CN108090353B - Knowledge-driven regression detection method and system for shell-added codes - Google Patents
Knowledge-driven regression detection method and system for shell-added codes Download PDFInfo
- Publication number
- CN108090353B CN108090353B CN201711067476.7A CN201711067476A CN108090353B CN 108090353 B CN108090353 B CN 108090353B CN 201711067476 A CN201711067476 A CN 201711067476A CN 108090353 B CN108090353 B CN 108090353B
- Authority
- CN
- China
- Prior art keywords
- features
- detected
- sample
- shell
- short
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Abstract
The invention provides a knowledge-driven regression detection method and a knowledge-driven regression detection system for shell-added codes, wherein the method comprises the following steps: establishing a characteristic comprehensive database, and acquiring a to-be-detected shell-added sample; placing the decompressed codes of the to-be-detected shell-added samples into a sample interpreter for short feature matching, if the matching is successful, decrypting the to-be-detected shell-added samples according to a corresponding decryption algorithm of the short features in an inference machine, extracting the short features from the decrypted data, and inputting the short features into a plaintext knowledge base; otherwise, extracting features of the shelling sample to be detected directly through an inference machine, and inputting the features into a ciphertext knowledge base. The invention also provides a system, a storage medium and a program product of the method. The method carries out cooperative detection on the shell added code through the comprehensive database consisting of the plaintext knowledge base and the ciphertext knowledge base, and adopts a regression mode to continuously update the knowledge base, so that the method can adapt to the continuous change of the detection code and the detection mode.
Description
Technical Field
The invention relates to the field of computer network security, in particular to a knowledge-driven regression detection method and system for shell-added codes.
Background
With the development and popularization of computer technology, computer networks are rapidly developed, and the number of malicious codes is exponentially increased. Early malicious code did not employ excessive self-protection mechanisms and all had fixed signatures. Therefore, antivirus software can easily detect virus programs hidden in the system by using virus feature code matching, but with the development of the technology, malicious codes adopt a self-protection technology to resist the detection of an antivirus engine, for example, the malicious codes are shelled (namely encrypted), so that the accuracy of the traditional detection mode is greatly reduced.
Currently, a single detection mode is mostly adopted for detecting the shell-added code, such as: the normalized feature detection is directly extracted from the encrypted ciphertext, but the detection result is not accurate; carrying out decompression detection on codes of a known compression algorithm, wherein the detection result is incomplete; and the execution mode of the dynamic virtual machine is adopted to select the key instruction for detection, but the detection efficiency is not high.
Disclosure of Invention
Based on the problems, the invention provides a knowledge-driven regression detection method and system for the shell-added codes, the balance of accuracy, comprehensiveness and high efficiency is achieved through cooperative detection of a ciphertext knowledge base and a plaintext knowledge base, and finally, the detection knowledge base is continuously updated in a regression mode to adapt to continuous changes of detection codes and detection modes.
Firstly, the invention provides a knowledge-driven regression detection method for a shell-added code, which comprises the following steps:
establishing a characteristic comprehensive database, and acquiring a to-be-detected shell-added sample;
placing the decompressed codes of the to-be-detected shell-added samples into a sample interpreter for short feature matching, if the matching is successful, decrypting the to-be-detected shell-added samples according to a corresponding decryption algorithm of the short features in an inference machine, extracting the short features from the decrypted data, and inputting the short features into a plaintext knowledge base;
otherwise, extracting features of the shelling sample to be detected directly through an inference machine, and inputting the features into a ciphertext knowledge base.
In the method, the characteristic comprehensive database consists of a plaintext knowledge base and a ciphertext knowledge base.
In the method, the short features comprise feature content and algorithm key position information.
In the method, the to-be-detected shell-added sample is decrypted according to the corresponding decryption algorithm of the short features in the inference engine, specifically, the to-be-detected shell-added sample is decrypted by matching the corresponding decryption algorithm according to the feature content and the key position information of the algorithm in the short features.
