CN108256328A - Identify the method and device of counterfeit application - Google Patents
Identify the method and device of counterfeit application Download PDFInfo
- Publication number
- CN108256328A CN108256328A CN201711476647.1A CN201711476647A CN108256328A CN 108256328 A CN108256328 A CN 108256328A CN 201711476647 A CN201711476647 A CN 201711476647A CN 108256328 A CN108256328 A CN 108256328A
- Authority
- CN
- China
- Prior art keywords
- application
- counterfeit
- tested
- target
- legal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000009434 installation Methods 0.000 claims description 10
- 244000035744 Hura crepitans Species 0.000 claims description 8
- 238000000605 extraction Methods 0.000 claims description 5
- 101150053844 APP1 gene Proteins 0.000 description 2
- 101100189105 Homo sapiens PABPC4 gene Proteins 0.000 description 2
- 102100039424 Polyadenylate-binding protein 4 Human genes 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of method and devices for identifying counterfeit application, are related to security technology area, can recognize that counterfeit application.The method of the present invention mainly includes:Extract the application feature of application to be measured;It is compared described using feature with the application feature of legal application each in legal application library, determines target legal copy application only identical with the certain applications feature of the application to be measured;The uniform resource position mark URL asked when intercepting and capturing using the application to be measured;By the way that the URL is matched with the domain name that the target legal copy is applied, whether the identification application to be measured is counterfeit application.The present invention is mainly suitable in the scene for identifying true and false application.
Description
Technical Field
The invention relates to the technical field of security, in particular to a method and a device for identifying counterfeit applications.
Background
With the rapid development of mobile terminals, the variety and quantity of application software are greatly increased. At present, not only various software such as video software, chat software, game software and shopping software are available, but also specific software unique to each software is developed by different manufacturers, for example, shopping software includes various specific software such as tianmao, jingdong and guicheng.
However, counterfeit applications similar to the genuine applications exist in the mass of application software, lawless persons try to profit by luring users to use the counterfeit applications, and at present, the fraud behaviors are rampant all the time. Therefore, how to efficiently and accurately identify whether an application is a counterfeit application becomes increasingly important.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for identifying counterfeit applications, which aims to identify counterfeit applications.
The purpose of the invention is realized by adopting the following technical scheme:
in a first aspect, the present invention provides a method of identifying a counterfeit application, the method comprising:
extracting application characteristics of the application to be detected;
comparing the application characteristics with the application characteristics of each legal application in a legal application library, and determining a target legal application which is only the same as part of the application characteristics of the application to be detected;
intercepting a Uniform Resource Locator (URL) requested when the application to be tested is used;
and identifying whether the application to be detected is a counterfeit application or not by matching the URL with the domain name of the target genuine application.
Optionally, the identifying whether the application to be tested is a counterfeit application by matching the URL with the domain name of the target genuine application includes:
matching all the intercepted URLs with the domain names of the target legal applications respectively;
if the number of the URLs successfully matched with the domain name is larger than or equal to a preset threshold value, determining that the application to be tested is not a counterfeit application;
and if the number of URLs successfully matched with the domain name of each target legal application is smaller than the preset threshold value, determining that the application to be tested is a counterfeit application.
Optionally, after determining that the application to be tested is a counterfeit application, the method further includes:
when only one target original application exists, determining the target original application as the application counterfeit to the application to be tested;
when a plurality of target legal applications exist, respectively calculating the similarity between the application name of the application to be tested and the application name of the target legal application and the similarity between the application icon of the application to be tested and the application icon of the target legal application; and determining the target legal edition application with the maximum sum of the two similarities as the application of the application to be tested counterfeit.
Optionally, the application characteristics include an application name, an application unique identifier, an application icon, and an installation certificate.
Optionally, the intercepting the URL requested when using the application to be tested includes:
and intercepting the URL requested by the application to be tested when the application to be tested is used in the sandbox environment.
