, judging the method for similar snapshot includes:
Using the Hamming distance for perceiving each snapshot in hash algorithm the second atlas of calculating and the first atlas, according to second figure
Collect and whether less than a preset value to judge whether in two atlas be similar snapshot to the Hamming distance of the first atlas.
Further, it is described to obtain application to be measured and the legal authentication information applied and compared, if mismatching, sentence
Fixed application to be measured, which is attached most importance to, is packaged application, is specially:
Authentication information is extracted in CERT.RSA files from the META-INF catalogues of application to be measured and legal application, and extracts institute
State the public key information in authentication information;
If application to be measured is different with the public key information of legal copy application, judges that application to be measured is attached most importance to and be packaged application.
Bag detecting system is beaten again based on screenshot picture the invention also discloses a kind of, is obtained including the first acquisition mould, second
Modulus block beats again bag determination module, wherein:
First acquisition module for obtaining the snapshot at each interface of legal application, forms the first atlas;
Second acquisition module for obtaining the snapshot to be measured using each interface, forms the second atlas;
Bag determination module is beaten again, for comparing the similarity of the second atlas and the first atlas, when similarity meets a preset value, is sentenced
It is set to similar snapshot;The similar screenshotss map number of the second atlas is counted, if similar snapshot quantity is more than a preset value, is obtained
It takes the authentication information to be measured applied with legal application and is compared, if mismatching, judge that application to be measured attaches most importance to being packaged and apply.
Further, the application to be measured and legal application are installed and run in same environment.
Further, first acquisition module is specifically used for the behavior of the legal applications of HOOK, it is made to possess interface and is redirected
When Auto Cut-screen Function, legal application described in simulated operation obtains snapshot under each interface simultaneously shape so that interface redirects
Into the first atlas;
Second acquisition module is specifically used for the behavior of HOOK applications to be measured, it is made to possess automatic screenshotss work(when interface redirects
Can, application to be measured described in simulated operation causes interface to redirect, and obtains the snapshot under each interface and forms the second atlas;Its
In, the simulated operation includes:Simulation is clicked on or simulation input.
Further, the bag determination module of beating again is calculated in the first atlas and the second atlas respectively using perception hash algorithm
The similarity of snapshot;Judge the similar snapshot quantity of the second atlas whether more than a preset value.
Further, the bag determination module of beating again is additionally operable to when the similar snapshot quantity of the second atlas is more than a preset value
When, authentication information is extracted from the CERT.RSA files in application to be measured and the legal META-INF catalogues applied, and extracts institute
State the public key information in authentication information;If application to be measured is different with the public key information of legal copy application, judge that application to be measured is attached most importance to
It is packaged application.
It has the beneficial effect that:This hair obtains each apply at each interface by dynamic load application to be measured and legal application
Under snapshot, by comparing snapshot and authentication information, and then judge whether application to be measured attaches most importance to packing application.Institute of the present invention
Technical solution is stated due to independent of decompiling code, from the influence of various obfuscations and reinforcement technique, applicability
It is stronger;By each interface of dynamic load, therefore from the influence of resource file missing;Tentatively sentenced based on substantial amounts of snapshot
Fixed packing application of whether attaching most importance to, ensure that the accuracy of testing result.
Description of the drawings
In order to illustrate more clearly of technical scheme, letter will be made to attached drawing needed in the embodiment below
Singly introduce, it should be apparent that, the accompanying drawings in the following description is only some embodiments described in the present invention, for this field
For those of ordinary skill, without creative efforts, other attached drawings are can also be obtained according to these attached drawings.
Fig. 1 a kind of beats again 1 flow chart of packet inspection method embodiment to be provided by the invention based on screenshot picture;
Fig. 2 a kind of beats again bag detecting system example structure figure to be provided by the invention based on screenshot picture.