In the method, the characteristics of the to-be-detected shelling sample are directly extracted through an inference machine, and the method specifically comprises the following steps:
acquiring corresponding data from the to-be-detected shell-added sample according to the known dynamic characteristics and static characteristics, and setting the score of each characteristic;
respectively calculating the total scores of the dynamic features and the static features according to an entropy weight information method;
performing comprehensive evaluation on the total scores of the dynamic features and the static features by adopting a complex analysis method based on the poiicare measurement, and determining and selecting the dynamic features or the static features;
and taking the selected dynamic characteristics or static characteristics as the characteristics of the to-be-detected shelled sample, and recording the characteristics into a ciphertext knowledge base.
In the method, after the shell-added sample to be detected is obtained, the method further comprises the following steps: and extracting the code segment characteristics of the shell sample to be detected, matching the hash value of the characteristics with the existing characteristics in the characteristic comprehensive database, and directly outputting a judgment result if the matching is successful.
The invention also provides a knowledge-driven regression detection system for the shell-added codes, which comprises the following steps:
the database module is used for establishing a characteristic comprehensive database;
the acquisition module acquires a to-be-detected shell sample;
the sample interpreter module is used for putting the decompressed codes of the to-be-detected shell-added samples into the sample interpreter for short feature matching, and if the matching is successful, the short feature matching enters the inference engine module;
the inference engine module is used for decrypting the to-be-detected shell-added sample according to a corresponding decryption algorithm of the short features in the inference engine, extracting the short features from the decrypted data and inputting the short features into a plaintext knowledge base; otherwise, the inference machine directly extracts the characteristics of the shelling sample to be detected and inputs the characteristics into the ciphertext knowledge base.
In the system, the characteristic comprehensive database consists of a plaintext knowledge base and a ciphertext knowledge base.
In the system, the short features include feature content and algorithm key location information.
In the system, the to-be-detected shell-added sample is decrypted according to the corresponding decryption algorithm of the short features in the inference engine, specifically, the to-be-detected shell-added sample is decrypted by matching the corresponding decryption algorithm according to the feature content and the key position information of the algorithm in the short features.
In the system, the characteristics of the to-be-detected shelling sample are directly extracted through an inference machine, and the method specifically comprises the following steps:
acquiring corresponding data from the to-be-detected shell-added sample according to the known dynamic characteristics and static characteristics, and setting the score of each characteristic;
respectively calculating the total scores of the dynamic features and the static features according to an entropy weight information method;
performing comprehensive evaluation on the total scores of the dynamic features and the static features by adopting a complex analysis method based on the poiicare measurement, and determining and selecting the dynamic features or the static features;
and taking the selected dynamic characteristics or static characteristics as the characteristics of the to-be-detected shelled sample, and recording the characteristics into a ciphertext knowledge base.
In the system, after obtaining the to-be-detected shell-added sample, the method further comprises the following steps: and extracting the code segment characteristics of the shell sample to be detected, matching the hash value of the characteristics with the existing characteristics in the characteristic comprehensive database, and directly outputting a judgment result if the matching is successful.
Accordingly, the present invention proposes a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the shelled code regression detection method according to any one of claims 1 to 6.
Accordingly, the present invention provides an electronic device, comprising: the device comprises a shell, a processor, a memory, a circuit board and a power supply, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes the program corresponding to the executable program code by reading the executable program code stored in the memory, and executes the method flow.
The technical scheme of the invention has the advantages that a plurality of detection modes can be integrated, the plaintext knowledge base and the ciphertext knowledge base form a characteristic integrated database, accurate, comprehensive and efficient detection is realized through cooperative detection of the ciphertext and the plaintext, finally, a regression mode is adopted to update the knowledge base, and a certain degree of characteristic extraction is carried out on a sample added by using the current unknown compression algorithm to adapt to the continuous change of a detection code and a detection mode.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flowchart of an embodiment of a knowledge-driven regression detection method for shell-added codes according to the present invention;
FIG. 2 is a schematic diagram of a knowledge-driven regression detection system for shell-added codes according to the present invention;
fig. 3 is a schematic structural diagram of an embodiment of an electronic device according to the present invention.