Optionally, the method further includes:
and when the application to be tested is determined to be the counterfeit application, outputting alarm prompt information for indicating that the application to be tested is the counterfeit application.
In a second aspect, the present invention provides an apparatus for identifying counterfeit applications, the apparatus comprising:
the extraction unit is used for extracting application characteristics of the application to be detected;
the determining unit is used for comparing the application characteristics with the application characteristics of each legal application in a legal application library and determining a target legal application which is only the same as part of the application characteristics of the application to be detected;
the interception unit is used for intercepting a Uniform Resource Locator (URL) requested when the application to be detected is used;
and the identification unit is used for identifying whether the application to be detected is a counterfeit application or not by matching the URL with the domain name of the target genuine application.
Optionally, the identification unit includes:
the matching module is used for respectively matching all the intercepted URLs with the domain names of the target legal applications;
the determining module is used for determining that the application to be tested is not a counterfeit application when the number of the URLs successfully matched with the domain name is larger than or equal to a preset threshold; and when the number of URLs successfully matched with the domain name of each target legal application is smaller than the preset threshold value, determining that the application to be tested is a counterfeit application.
Optionally, the determining unit is further configured to, after determining that the application to be tested is a counterfeit application, determine, when only one target genuine application is available, the target genuine application as a counterfeit application of the application to be tested;
the device further comprises:
the calculation unit is used for respectively calculating the similarity between the application name of the application to be detected and the application name of the target copyright application and the similarity between the application icon of the application to be detected and the application icon of the target copyright application when a plurality of target copyright applications exist;
the determining unit is further configured to determine the target original application with the largest sum of the two similarities as the application counterfeit to the application to be tested.
Optionally, the application characteristics include an application name, an application unique identifier, an application icon, and an installation certificate.
Optionally, the intercepting unit is configured to intercept a URL requested by the application to be tested when the application to be tested is used in a sandbox environment.
In a third aspect, the present invention provides a storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the method of identifying a counterfeit application according to the first aspect.
In a fourth aspect, the present invention provides an electronic device comprising a storage medium and a processor;
the processor is suitable for realizing instructions;
the storage medium adapted to store a plurality of instructions;
the instructions are adapted to be loaded by the processor and to perform the method of identifying a counterfeit application as described in the first aspect.
By means of the technical scheme, the method and the device for identifying counterfeit applications provided by the invention can extract the application characteristics of the application to be detected, then compare the application characteristics with the corresponding application characteristics of each genuine application in the genuine application library respectively, quickly screen out the target genuine applications which are possibly counterfeit by the application to be detected from a large number of genuine applications, and then accurately identify whether the application to be detected is the counterfeit application or not by matching the URL (Uniform Resource Locator) of the application request to be detected with the domain name of the target genuine application.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow chart illustrating a method of identifying a counterfeit application provided by an embodiment of the present invention;
FIG. 2 is a flow chart illustrating another method for identifying counterfeit applications provided by embodiments of the present invention;
FIG. 3 is a block diagram illustrating components of an apparatus for identifying counterfeit applications in accordance with an embodiment of the present invention;
fig. 4 is a block diagram illustrating another apparatus for identifying counterfeit applications according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The embodiment of the invention provides a method for identifying counterfeit applications, which mainly comprises the following steps of:
101. and extracting the application characteristics of the application to be detected.
Wherein the application features include, but are not limited to: an application name, an application unique identifier, an application icon, and an installation certificate. In practical applications, the application package name is mainly used to uniquely identify an application. In addition, the application to be tested may be an application installed on the terminal, an application that is not installed after the installation package is downloaded, an application in an application store or an application manager, or an application in a web page.
102. And comparing the application characteristics with the application characteristics of each legal application in a legal application library, and determining the target legal application which is only the same as part of the application characteristics of the application to be detected.