Specific embodiment
Packet inspection method and system embodiment are beaten again based on screenshot picture The present invention gives a kind of, in order to make this technology
The personnel in field more fully understand the technical solution in the embodiment of the present invention, and make the above objects, features and advantages of the present invention
Can be more obvious understandable, technical solution in the present invention is described in further detail below in conjunction with the accompanying drawings.
Packet inspection method embodiment 1 is beaten again based on screenshot picture present invention firstly provides a kind of, as shown in Figure 1, bag
It includes:
S101:The snapshot at each interface of legal application is obtained, forms the first atlas.
Wherein, the legal application can be the legal application obtained using crawler technology from official market.
S102:The snapshot to be measured using each interface is obtained, forms the second atlas.
In general, application to be measured and legal application are installed and run in same environment, specifically, to dynamic detection platform into
Row environment set includes but not limited to:Unit type and screen resolution, and then ensure that all applying is pacified in same environment
It fills and runs, and then ensure the accuracy that subsequent detection judges.
In S101-S102, obtain application to be measured and the snapshot under each interface of legal application method can there are many, this
Invention is by taking following methods as an example:
HOOK applications to be measured and the behavior of legal application, make it possess Auto Cut-screen Function when interface redirects.Described in simulated operation
Application to be measured and legal application cause interface to redirect, and obtain the snapshot under each interface.Including but not limited to:Use dynamic
Injection technique so that respectively apply and carry out screenshotss operation automatically after interface occurs and redirects, and then obtain snapshot and preserve.
Wherein, simulated operation includes:Simulation is clicked on or simulation input.The purpose of simulated operation is to cause each application
Interface redirects, and then obtains and apply the snapshot under each interface, and guarantee is needed to be answered for application to be measured with legal
With simulated operation uniformity, and then promote the accuracy that final detection judges.
S103:Compare the similarity of the second atlas and the first atlas, if the similarity of corresponding a pair of snapshot meets one
During preset value, judge that this pair of of snapshot is similar snapshot.
Specifically, title and whole cryptographic Hash based on legal copy application generate ID;ID herein is used to distinguish different application.
Using the cryptographic Hash for perceiving hash algorithm the second atlas of calculating and all snapshots of the first atlas, if the second atlas and the first atlas
All snapshots cryptographic Hash Hamming distance less than a preset value, then judge that this pair of of snapshot is similar snapshot.
S104:The similar screenshotss map number of the second atlas is counted, if similar screenshotss map number is more than a preset value, is obtained
The authentication information of application to be measured and legal application is simultaneously compared, if authentication information mismatches, judges application to be measured to beat again
Bag application.
It is stored specifically, can the snapshot be converted to cryptographic Hash, not only ensure that detection resource loss is low,
And suitable for mass detection.
The method for obtaining the authentication information of application to be measured and legal application and being compared includes:From application to be measured and legal copy
Authentication information is extracted in CERT.RSA files in the META-INF catalogues of application, and extracts the letter of the public key in the authentication information
Breath.Compare the public key information of the two, if application to be measured is different with the public key information of legal copy application, judge application to be measured to beat again
Bag application.
Technical solution of the present invention is due to independent of decompiling code, from various obfuscations and reinforcing skill
The influence of art, applicability are stronger;Above-mentioned technical proposal can detect the layout interface of dynamic load, therefore be lacked from resource file
The influence of mistake;Application is packaged come whether preliminary judgement attaches most importance to based on substantial amounts of snapshot, and then ensure that the accurate of testing result
Property.
In further embodiments, as shown in Fig. 2, a kind of beat again bag detecting system based on screenshot picture, including:
First acquisition module 201 for obtaining the snapshot at each interface of legal application, forms the first atlas.Such as HOOK is legal
The screenshotss behavior of application;Legal application causes interface to redirect described in simulated operation, obtains snapshot and shape under each interface
Into the first atlas.
Second acquisition module 202 for obtaining the snapshot to be measured using each interface, forms the second atlas.Such as HOOK
The screenshotss behavior of application to be measured;Application to be measured causes interface to redirect described in simulated operation, obtains the snapshot under each interface
And form the second atlas;Wherein, simulated operation includes:Simulation is clicked on or simulation input.
Bag determination module 203 is beaten again, for comparing the similarity of the second atlas and the first atlas, if corresponding a pair of screenshotss
When the similarity of figure meets a preset value, it is determined as similar snapshot;The similar screenshotss map number of the second atlas is counted, if similar
Snapshot quantity is more than a preset value, then obtains the authentication information of application to be measured and legal application and compared, if mismatching,
Then judge that application to be measured is attached most importance to and be packaged application.
Preferably, beat again bag determination module 203 and calculate in the second atlas and the first atlas each section using hash algorithm is perceived
Shield the Hamming distance of figure, according to the Hamming distance of second atlas and the first atlas whether less than a preset value come described in judging
Whether in two atlas is similar snapshot.
When the similar snapshot quantity of the second atlas be more than a preset value when, beat again bag determination module 303 from it is to be measured application and
Authentication information is extracted in CERT.RSA files in the META-INF catalogues of legal copy application, and extracts the public affairs in the authentication information
Key information;If application to be measured is different with the public key information of legal copy application, judges that application to be measured is attached most importance to and be packaged application.
In above system embodiment, the application to be measured and legal application are installed and run in same environment, specific to wrap
It includes:Environment set is carried out to dynamic detection platform, is included but not limited to:Unit type and screen resolution;In the same of setting
It is installed in environment and runs application to be measured and legal application.
Each embodiment in this specification is described by the way of progressive, the same or similar between each embodiment
Just to refer each other for part, and the highlights of each of the examples are difference from other examples.Especially for system
For embodiment, since it is substantially similar to embodiment of the method, so description is fairly simple, related part is implemented referring to method
The part explanation of example.
Above-described embodiment give it is a kind of packet inspection method and system embodiment are beaten again based on screenshot picture, with tradition weight
The detection method of packing is different, and the present invention will not be influenced be subject to using reinforcing or Code obfuscation, to be measured by dynamic load
It is applied using with legal copy, and then obtains each snapshot applied under each interface, by comparing snapshot and authentication information, and then
Judge whether application to be measured attaches most importance to and be packaged application.Since the present invention is judged whether by the snapshot at each interface of dynamic load
Attach most importance to packing application, therefore from resource file missing influence, compared with than the prior art possess larger range of applicability and compared with
High accuracy rate.
Above example is to illustrative and not limiting technical scheme.Appointing for spirit and scope of the invention is not departed from
What modification or local replacement, should be covered by the scope of the claims of the present invention.
Claims (10)
1. a kind of beat again packet inspection method based on screenshot picture, which is characterized in that including:
The snapshot at each interface of legal application is obtained, forms the first atlas;
The snapshot to be measured using each interface is obtained, forms the second atlas;
Compare the similarity of the second atlas and the first atlas, if the similarity of corresponding a pair of snapshot meets a preset value, sentence
It is set to similar snapshot;
The similar screenshotss map number of the second atlas is counted, if similar snapshot quantity is more than a preset value, obtains application to be measured
With legal copy application authentication information and compared, if mismatch, judge application to be measured attach most importance to packing application.
2. the method as described in claim 1, which is characterized in that the application to be measured and legal application are installed and run on same
In environment.
3. the method as described in claim 1, which is characterized in that described to obtain cutting under application to be measured and each interface of legal application
The method of screen figure is:
HOOK applications to be measured and the behavior of legal application, make it possess Auto Cut-screen Function when interface redirects;
Application to be measured described in simulated operation and legal application so that all interfaces are traveled through, and obtain the snapshot under each interface;
Wherein, the simulated operation includes:Simulation is clicked on or simulation input.
4. the method as described in claim 1, which is characterized in that judging the method for similar snapshot includes:
Using the Hamming distance for perceiving each snapshot in hash algorithm the second atlas of calculating and the first atlas, according to second figure
Collect and whether less than a preset value to judge whether in two atlas be similar snapshot to the Hamming distance of the first atlas.
5. the method as described in claim 1, which is characterized in that described to obtain application to be measured and the legal authentication information applied simultaneously
It is compared, if mismatching, judges that application to be measured is attached most importance to and be packaged application, be specially:
Authentication information is extracted in CERT.RSA files from the META-INF catalogues of application to be measured and legal application, and extracts institute
State the public key information in authentication information;
If application to be measured is different with the public key information of legal copy application, judges that application to be measured is attached most importance to and be packaged application.
6. a kind of beat again bag detecting system based on screenshot picture, which is characterized in that obtains mould including the first acquisition module, second
Block beats again bag determination module, wherein:
First acquisition module for obtaining the snapshot at each interface of legal application, forms the first atlas;
Second acquisition module for obtaining the snapshot to be measured using each interface, forms the second atlas;
Bag determination module is beaten again, for comparing the similarity of the second atlas and the first atlas, if the phase of corresponding a pair of snapshot
When meeting a preset value like degree, it is determined as similar snapshot;The similar screenshotss map number of the second atlas is counted, if similar snapshot
Quantity is more than a preset value, then obtains the authentication information of application to be measured and legal application and compared, if mismatching, judged
Application to be measured, which is attached most importance to, is packaged application.
7. application to be measured applies system as claimed in claim 6 with legal, which is characterized in that the application to be measured and legal copy should
With installing and run in same environment.
8. system as claimed in claims 6 or 7, which is characterized in that first acquisition module is specifically used for HOOK legal copies should
Behavior makes it possess Auto Cut-screen Function when interface redirects, and legal application described in simulated operation causes interface to redirect,
It obtains the snapshot under each interface and forms the first atlas;
Second acquisition module is specifically used for the behavior of HOOK applications to be measured, it is made to possess automatic screenshotss work(when interface redirects
Can, application to be measured described in simulated operation causes interface to redirect, and obtains the snapshot under each interface and forms the second atlas;Its
In, the simulated operation includes:Simulation is clicked on or simulation input.
9. system as claimed in claims 6 or 7, which is characterized in that the bag determination module of beating again is using perception hash algorithm
The Hamming distance of each snapshot in the second atlas and the first atlas is calculated, according to second atlas and the Hamming distance of the first atlas
From whether less than a preset value judging whether in two atlas be similar snapshot.
10. system as claimed in claims 6 or 7, which is characterized in that the bag determination module of beating again is additionally operable to when the second atlas
When similar snapshot quantity is more than a preset value, the CERT.RSA from the META-INF catalogues of application to be measured and legal application
Authentication information is extracted in file, and extracts the public key information in the authentication information;If application to be measured and the public key of legal application
Information is different, then judges that application to be measured is attached most importance to and be packaged application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610978199.4A CN108062463A (en) | 2016-11-07 | 2016-11-07 | It is a kind of that packet inspection method and system are beaten again based on screenshot picture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610978199.4A CN108062463A (en) | 2016-11-07 | 2016-11-07 | It is a kind of that packet inspection method and system are beaten again based on screenshot picture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108062463A true CN108062463A (en) | 2018-05-22 |
Family
ID=62137689
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610978199.4A Pending CN108062463A (en) | 2016-11-07 | 2016-11-07 | It is a kind of that packet inspection method and system are beaten again based on screenshot picture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108062463A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109858249A (en) * | 2019-02-18 | 2019-06-07 | 暨南大学 | The quick, intelligent comparison of mobile Malware big data and safety detection method |
| CN112241502A (en) * | 2020-10-16 | 2021-01-19 | 北京字节跳动网络技术有限公司 | Page loading detection method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103577206A (en) * | 2012-07-27 | 2014-02-12 | 北京三星通信技术研究有限公司 | Method and device for installing application software |
| CN103699843A (en) * | 2013-12-30 | 2014-04-02 | 珠海市君天电子科技有限公司 | Malicious activity detection method and device |
| CN103886260A (en) * | 2014-04-16 | 2014-06-25 | 中国科学院信息工程研究所 | Application program control method based on two-time signature verification technology |
| CN105095751A (en) * | 2014-05-07 | 2015-11-25 | 中兴软创科技股份有限公司 | Method for detecting malicious phishing application for Android platform |
-
2016
- 2016-11-07 CN CN201610978199.4A patent/CN108062463A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103577206A (en) * | 2012-07-27 | 2014-02-12 | 北京三星通信技术研究有限公司 | Method and device for installing application software |
| CN103699843A (en) * | 2013-12-30 | 2014-04-02 | 珠海市君天电子科技有限公司 | Malicious activity detection method and device |
| CN103886260A (en) * | 2014-04-16 | 2014-06-25 | 中国科学院信息工程研究所 | Application program control method based on two-time signature verification technology |
| CN105095751A (en) * | 2014-05-07 | 2015-11-25 | 中兴软创科技股份有限公司 | Method for detecting malicious phishing application for Android platform |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109858249A (en) * | 2019-02-18 | 2019-06-07 | 暨南大学 | The quick, intelligent comparison of mobile Malware big data and safety detection method |
| CN109858249B (en) * | 2019-02-18 | 2020-08-07 | 暨南大学 | Rapid intelligent comparison and safety detection method for mobile malicious software big data |
| CN112241502A (en) * | 2020-10-16 | 2021-01-19 | 北京字节跳动网络技术有限公司 | Page loading detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104123493B (en) | The safety detecting method and device of application program | |
| US10142370B2 (en) | Methods and apparatus for generating and using security assertions associated with containers in a computing environment | |
| Moonsamy et al. | Mining permission patterns for contrasting clean and malicious android applications | |
| EP2972866B1 (en) | Techniques for correlating vulnerabilities across an evolving codebase | |
| Davies et al. | Software bertillonage: Finding the provenance of an entity | |
| KR101214893B1 (en) | Apparatus and method for detecting similarity amongf applications | |
| CN103368987B (en) | Cloud server, application program verification, certification and management system and application program verification, certification and management method | |
| CN103995774B (en) | Method and device for detecting software installation package | |
| CN103297267B (en) | A kind of methods of risk assessment of network behavior and system | |
| CN103473346A (en) | Android re-packed application detection method based on application programming interface | |
| Allen et al. | Improving accuracy of android malware detection with lightweight contextual awareness | |
| US11036479B2 (en) | Devices, systems, and methods of program identification, isolation, and profile attachment | |
| CN111222181B (en) | AI model supervision method, system, server and storage medium | |
| CN111859381A (en) | File detection method, device, equipment and medium | |
| CN108062463A (en) | It is a kind of that packet inspection method and system are beaten again based on screenshot picture | |
| CN106528422B (en) | A kind of method and apparatus of detection java applet page disturbance | |
| CN110929110A (en) | Electronic document detection method, device, equipment and storage medium | |
| CN103971055B (en) | A kind of Android malware detection method based on program slicing technique | |
| KR20180089997A (en) | Measuring Similarity System and Method of Android Application Using Text Mining | |
| CN105808980A (en) | Detection method and device of illegal use of software | |
| CN113935847A (en) | Online process risk processing method, device, server and medium | |
| CN106778276A (en) | A kind of method and system for detecting incorporeity file malicious code | |
| WO2021216098A1 (en) | Privacy preserving application and device error detection | |
| KR101792631B1 (en) | Api-based software similarity measuring method and system using fuzzy hashing | |
| Cam et al. | Detect repackaged android applications by using representative graphs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180522 |