Detailed Description
In order to make the technical solutions in the embodiments of the present invention better understood and make the above objects, features and advantages of the present invention more comprehensible, the technical solutions of the present invention are described in further detail below with reference to the accompanying drawings.
First, the present invention provides a knowledge-driven regression detection method for shell-added codes, as shown in fig. 1, including:
s101: establishing a characteristic comprehensive database, and acquiring a to-be-detected shell-added sample;
s102: placing the decompressed code of the shell sample to be detected into a sample interpreter for short feature matching, if the matching is successful, executing S103, otherwise executing S104; decompression code of the shelled sample, typically the second half of the second section of the shelled sample;
s103: decrypting the shell-added sample to be detected according to a corresponding decryption algorithm of the short features in the inference machine, extracting the short features from the decrypted data, and inputting the short features into a plaintext knowledge base;
s104: and directly extracting features of the shelling sample to be detected through an inference machine, and inputting the features into a ciphertext knowledge base.
In the method, the characteristic comprehensive database consists of a plaintext knowledge base and a ciphertext knowledge base.
In the method, the short features comprise feature content and algorithm key position information.
The short feature contains key position information of the algorithm, because in the encryption process, when the same code is encrypted, the first occurring position and offset of the same code can be adopted to finish the encryption, so that in the decryption process, the offset range can be used as the feature, the accuracy can be ensured, and the feature length can be ensured to be relatively short. And because the short features contain the key position information of the algorithm, the short features can form a mapping relation with the encryption algorithm.
In the method, the to-be-detected shell-added sample is decrypted according to the corresponding decryption algorithm of the short features in the inference engine, specifically, the to-be-detected shell-added sample is decrypted by matching the corresponding decryption algorithm according to the feature content and the key position information of the algorithm in the short features.
In the method, the characteristics of the to-be-detected shelling sample are directly extracted through an inference machine, and the method specifically comprises the following steps:
acquiring corresponding data from the to-be-detected shell-added sample according to the known dynamic characteristics and static characteristics, and setting the score of each characteristic; since the threat level of a feature is different, scores need to be set for each feature,
respectively calculating the total scores of the dynamic features and the static features according to an entropy weight information method; such as: for the dynamic characteristics, only considering the device threat (disk sector modification), the system threat (registry modification) and the file IO threat (file reading and writing), different sub-scores are inevitable when the threat degrees of the three are different; for static features, the head 4K feature of the code section, the file icon feature, etc. The mapping of features to scores given by threat levels is based on a large number of analytical experiences.
The dynamic characteristic and the static characteristic are linearly independent, so that the dynamic characteristic and the static characteristic can be regarded as two mutually perpendicular vectors under a plane rectangular coordinate system, and subsequent analysis can be carried out through a complex function.
Performing comprehensive evaluation on the total scores of the dynamic features and the static features by adopting a complex analysis method based on the poiicare measurement, and determining and selecting the dynamic features or the static features;
and taking the selected dynamic characteristics or static characteristics as the characteristics of the to-be-detected shelled sample, and recording the characteristics into a ciphertext knowledge base.
The reason for adopting the method is that the ciphertext features to be extracted do not exist in the knowledge base, the compression algorithm of the ciphertext features is not known, and the feature extraction and detection need to be carried out in an inaccurate mode when a certain detection effect is required, and corresponding data can be found in the sample by adopting a mode of combining dynamic features and static features.
In the method, after the shell-added sample to be detected is obtained, the method further comprises the following steps: and extracting the code segment characteristics of the shell sample to be detected, matching the hash value of the characteristics with the existing characteristics in the characteristic comprehensive database, and directly outputting a judgment result if the matching is successful.