Before the application to be detected is identified, each application characteristic of each legal application can be acquired through an official channel and then stored in a legal application library. When the unknown application needs to be identified, each application characteristic of the application to be detected can be compared with the corresponding application characteristic of each legal application in the legal application library respectively, and whether the corresponding application characteristics are the same or not is determined; when determining that each application characteristic of the application to be tested is the same as each application characteristic of a certain legal application in a one-to-one correspondence manner, determining that the application to be tested is the legal application; when determining that each application characteristic of the application to be tested is not the same as the corresponding application characteristic in the legal version library, determining that the application to be tested is an application which is not in the legal version application library; when it is determined that only part of the application features of the application to be tested are the same as the application features of a certain genuine application, it may be determined that the application to be tested may be a counterfeit application of the genuine application, and therefore the genuine application that the application to be tested may be counterfeit may be recorded, so that the application to be tested may be accurately identified by performing step 103 in the following.
For example, the application name of the application to be tested is APP1, the unique application identifier is com.abc.www, the application icon is icon 1, the installation certificate is certificate 1, the application name of a certain legal application is APP1, the unique application identifier is com.efg.www, the application icon is icon 2, and the installation certificate is certificate 2, it can be known through comparison of application characteristics that the application name of the application to be tested is the same as the application name of the legal application, but other characteristics are different, so that it can be determined that the application to be tested is likely to be a pirate application pretending to be the legal application, and the legal application can be recorded, so that the application to be tested can be accurately identified in detail based on other information of the legal application in the following.
103. And intercepting the URL requested when the application to be tested is used.
Because the information submitted by the user is generally obtained by modifying the calling interface in the genuine application, and the change of the calling interface means the change of the access website, whether the application to be tested is the counterfeit application can be accurately judged by identifying whether the URL is changed.
In order to obtain a request which may be sent by an application to be tested, and thus extract a URL in the request, the application to be tested may be placed in a sandbox environment, and then the application to be tested is continuously used in the sandbox environment.
104. And identifying whether the application to be detected is a counterfeit application or not by matching the URL with the domain name of the target genuine application.
After all URLs which are possibly visited by the application to be tested are obtained, each URL can be matched with the domain name of the target legal application, and when the domain name is contained in a certain URL, the URL and the domain name can be determined to be successfully matched; when the domain name is not included in the URL, it may be determined that the URL fails to match the domain name. And after matching each URL with the domain name of the target legal application, judging whether the application to be tested is a counterfeit application or not according to the matching success rate. Wherein the domain name of the legal application can be obtained from the official website of the software application provider.
The method for identifying counterfeit applications provided by the embodiment of the invention can extract the application characteristics of the applications to be detected, then compare the application characteristics with the corresponding application characteristics of each genuine application in the genuine application library respectively, quickly screen out target genuine applications which are possible to be counterfeited by the applications to be detected from a large number of genuine applications, and then accurately identify whether the applications to be detected are counterfeit applications or not by matching the URL of the application request to be detected with the domain name of the target genuine applications.
Further, according to the method shown in fig. 1, another embodiment of the present invention further provides a method for identifying a counterfeit application, as shown in fig. 2, the method mainly includes:
201. and extracting the application characteristics of the application to be detected.
The specific implementation manner of this step is the same as that of step 101 described above, and is not described herein again.
202. And comparing the application characteristics with the application characteristics of each legal application in a legal application library, and determining the target legal application which is only the same as part of the application characteristics of the application to be detected.
The specific implementation manner of this step is the same as that of step 102 described above, and is not described herein again.
203. And intercepting the URL requested when the application to be tested is used.
The specific implementation manner of this step is the same as that of step 103 described above, and is not described herein again.
204. And identifying whether the application to be detected is a counterfeit application or not by matching the URL with the domain name of the target genuine application.