The invention also provides a knowledge-driven regression detection system for the shell-added code, which is shown in fig. 2 and comprises:
a database module 201 for establishing a characteristic comprehensive database;
the acquisition module 202 acquires a to-be-detected shell sample;
the sample interpreter module 203 is used for putting the decompressed codes of the to-be-detected shell-added samples into the sample interpreter for short feature matching, and if the matching is successful, the short feature matching enters the inference engine module;
the inference engine module 204 is used for decrypting the to-be-detected shell-added sample according to a corresponding decryption algorithm of the short features in the inference engine, extracting the short features from the decrypted data, and inputting the short features into a plaintext knowledge base; and if the short feature matching fails, the inference machine directly extracts features of the to-be-detected shelled sample and inputs the features into a ciphertext knowledge base.
In the system, the characteristic comprehensive database consists of a plaintext knowledge base and a ciphertext knowledge base.
In the system, the short features include feature content and algorithm key location information.
In the system, the to-be-detected shell-added sample is decrypted according to the corresponding decryption algorithm of the short features in the inference engine, specifically, the to-be-detected shell-added sample is decrypted by matching the corresponding decryption algorithm according to the feature content and the key position information of the algorithm in the short features.
In the system, the characteristics of the to-be-detected shelling sample are directly extracted through an inference machine, and the method specifically comprises the following steps:
acquiring corresponding data from the to-be-detected shell-added sample according to the known dynamic characteristics and static characteristics, and setting the score of each characteristic;
respectively calculating the total scores of the dynamic features and the static features according to an entropy weight information method;
performing comprehensive evaluation on the total scores of the dynamic features and the static features by adopting a complex analysis method based on the poiicare measurement, and determining and selecting the dynamic features or the static features;
and taking the selected dynamic characteristics or static characteristics as the characteristics of the to-be-detected shelled sample, and recording the characteristics into a ciphertext knowledge base.
In the system, after obtaining the to-be-detected shell-added sample, the method further comprises the following steps: and extracting the code segment characteristics of the shell sample to be detected, matching the hash value of the characteristics with the existing characteristics in the characteristic comprehensive database, and directly outputting a judgment result if the matching is successful.
Accordingly, the present invention proposes a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the shelled code regression detection method according to any one of claims 1 to 6.
Accordingly, the present invention provides an electronic device, as shown in fig. 3, the electronic device includes: the device comprises a shell 301, a processor 302, a memory 303, a circuit board 304 and a power supply 305, wherein the circuit board is arranged inside a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes the program corresponding to the executable program code by reading the executable program code stored in the memory, and executes the method flow.
The technical scheme of the invention has the advantages that a plurality of detection modes can be integrated, the plaintext knowledge base and the ciphertext knowledge base form a characteristic integrated database, accurate, comprehensive and efficient detection is realized through cooperative detection of the ciphertext and the plaintext, finally, a regression mode is adopted to update the knowledge base, and a certain degree of characteristic extraction is carried out on a sample added by using the current unknown compression algorithm to adapt to the continuous change of a detection code and a detection mode.
While the present invention has been described with respect to the embodiments, those skilled in the art will appreciate that there are numerous variations and permutations of the present invention without departing from the spirit of the invention, and it is intended that the appended claims cover such variations and modifications as fall within the true spirit of the invention.
Claims (14)
1. A knowledge-driven regression detection method for shell-added codes is characterized by comprising the following steps:
establishing a characteristic comprehensive database, and acquiring a to-be-detected shell-added sample;
placing the decompressed codes of the to-be-detected shell-added samples into a sample interpreter for short feature matching, if the matching is successful, decrypting the to-be-detected shell-added samples according to a corresponding decryption algorithm of the short features in an inference machine, extracting the short features from the decrypted data, and inputting the short features into a plaintext knowledge base;
otherwise, extracting features of the shelling sample to be detected directly through an inference machine, and inputting the features into a ciphertext knowledge base.
2. The method of claim 1, wherein the feature synthesis database is comprised of a plaintext knowledge base and a ciphertext knowledge base.