In the above embodiment, it is mentioned that whether the application to be tested is a counterfeit application may be determined by a matching success rate of all URLs of the application to be tested and a domain name of the target genuine application, and therefore a specific implementation manner of this step may be: matching all the intercepted URLs with the domain names of the target legal applications respectively; if the number of the URLs successfully matched with the domain name is larger than or equal to a preset threshold value, determining that the application to be tested is not a counterfeit application; and if the number of URLs successfully matched with the domain name of each target legal application is smaller than the preset threshold value, determining that the application to be tested is a counterfeit application. Since one application may access the website under another domain name due to operations such as embedding advertisements, the matching success rate is not necessarily set to 100%, and may be set above a certain threshold, and the preset threshold may be obtained according to actual experience statistics.
In addition, after the application to be tested is determined to be the counterfeit application, which genuine application the application to be tested specifically counterfeits can be determined, so that a user is reminded of downloading and using the application. Specifically, when only one target genuine application is available, the target genuine application can be directly determined as the counterfeit application of the application to be tested; when a plurality of target genuine applications exist, since the counterfeit application is generally downloaded and installed by visually deceiving the user through the application name and the application icon of the counterfeit genuine application, the similarity between the application name of the application to be tested and the application name of the target genuine application and the similarity between the application icon of the application to be tested and the application icon of the target genuine application can be calculated respectively, and then the target genuine application with the largest sum of the two similarities is determined as the counterfeit application of the application to be tested.
205. And when the application to be tested is determined to be the counterfeit application, outputting alarm prompt information for indicating that the application to be tested is the counterfeit application.
When the application to be tested is determined to be the counterfeit application, alarm prompt information can be output so as to remind a user who installs the counterfeit application of unloading the counterfeit application in time and remind a user who does not install the counterfeit application of not installing the counterfeit application. In addition, after determining which application the genuine application counterfeit by the application to be tested belongs to, the alarm prompt message may be added with the application characteristics and the domain name of the genuine application counterfeit by the application to be tested so as to remind the user that the genuine application is downloaded and installed subsequently.
The method for identifying the counterfeit application provided by the embodiment of the invention not only can efficiently and accurately identify whether the unknown application is the counterfeit application, but also can determine which genuine application the unknown application is counterfeit by comparing the similarity with the application name and the application icon of the genuine application, and can give an alarm prompt message to a user when determining that the unknown application is the counterfeit application, so as to prevent the user from being continuously cheated.
Further, according to the above method embodiment, another embodiment of the present invention further provides an apparatus for identifying counterfeit applications, as shown in fig. 3, the apparatus mainly includes: an extraction unit 31, a determination unit 32, an interception unit 33 and a recognition unit 34. Wherein,
an extraction unit 31, configured to extract application features of an application to be tested;
a determining unit 32, configured to compare the application characteristics with application characteristics of each original application in an original application library, and determine a target original application that is only the same as part of the application characteristics of the application to be detected;
an intercepting unit 33, configured to intercept a uniform resource locator URL requested when the application to be tested is used;
and the identifying unit 34 is configured to identify whether the application to be tested is a counterfeit application by matching the URL with the domain name of the target genuine application.
Optionally, as shown in fig. 4, the identifying unit 34 includes:
a matching module 341, configured to match all the intercepted URLs with the domain names of the target genuine applications respectively;
the determining module 342 is configured to determine that the application to be tested is not a counterfeit application when the number of URLs successfully matched with the domain name is greater than or equal to a preset threshold; and when the number of URLs successfully matched with the domain name of each target legal application is smaller than the preset threshold value, determining that the application to be tested is a counterfeit application.
Optionally, the determining unit 32 is further configured to, after determining that the application to be tested is a counterfeit application, determine, when there is only one target genuine application, that the target genuine application is a counterfeit application of the application to be tested;
as shown in fig. 4, the apparatus further includes:
the calculating unit 35 is configured to, when there are multiple target genuine applications, respectively calculate similarity between an application name of the application to be detected and the application name of the target genuine application, and similarity between an application icon of the application to be detected and the application icon of the target genuine application;
the determining unit 32 is further configured to determine the target genuine application with the largest sum of the two similarities as the application counterfeit to the application to be tested.
Optionally, the application characteristics include an application name, an application unique identifier, an application icon, and an installation certificate.
Optionally, the capturing unit 33 is configured to capture a URL requested by the application to be tested when the application to be tested is used in a sandbox environment.
Optionally, as shown in fig. 4, the apparatus further includes:
and the output unit 36 is configured to output alarm prompt information indicating that the application to be tested is a counterfeit application when it is determined that the application to be tested is the counterfeit application.
The device for identifying counterfeit applications, provided by the embodiment of the invention, can extract the application characteristics of the applications to be detected, then compare the application characteristics with the corresponding application characteristics of each genuine application in the genuine application library respectively, quickly screen out target genuine applications which are possible to be counterfeited by the applications to be detected from a large number of genuine applications, and then accurately identify whether the applications to be detected are counterfeit applications or not by matching the URL of the application request to be detected with the domain name of the target genuine applications. In addition, the method can also determine which genuine application the unknown application counterfeits through similarity comparison with the application name and the application icon of the genuine application, and can also give a warning prompt message to the user when determining that the unknown application is the counterfeit application so as to prevent the user from being cheated.
Further, according to the above method embodiment, another embodiment of the present invention further provides a storage medium storing a plurality of instructions, the instructions being adapted to be loaded by a processor and to execute the method for identifying a counterfeit application as described above.
The instruction stored in the storage medium provided by the embodiment of the invention can extract the application characteristics of the application to be tested, then compare the application characteristics with the corresponding application characteristics of each genuine application in the genuine application library respectively, quickly screen out the target genuine application which is possible to be counterfeited by the application to be tested from a large number of genuine applications, and then accurately identify whether the application to be tested is the counterfeit application or not by matching the URL of the application request to be tested with the domain name of the target genuine application. In addition, the method can also determine which genuine application the unknown application counterfeits through similarity comparison with the application name and the application icon of the genuine application, and can also give a warning prompt message to the user when determining that the unknown application is the counterfeit application so as to prevent the user from being cheated.
Further, according to the above method embodiment, another embodiment of the present invention also provides an electronic device, which includes a storage medium and a processor;
the processor is suitable for realizing instructions;
the storage medium adapted to store a plurality of instructions;
the instructions are adapted to be loaded by the processor and to perform the method of identifying a counterfeit application as described above.
The electronic equipment provided by the embodiment of the invention can extract the application characteristics of the application to be tested, then compares the application characteristics with the corresponding application characteristics of each legal application in the legal application library respectively, quickly screens out target legal applications which are possible to be counterfeited by the application to be tested from a large number of legal applications, and then accurately identifies whether the application to be tested is the counterfeit application or not by matching the URL of the application request to be tested with the domain name of the target legal application. In addition, the method can also determine which genuine application the unknown application counterfeits through similarity comparison with the application name and the application icon of the genuine application, and can also give a warning prompt message to the user when determining that the unknown application is the counterfeit application so as to prevent the user from being cheated.
The embodiment of the invention also provides the following steps:
a1, a method of identifying counterfeit applications, the method comprising:
extracting application characteristics of the application to be detected;
comparing the application characteristics with the application characteristics of each legal application in a legal application library, and determining a target legal application which is only the same as part of the application characteristics of the application to be detected;
intercepting a Uniform Resource Locator (URL) requested when the application to be tested is used;
and identifying whether the application to be detected is a counterfeit application or not by matching the URL with the domain name of the target genuine application.
A2, according to the method in A1, the identifying whether the application to be tested is a counterfeit application by matching the URL with the domain name of the target genuine application includes:
matching all the intercepted URLs with the domain names of the target legal applications respectively;
if the number of the URLs successfully matched with the domain name is larger than or equal to a preset threshold value, determining that the application to be tested is not a counterfeit application;
and if the number of URLs successfully matched with the domain name of each target legal application is smaller than the preset threshold value, determining that the application to be tested is a counterfeit application.
A3, after determining that the application under test is a counterfeit application, the method of A2, further comprising:
when only one target original application exists, determining the target original application as the application counterfeit to the application to be tested;
when a plurality of target legal applications exist, respectively calculating the similarity between the application name of the application to be tested and the application name of the target legal application and the similarity between the application icon of the application to be tested and the application icon of the target legal application; and determining the target legal edition application with the maximum sum of the two similarities as the application of the application to be tested counterfeit.
A4, the method according to A1, the application features including an application name, an application unique identifier, an application icon, and an installation certificate.
A5, according to the method in A1, the intercepting a URL requested when using the application under test comprises:
and intercepting the URL requested by the application to be tested when the application to be tested is used in the sandbox environment.
A6, the method of any one of A1 to A5, the method further comprising:
and when the application to be tested is determined to be the counterfeit application, outputting alarm prompt information for indicating that the application to be tested is the counterfeit application.
B7, an apparatus for identifying counterfeit applications, the apparatus comprising:
the extraction unit is used for extracting application characteristics of the application to be detected;
the determining unit is used for comparing the application characteristics with the application characteristics of each legal application in a legal application library and determining a target legal application which is only the same as part of the application characteristics of the application to be detected;
the interception unit is used for intercepting a Uniform Resource Locator (URL) requested when the application to be detected is used;
and the identification unit is used for identifying whether the application to be detected is a counterfeit application or not by matching the URL with the domain name of the target genuine application.
B8, the apparatus according to B7, the identification unit comprising:
the matching module is used for respectively matching all the intercepted URLs with the domain names of the target legal applications;
the determining module is used for determining that the application to be tested is not a counterfeit application when the number of the URLs successfully matched with the domain name is larger than or equal to a preset threshold; and when the number of URLs successfully matched with the domain name of each target legal application is smaller than the preset threshold value, determining that the application to be tested is a counterfeit application.
B9, the apparatus according to B8, the determining unit further configured to determine the target genuine application as an application that is a counterfeit of the application to be tested when only one target genuine application is present after determining that the application to be tested is a counterfeit application;
the device further comprises:
the calculation unit is used for respectively calculating the similarity between the application name of the application to be detected and the application name of the target copyright application and the similarity between the application icon of the application to be detected and the application icon of the target copyright application when a plurality of target copyright applications exist;
the determining unit is further configured to determine the target original application with the largest sum of the two similarities as the application counterfeit to the application to be tested.
B10, the apparatus according to B7, the application features including an application name, an application unique identifier, an application icon, and an installation certificate.
B11, the device according to B7, the interception unit is used for intercepting the URL requested by the application to be tested when the application to be tested is used in a sandbox environment.
B12, the apparatus according to any one of B7 to B11, further comprising:
and the output unit is used for outputting alarm prompt information for indicating that the application to be tested is the counterfeit application when the application to be tested is determined to be the counterfeit application.
C13, a storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform a method of identifying a counterfeit application as described in any one of a1-a 6.
D14, an electronic device comprising a storage medium and a processor;
the processor is suitable for realizing instructions;
the storage medium adapted to store a plurality of instructions;
the instructions are adapted to be loaded by the processor and to perform a method of identifying a counterfeit application as described in any of a1-a 6.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method and apparatus described above are referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components of the method and apparatus for identifying counterfeit applications according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (10)
1. A method of identifying counterfeit applications, the method comprising:
extracting application characteristics of the application to be detected;
comparing the application characteristics with the application characteristics of each legal application in a legal application library, and determining a target legal application which is only the same as part of the application characteristics of the application to be detected;
intercepting a Uniform Resource Locator (URL) requested when the application to be tested is used;
and identifying whether the application to be detected is a counterfeit application or not by matching the URL with the domain name of the target genuine application.
2. The method of claim 1, wherein identifying whether the application under test is a counterfeit application by matching the URL with a domain name of the target genuine application comprises:
matching all the intercepted URLs with the domain names of the target legal applications respectively;
if the number of the URLs successfully matched with the domain name is larger than or equal to a preset threshold value, determining that the application to be tested is not a counterfeit application;
and if the number of URLs successfully matched with the domain name of each target legal application is smaller than the preset threshold value, determining that the application to be tested is a counterfeit application.
3. The method of claim 2, wherein after determining that the application under test is a counterfeit application, the method further comprises:
when only one target original application exists, determining the target original application as the application counterfeit to the application to be tested;
when a plurality of target legal applications exist, respectively calculating the similarity between the application name of the application to be tested and the application name of the target legal application and the similarity between the application icon of the application to be tested and the application icon of the target legal application; and determining the target legal edition application with the maximum sum of the two similarities as the application of the application to be tested counterfeit.
4. The method of claim 1, wherein the application characteristics comprise an application name, an application unique identifier, an application icon, and an installation certificate.
5. The method of claim 1, wherein the intercepting a Uniform Resource Locator (URL) requested while using the application under test comprises:
and intercepting the URL requested by the application to be tested when the application to be tested is used in the sandbox environment.
6. The method according to any one of claims 1 to 5, further comprising:
and when the application to be tested is determined to be the counterfeit application, outputting alarm prompt information for indicating that the application to be tested is the counterfeit application.
7. An apparatus for identifying counterfeit applications, the apparatus comprising:
the extraction unit is used for extracting application characteristics of the application to be detected;
the determining unit is used for comparing the application characteristics with the application characteristics of each legal application in a legal application library and determining a target legal application which is only the same as part of the application characteristics of the application to be detected;
the interception unit is used for intercepting a Uniform Resource Locator (URL) requested when the application to be detected is used;
and the identification unit is used for identifying whether the application to be detected is a counterfeit application or not by matching the URL with the domain name of the target genuine application.
8. The apparatus of claim 7, wherein the identification unit comprises:
the matching module is used for respectively matching all the intercepted URLs with the domain names of the target legal applications;
the determining module is used for determining that the application to be tested is not a counterfeit application when the number of the URLs successfully matched with the domain name is larger than or equal to a preset threshold; and when the number of URLs successfully matched with the domain name of each target legal application is smaller than the preset threshold value, determining that the application to be tested is a counterfeit application.
9. A storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform a method of identifying a counterfeit application according to any one of claims 1 to 6.
10. An electronic device, comprising a storage medium and a processor;
the processor is suitable for realizing instructions;
the storage medium adapted to store a plurality of instructions;
the instructions are adapted to be loaded by the processor and to perform a method of identifying a counterfeit application according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711476647.1A CN108256328A (en) | 2017-12-29 | 2017-12-29 | Identify the method and device of counterfeit application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711476647.1A CN108256328A (en) | 2017-12-29 | 2017-12-29 | Identify the method and device of counterfeit application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108256328A true CN108256328A (en) | 2018-07-06 |
Family
ID=62724595
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711476647.1A Pending CN108256328A (en) | 2017-12-29 | 2017-12-29 | Identify the method and device of counterfeit application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108256328A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109684788A (en) * | 2018-12-29 | 2019-04-26 | 上海上讯信息技术股份有限公司 | A kind of mobile application channel monitoring system and method Internet-based |
| CN110135153A (en) * | 2018-11-01 | 2019-08-16 | 哈尔滨安天科技股份有限公司 | The credible detection method and device of software |
| CN113434826A (en) * | 2021-07-23 | 2021-09-24 | 公安部第三研究所 | Detection method and system for counterfeit mobile application and related products |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104657634A (en) * | 2015-02-28 | 2015-05-27 | 百度在线网络技术(北京)有限公司 | Method and device for identifying pirate application |
| CN104951675A (en) * | 2014-03-31 | 2015-09-30 | 北京金山网络科技有限公司 | Pirate application recognition method and system |
| CN105426706A (en) * | 2015-11-20 | 2016-03-23 | 北京奇虎科技有限公司 | Pirate application detection method, device and system |
| CN107038173A (en) * | 2016-02-04 | 2017-08-11 | 腾讯科技(深圳)有限公司 | Application query method and apparatus, similar application detection method and device |
| CN107222369A (en) * | 2017-07-07 | 2017-09-29 | 北京小米移动软件有限公司 | Recognition methods, device, switch and the storage medium of application program |
-
2017
- 2017-12-29 CN CN201711476647.1A patent/CN108256328A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104951675A (en) * | 2014-03-31 | 2015-09-30 | 北京金山网络科技有限公司 | Pirate application recognition method and system |
| CN104657634A (en) * | 2015-02-28 | 2015-05-27 | 百度在线网络技术(北京)有限公司 | Method and device for identifying pirate application |
| CN105426706A (en) * | 2015-11-20 | 2016-03-23 | 北京奇虎科技有限公司 | Pirate application detection method, device and system |
| CN107038173A (en) * | 2016-02-04 | 2017-08-11 | 腾讯科技(深圳)有限公司 | Application query method and apparatus, similar application detection method and device |
| CN107222369A (en) * | 2017-07-07 | 2017-09-29 | 北京小米移动软件有限公司 | Recognition methods, device, switch and the storage medium of application program |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110135153A (en) * | 2018-11-01 | 2019-08-16 | 哈尔滨安天科技股份有限公司 | The credible detection method and device of software |
| CN109684788A (en) * | 2018-12-29 | 2019-04-26 | 上海上讯信息技术股份有限公司 | A kind of mobile application channel monitoring system and method Internet-based |
| CN113434826A (en) * | 2021-07-23 | 2021-09-24 | 公安部第三研究所 | Detection method and system for counterfeit mobile application and related products |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| US10904286B1 (en) | Detection of phishing attacks using similarity analysis | |
| CN104935605B (en) | The detection method of fishing website, apparatus and system | |
| US20140380469A1 (en) | Method and device for detecting software-tampering | |
| CN109376078B (en) | Mobile application testing method, terminal equipment and medium | |
| CN106469261B (en) | Identity verification method and device | |
| JP5802848B2 (en) | Computer-implemented method, non-temporary computer-readable medium and computer system for identifying Trojanized applications (apps) for mobile environments | |
| CN108183900B (en) | Method, server, system, terminal device and storage medium for detecting mining script | |
| CN109492378A (en) | A kind of auth method based on EIC equipment identification code, server and medium | |
| CN113726780B (en) | Network monitoring method and device based on situation awareness and electronic equipment | |
| CN110138727A (en) | The information searching method and device that the shell that rebounds is connected to the network | |
| CN111385270A (en) | WAF-based network attack detection method and device | |
| CN111191243B (en) | Vulnerability detection method, vulnerability detection device and storage medium | |
| CN108256328A (en) | Identify the method and device of counterfeit application | |
| CN113079157A (en) | Method and device for acquiring network attacker position and electronic equipment | |
| CN114157568B (en) | Browser secure access method, device, equipment and storage medium | |
| CN113497807A (en) | Method and device for detecting user login risk and computer readable storage medium | |
| CN109271228A (en) | Interface function recognition methods, device and the electronic equipment of application | |
| CN104052630B (en) | The method and system of verifying is executed to website | |
| CN111191240A (en) | Method, device and equipment for collecting Internet electronic evidence | |
| CN111385272A (en) | Weak password detection method and device | |
| CN104699619B (en) | The method and apparatus tested on line | |
| CN106650439A (en) | Suspicious application program detection method and device | |
| CN113794731A (en) | Method, device, equipment and medium for identifying disguised attack based on CDN flow | |
| CN108156048A (en) | It is a kind of to realize the method and apparatus that application crashes information is obtained in complex scene |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180706 |