3. The method of claim 1, wherein the short features include feature content and algorithm key location information.
4. The method according to claim 3, wherein the shelled samples to be detected are decrypted according to the corresponding decryption algorithm in the inference engine based on the short features, specifically, the decryption algorithm is matched to the corresponding decryption algorithm according to the feature content and the algorithm key position information in the short features.
5. The method according to claim 1, characterized in that the features of the shelled samples to be detected are extracted directly by an inference engine, specifically:
acquiring corresponding data from the to-be-detected shell-added sample according to the known dynamic characteristics and static characteristics, and setting the score of each characteristic;
respectively calculating the total scores of the dynamic features and the static features according to an entropy weight information method;
performing comprehensive evaluation on the total scores of the dynamic features and the static features by adopting a complex analysis method based on the poiicare measurement, and determining and selecting the dynamic features or the static features;
and taking the selected dynamic characteristics or static characteristics as the characteristics of the to-be-detected shelled sample, and recording the characteristics into a ciphertext knowledge base.
6. The method of claim 1, further comprising, after obtaining the shelled sample to be tested: and extracting the code segment characteristics of the shell sample to be detected, matching the hash value of the characteristics with the existing characteristics in the characteristic comprehensive database, and directly outputting a judgment result if the matching is successful.
7. A knowledge-driven regression detection system for shelled code, comprising:
the database module is used for establishing a characteristic comprehensive database;
the acquisition module acquires a to-be-detected shell sample;
the sample interpreter module is used for putting the decompressed codes of the to-be-detected shell-added samples into the sample interpreter for short feature matching, and if the matching is successful, the short feature matching enters the inference engine module;
the inference engine module is used for decrypting the to-be-detected shell-added sample according to a corresponding decryption algorithm of the short features in the inference engine, extracting the short features from the decrypted data and inputting the short features into a plaintext knowledge base; otherwise, the inference machine directly extracts the characteristics of the shelling sample to be detected and inputs the characteristics into the ciphertext knowledge base.
8. The system of claim 7, wherein the feature synthesis database is comprised of a plaintext knowledge base and a ciphertext knowledge base.
9. The system of claim 7, wherein the short features include feature content and algorithmic key location information.
10. The system according to claim 9, wherein the shelled samples to be detected are decrypted according to the corresponding decryption algorithm in the inference engine based on the short features, specifically, the decryption algorithm is matched to the corresponding decryption algorithm according to the feature content and the algorithm key location information in the short features.
11. The system of claim 7, wherein the feature extraction is performed directly on the shelled samples to be detected by an inference engine, specifically:
acquiring corresponding data from the to-be-detected shell-added sample according to the known dynamic characteristics and static characteristics, and setting the score of each characteristic;
respectively calculating the total scores of the dynamic features and the static features according to an entropy weight information method;
performing comprehensive evaluation on the total scores of the dynamic features and the static features by adopting a complex analysis method based on the poiicare measurement, and determining and selecting the dynamic features or the static features;
and taking the selected dynamic characteristics or static characteristics as the characteristics of the to-be-detected shelled sample, and recording the characteristics into a ciphertext knowledge base.
12. The system of claim 7, further comprising, after obtaining the shelled sample to be tested: and extracting the code segment characteristics of the shell sample to be detected, matching the hash value of the characteristics with the existing characteristics in the characteristic comprehensive database, and directly outputting a judgment result if the matching is successful.
13. A non-transitory computer-readable storage medium having stored thereon a computer program, which when executed by a processor implements the shelled code regression detection method of any one of claims 1-6.
14. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power supply, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and executes the regression detection method of the shelled code according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711067476.7A CN108090353B (en) | 2017-11-03 | 2017-11-03 | Knowledge-driven regression detection method and system for shell-added codes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711067476.7A CN108090353B (en) | 2017-11-03 | 2017-11-03 | Knowledge-driven regression detection method and system for shell-added codes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108090353A CN108090353A (en) | 2018-05-29 |
| CN108090353B true CN108090353B (en) | 2021-09-03 |
Family
ID=62172014
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711067476.7A Active CN108090353B (en) | 2017-11-03 | 2017-11-03 | Knowledge-driven regression detection method and system for shell-added codes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108090353B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109992969B (en) * | 2019-03-25 | 2023-03-21 | 腾讯科技(深圳)有限公司 | Malicious file detection method and device and detection platform |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101547126B (en) * | 2008-03-27 | 2011-10-12 | 北京启明星辰信息技术股份有限公司 | Network virus detecting method based on network data streams and device thereof |
| CA2802065A1 (en) * | 2010-06-22 | 2011-12-29 | Jarad Schiffer | Analysis of a microneutralization assay using curve-fitting constraints |
| CN102184363B (en) * | 2011-05-21 | 2013-09-25 | 电子科技大学 | Automatic software packer shelling method based on comprehensive processing |
| US9143529B2 (en) * | 2011-10-11 | 2015-09-22 | Citrix Systems, Inc. | Modifying pre-existing mobile applications to implement enterprise security policies |
| CN105205398B (en) * | 2015-11-04 | 2018-03-09 | 北京鼎源科技有限公司 | It is a kind of that shell side method is looked into based on APK shell adding software dynamic behaviours |
| CN105989252B (en) * | 2015-12-12 | 2018-10-12 | 武汉安天信息技术有限责任公司 | A kind of hulling method and system for function rank shell adding |
| CN107169352A (en) * | 2017-03-22 | 2017-09-15 | 国家计算机网络与信息安全管理中心 | A kind of malware detection method and system based on shell adding file verification sum |
| CN107273741A (en) * | 2017-05-18 | 2017-10-20 | 努比亚技术有限公司 | A kind of system operation method and terminal |
-
2017
- 2017-11-03 CN CN201711067476.7A patent/CN108090353B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108090353A (en) | 2018-05-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104866414B (en) | The test method of application program, apparatus and system | |
| US10200391B2 (en) | Detection of malware in derived pattern space | |
| CN108664364B (en) | Terminal testing method and device | |
| CN109951435B (en) | Equipment identifier providing method and device and risk control method and device | |
| Yang et al. | Detecting android malware by applying classification techniques on images patterns | |
| US11048798B2 (en) | Method for detecting libraries in program binaries | |
| WO2014089744A1 (en) | Method and apparatus for detecting malicious code | |
| CN104978521B (en) | A kind of method and system for realizing malicious code mark | |
| CN104115117A (en) | Automatic synthesis of unit tests for security testing | |
| CN104715194A (en) | Malicious software detection method and device | |
| EP3454244B1 (en) | Authentication method and device, method and device for generating information for authentication | |
| CN112800427A (en) | Webshell detection method and device, electronic equipment and storage medium | |
| CN108090353B (en) | Knowledge-driven regression detection method and system for shell-added codes | |
| Yang et al. | Android malware detection using hybrid analysis and machine learning technique | |
| JP2011243007A (en) | Image processing device, and processing method and program thereof | |
| CN113419971B (en) | Android system service vulnerability detection method and related device | |
| JP5441043B2 (en) | Program, information processing apparatus, and information processing method | |
| US11762730B2 (en) | Selection of outlier-detection programs specific to dataset meta-features | |
| CN111898126B (en) | Android repackaging application detection method based on dynamically acquired user interface | |
| US10133430B2 (en) | Encoding data in capacitive tags | |
| CN108804917B (en) | File detection method and device, electronic equipment and storage medium | |
| JP6425865B1 (en) | Risk analysis device, risk analysis method and risk analysis program | |
| US10691741B2 (en) | Methods and apparatus to detect unconfined view media | |
| US10686813B2 (en) | Methods of determining a file similarity fingerprint | |
| CN105550317B (en) | Method and device for displaying news through news list |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin Hi-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Applicant after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 Room 506, No. 162 Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang Province Applicant before: Harbin Antiy Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road) Applicant after: Antan Technology Group Co.,Ltd. Address before: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road) Applicant before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |