CN108509796A - A kind of detection method and server of risk - Google Patents

A kind of detection method and server of risk Download PDF

Info

Publication number
CN108509796A
CN108509796A CN201710104591.0A CN201710104591A CN108509796A CN 108509796 A CN108509796 A CN 108509796A CN 201710104591 A CN201710104591 A CN 201710104591A CN 108509796 A CN108509796 A CN 108509796A
Authority
CN
China
Prior art keywords
risk
feature
application
data
default
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710104591.0A
Other languages
Chinese (zh)
Other versions
CN108509796B (en
Inventor
邱勤
张滨
赵刚
徐达
袁捷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201710104591.0A priority Critical patent/CN108509796B/en
Publication of CN108509796A publication Critical patent/CN108509796A/en
Application granted granted Critical
Publication of CN108509796B publication Critical patent/CN108509796B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention discloses a kind of detection method of risk and servers, first applies corresponding application code in acquisition terminal, according to the file type of application code and default application code, the feature of risk vector set between the corresponding different file types of the first application is established;When the first application is run mode, the operation data of the first application is obtained, according to operation data and preset boundary strategy, first is established and applies corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging feature of risk data;The active user's behavioral data for acting on the first application is obtained, according to active user's behavioral data and default risk model, first is established and applies corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior;According to feature of risk vector set, feature of risk data acquisition system and feature of risk behavior set, the first application of judgement is based on the polymorphic risk of multidimensional.

Description

A kind of detection method and server of risk
Technical field
The present invention relates to mobile application security field more particularly to the detection methods and server of a kind of risk.
Background technology
With the continuous promotion of the development and terminal soft and hardware ability of mobile communication technology, the business of mobile application carrying Range and professional ability are increasingly extensive and abundant, it has also become are the main entrances of mobile Internet information, so the safety of terminal Problem is increasingly by extensive concern.It is counted according to release mechanism, there are different type difference levels of risk for the mobile application more than 90% Other Security Vulnerability problem, can be utilized by attacker, constitute significant threat to enterprise operation and user's right, therefore compel to be essential Mobile application vulnerability analysis ability and means are established, mobile application security risk are taken precautions against, to ensure enterprise mobile application Safe operation.
Currently, existing technological means mainly by static nature code extractive technique, feature of risk matching technique and Static nature code extractive technique is combined the vulnerability analysis that equal several methods carry out mobile application with feature of risk matching technique.
In the implementation of the present invention, inventor has found that at least there are the following problems in the prior art:
When carrying out the vulnerability analysis of mobile application using static nature code extractive technique, need previously according to empirical data Feature recognition model and characteristic matching model are established, risk identification ranging from known art is thus defined;Meanwhile static nature Code extractive technique and feature of risk matching technique acquire the static code feature from mobile application, therefore lack to mobile application The collection apparatus of dynamic behaviour feature and stream compression defines the ranging from static fragility of risk identification, to cause Limitation when carrying out risk supervision to mobile application and monistic defect.
Invention content
In order to solve the above technical problems, an embodiment of the present invention is intended to provide a kind of detection method of risk and server, It can be by defining the feature of risk mapping relations under the first application various dimensions multimode, structure feature of risk identification path and wind Dangerous decision tree carries out mobile application to solve limitation when risk detection and monistic defect.
In order to achieve the above objectives, the technical solution of the embodiment of the present invention is realized in:
An embodiment of the present invention provides a kind of detection method of risk, the method includes:
First applies corresponding application code in acquisition terminal, according to the file of the application code and default application code Type establishes the feature of risk vector set between the corresponding different file types of first application;
When first application is run mode, the operation data of first application is obtained, according to the operation data With preset boundary strategy, establishes described first and apply corresponding feature of risk data acquisition system;Wherein, the preset boundary strategy is used In judgement feature of risk data;
The active user's behavioral data for acting on first application is obtained, according to active user's behavioral data and in advance If risk model, establishes described first and apply corresponding feature of risk behavior set;Wherein, the default risk model is for sentencing Determine feature of risk behavior;
According to the feature of risk vector set, the feature of risk data acquisition system and the feature of risk behavior collection It closes, judgement first application is based on the polymorphic risk of multidimensional.
In the above scheme, the file type according to the application code and default application code establishes described Feature of risk vector set between the corresponding different file types of one application, including:
That extracts first application applies sample, and obtains the application code using sample;
It is never vectorial with each feature of risk is extracted in the corresponding application code of file type;
According to each feature of risk vector, establishes described first and apply the corresponding feature of risk vector set.
In the above scheme, described according to the operation data and preset boundary strategy, it establishes first application and corresponds to Feature of risk data acquisition system, including:
The operation data is monitored, the corresponding call parameters of the operation data are obtained;
When the call parameters are not belonging to default call parameters range, by the corresponding operation number of the call parameters According to being determined as risk data;
According to the risk data, establishes described first and apply the corresponding feature of risk data acquisition system.
In the above scheme, described according to active user's behavioral data and default risk model, establish described first Using corresponding feature of risk behavior set, including:
According to default multidirectional amount integration algorithm, the corresponding current grayvalue of active user's behavioral data is obtained;
According to the current grayvalue and the default risk model, the behavior wind of active user's behavioral data is determined Dangerous result;
According to the behaviorist risk as a result, establishing described first applies the corresponding feature of risk behavior set.
In the above scheme, described according to the user behavior data and default risk model, establish first application Before corresponding feature of risk behavior set, the method for establishing the default risk model includes:
According to existing historical behavior data, default training pattern and multidirectional amount integration algorithm is preset, obtains positive sample pair Corresponding second gray value interval of the first gray value interval and negative sample answered;Wherein, the positive sample is the historical behavior The behavioral data sample of devoid of risk in data, the negative sample are risky behavioral data sample in the historical behavior data This;
It is corresponded to according to the positive sample and corresponding first gray value interval of the positive sample, the negative sample and negative sample The second gray value interval, determine the correspondence of risk and gray value;
According to the correspondence of the risk and gray value, the default risk model is established.
In the above scheme, described according to the feature of risk vector set, the feature of risk data acquisition system and institute Feature of risk behavior set is stated, judges first application based on the polymorphic risk of multidimensional, including:
According to the feature of risk vector set, the feature of risk data acquisition system and the feature of risk behavior collection It closes, determines that described first applies the polymorphic feature of risk mapping relations of corresponding multidimensional;
Described first, which is established, according to the polymorphic feature of risk mapping relations of the multidimensional applies corresponding risk decision rule;
Judge first application based on the polymorphic risk of multidimensional according to the risk decision rule.
In the above scheme, the file type of the default application code, including:Configuration file, code file, resource text Part.
An embodiment of the present invention provides a kind of server, the server includes establishing unit and judging unit,
It is described to establish unit, apply corresponding application code for obtaining in terminal first, according to the application code and The file type of default application code establishes the feature of risk vector set between the corresponding different file types of first application It closes;And when first application is run mode, obtain the operation data of first application, according to the operation data and Preset boundary strategy establishes described first and applies corresponding feature of risk data acquisition system;Wherein, the preset boundary strategy is used for Judge feature of risk data;And the active user's behavioral data for acting on first application is obtained, according to the current use Family behavioral data and default risk model establish described first and apply corresponding feature of risk behavior set;Wherein, described default Risk model is for judging the feature of risk behavior;
The judging unit, for according to the feature of risk vector set, the feature of risk data acquisition system and institute Feature of risk behavior set is stated, judgement first application is based on the polymorphic risk of multidimensional.
In the above scheme, the unit of establishing applies sample specifically for extraction first application, and obtains institute State the application code using sample;It is never vectorial with each feature of risk is extracted in the corresponding application code of file type;Root According to each feature of risk vector, the feature of risk vector set is established.
In the above scheme, the unit of establishing specifically is additionally operable to monitor the operation data, obtains the operation data Corresponding call parameters;When the call parameters are not belonging to default call parameters range, by the corresponding institute of the call parameters It states operation data and is determined as the feature of risk data;According to the risk data, it is corresponding described to establish first application First applies the corresponding feature of risk data acquisition system.
In the above scheme, described to establish unit specifically also according to default multidirectional amount integration algorithm, obtain the current use The corresponding current grayvalue of family behavioral data;According to the current grayvalue and the default risk model, determine described current The behaviorist risk result of user behavior data;According to the behaviorist risk as a result, establishing described first applies the corresponding wind Dangerous characteristic behavior set.
In the above scheme, the server further includes acquiring unit and determination unit,
The acquiring unit, for being integrated according to existing historical behavior data, default training pattern and default multidirectional amount Algorithm obtains corresponding first gray value interval of positive sample and corresponding second gray value interval of negative sample;Wherein, the positive sample This is the behavioral data sample of devoid of risk in the historical behavior data, and the negative sample is to have wind in the historical behavior data The behavioral data sample of danger;
The determination unit, for according to the positive sample and corresponding first gray value interval of the positive sample, negative sample This second gray value interval corresponding with the negative sample, determines the correspondence of risk and gray value;
It is described to establish unit, it is additionally operable to the correspondence according to the risk and gray value, establishes the default risk Model.
In the above scheme, the judging unit is specifically used for special according to the feature of risk vector set, the risk Data acquisition system and the feature of risk behavior set are levied, determines the polymorphic feature of risk mapping of the corresponding multidimensional of first application Relationship;Described first, which is established, according to the polymorphic feature of risk mapping relations of the multidimensional applies corresponding risk decision rule;According to The risk decision rule judges first application based on the polymorphic risk of multidimensional.
In the above scheme, the file type of the default application code, including:Configuration file, code file, resource text Part.
It can be seen that in the technical solution of the embodiment of the present invention, first applies corresponding application code, root in acquisition terminal According to the file type of application code and default application code, the risk established between the corresponding different file types of the first application is special Sign vector set;When the first application is run mode, the operation data of the first application is obtained, according to operation data and preset boundary Strategy establishes first and applies corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging feature of risk number According to;Active user's behavioral data that acquisition acts on the first application is built according to active user's behavioral data and default risk model Vertical first applies corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior;According to wind Dangerous feature vector set, feature of risk data acquisition system and feature of risk behavior set, the first application of judgement are polymorphic based on multidimensional Risk.It can be seen that the detection method and server of a kind of risk that the embodiment of the present invention proposes, can pass through definition Feature of risk mapping relations under mobile application various dimensions institute state, structure feature of risk identification path and decision in the face of risk tree, from And solve limitation when carrying out risk detection to mobile application and monistic defect;Also, implement simple side Just, it is convenient for popularizing, the scope of application is wider.
Description of the drawings
Fig. 1 is a kind of implementation process schematic diagram one of the detection method for risk that the embodiment of the present invention proposes;
Fig. 2 is a kind of implementation process schematic diagram two of the detection method for risk that the embodiment of the present invention proposes;
Fig. 3 is a kind of implementation process schematic diagram three of the detection method for risk that the embodiment of the present invention proposes;
Fig. 4 is a kind of implementation process schematic diagram four of the detection method for risk that the embodiment of the present invention proposes;
Fig. 5 is a kind of implementation process schematic diagram five of the detection method for risk that the embodiment of the present invention proposes;
Fig. 6 is a kind of implementation process schematic diagram six of the detection method for risk that the embodiment of the present invention proposes;
Fig. 7 is the composed structure schematic diagram one for the server that the embodiment of the present invention proposes;
Fig. 8 is the composed structure schematic diagram two for the server that the embodiment of the present invention proposes.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes.
Embodiment one
Fig. 1 is a kind of implementation process schematic diagram one of the detection method for risk that the embodiment of the present invention proposes, such as Fig. 1 institutes Show, in a specific embodiment of the present invention, the method that server carries out risk detection to the first application in terminal is mainly wrapped Include following steps:
Step 101 obtains in terminal first and applies corresponding application code, according to application code and default application code File type establishes the feature of risk vector set between the corresponding different file types of the first application.
In a specific embodiment of the present invention, first in server acquisition terminal applies corresponding application code, then According to the file type of above application code and pre-set application code, the not identical text for corresponding to above-mentioned first application is established Feature of risk vector set between the application code of part type, wherein above-mentioned first application can be in terminal Mobile application;Above-mentioned server can be detection device that can be to first in terminal using progress risk detection, such as Computer.
Further, in a specific embodiment of the present invention, first application of the server on obtaining terminal is corresponding answers Before code, server needs and terminal to be detected is attached, wherein server can be by a variety of methods and to be checked It surveys device to be attached, for example, server can be by using the modes such as standard USB data line or WIFI and device to be detected It is attached.
Further, in a specific embodiment of the present invention, server with terminal to be detected after being attached, service Device can extract the installation file of application to be detected in terminal to be detected, i.e., the installation file of the first application, then by a variety of Means obtain the corresponding application code of the first application.
It should be noted that in a specific embodiment of the present invention, server can be by using reversal technique, decompiling Dis-assembling obtains first and applies corresponding application code.
It should be noted that in a specific embodiment of the present invention, above application code can be higher-level language code or Assembly code.
In a specific embodiment of the present invention, further, the file type of above-mentioned default application code includes but unlimited In:Configuration file, code file, resource file etc..
It should be noted that in a specific embodiment of the present invention, it is corresponding that server obtains the first application in terminal Then application code establishes the feature of risk vector between the application code for the different file types for corresponding to above-mentioned first application The premise of set carries out when being in resting state based on above-mentioned first application.
Step 102, when the first application is run mode, the operation data of the first application is obtained, according to operation data and pre- If boundary is tactful, establishes first and apply corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging risk spy Levy data.
In a specific embodiment of the present invention, when above-mentioned first application is run mode, server obtains the first application Then operation data can be established first and apply corresponding feature of risk data set according to operation data and preset boundary strategy It closes;Wherein, above-mentioned preset boundary strategy is for judging feature of risk data.
It further, in a specific embodiment of the present invention, can after the operation data that server obtains the first application It is fully transparent to the first application to ensure above-mentioned operation data is carried out implicit security label, do not interfering with the first application just Then often operation can establish first and apply corresponding risk by above-mentioned operation data and pre-set boundary strategy Characteristic set.
It should be noted that in a specific embodiment of the present invention, above-mentioned operation data may include in above-mentioned terminal Operation data in operation data and service end system.
Step 103, acquisition act on active user's behavioral data of the first application, according to active user's behavioral data and in advance If risk model, establishes first and apply corresponding feature of risk behavior set;Wherein, risk model is preset for judging risk spy Sign behavior.
In a specific embodiment of the present invention, when there is user to above-mentioned first application carry out behavior operation, server obtains It is taken as building then according to active user's behavioral data and default risk model for active user's behavioral data of the first application Vertical first applies corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior.
Step 104, according to feature of risk vector set, feature of risk data acquisition system and feature of risk behavior set, sentence Fixed first application is based on the polymorphic risk of multidimensional.
In a specific embodiment of the present invention, server the feature of risk vector set for establishing the first application respectively, It, can be special according to above-mentioned feature of risk vector set, risk after feature of risk data acquisition system and feature of risk behavior set Sign data acquisition system and feature of risk behavior set judge above-mentioned first application based on the polymorphic risk of multidimensional.
Further, in a specific embodiment of the present invention, since when the first application is resting state, server establishes Characterize the feature of risk vector set of the first application of code dimension;When the first application is run mode, characterization is established respectively The feature of risk data acquisition system of first application of data dimension and the first feature of risk behavior applied for characterizing behavior dimension Set, therefore server can be according to above-mentioned feature of risk vector set, feature of risk data acquisition system and feature of risk behavior Set defines under resting state and run mode, and the mapping between code dimension, data dimension and behavior dimension between feature of risk is closed System.Such as:For privacy leakage security risk, there are the configuration of private data access rights, behavior dimensions to exist for code dimension Access the feature of the behavioural characteristic data, data dimension of private data there are mobile application across application boundary transmission private data Data, triple combination establish the privacy concerns with privacy leakage security risk.
A kind of detection method for risk that the embodiment of the present invention proposes obtains the first application corresponding application generation in terminal Code is established according to the file type of application code and default application code between the corresponding different file types of the first application Feature of risk vector set;When first using being run mode, the operation data of the first application is obtained, according to operation data and in advance If boundary is tactful, establishes first and apply corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging risk spy Levy data;The active user's behavioral data for acting on the first application is obtained, according to active user's behavioral data and default risk mould Type establishes first and applies corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior; According to feature of risk vector set, feature of risk data acquisition system and feature of risk behavior set, the first application of judgement is based on more Tie up polymorphic risk.It can be seen that a kind of detection method for risk that the embodiment of the present invention proposes, can be moved by defining The dynamic feature of risk mapping relations using under various dimensions institute state, structure feature of risk identification path and decision in the face of risk tree, to Solve limitation when carrying out risk detection to mobile application and monistic defect;Also, implement it is simple and convenient, Convenient for universal, the scope of application is wider.
Embodiment two
Based on embodiment one, Fig. 2 is that a kind of implementation process of the detection method for risk that the embodiment of the present invention proposes is shown It is intended to two, as shown in Fig. 2, in a specific embodiment of the present invention, server establishes the first corresponding difference of application in terminal The method of feature of risk vector set between file type mainly includes the following steps that:
What step 101a, extraction first was applied applies sample, and obtains the application code using sample.
In a specific embodiment of the present invention, server can extract the application sample of the first application, then obtain application The application code of sample.
Further, in a specific embodiment of the present invention, server with terminal to be detected after being attached, service Device can extract the installation file of application to be detected in terminal to be detected, i.e., the installation file of the first application, then by using Reversal technique, decompiling dis-assembling obtain first and corresponding higher-level language code or assembly code, i.e., the first application are applied to correspond to Application code.
Step 101b, never vectorial with each feature of risk is extracted in the corresponding application code of file type.
In a specific embodiment of the present invention, sample is applied in the first application of extraction, and obtains the application using sample After code, server can be never vectorial with each feature of risk is extracted in the corresponding application code of file type.Wherein, it applies The file type of code includes but not limited to:Configuration file, code file, resource file etc..
Further, in a specific embodiment of the present invention, server can audit configuration file, identify and extract all kinds of The feature vector of known risk.It should be noted that in a specific embodiment of the present invention, server audits configuration file, is Configuration reasonability audit is carried out to the configuration item in configuration file, including the security configuration item of each component, data backup switch are matched The configuration reasonableness check for setting item, debugging switchgear distribution item and each sensitive permission configuration item etc., determines whether that there are safety winds Danger.
Further, in a specific embodiment of the present invention, server can also audit resource file, identify and extract each The feature vector of risk known to class;Server can also audit code file, identify and extract the features of all kinds of known risks to Amount.
Step 101c, it according to each feature of risk vector, establishes first and applies corresponding feature of risk vector set.
In a specific embodiment of the present invention, each feature of risk is extracted in never with the corresponding application code of file type After vector, server can establish above-mentioned first application corresponding feature of risk vector according to above-mentioned each feature of risk vector Set.
Further, in a specific embodiment of the present invention, server can build risk according to each feature of risk vector Vector relations between feature vector, form code dimension first apply corresponding feature of risk vector set.Specifically, needle It is existing between the different characteristic index in each verification field (configuration file, resource file, code file) of code dimension Interior raw incidence relation establishes the vectorial expression way for including characteristic item and characteristic value, and then forms the vector of Expressive Features data Relationship.Vector relations i.e. in mobile application code between the characteristic index of different dimensions.
In conclusion in a specific embodiment of the present invention, 101a-101c, server can be carried first through the above steps Take the first application applies sample, and obtains the application code using sample, then the corresponding application generation never with file type Each feature of risk vector is extracted in code, finally according to each feature of risk vector, establishes the first application corresponding feature of risk vector Set.
Embodiment three
Based on embodiment one, Fig. 3 is that a kind of implementation process of the detection method for risk that the embodiment of the present invention proposes is shown It is intended to three, as shown in figure 3, in a specific embodiment of the present invention, server establishes the first corresponding risk of application in terminal The method of characteristic set mainly includes the following steps that:
Step 102a, operation data is monitored, the corresponding call parameters of operation data are obtained.
In a specific embodiment of the present invention, after the operation data for obtaining the first application, the above-mentioned fortune of monitoring server Then row data obtain the corresponding call parameters of operation data.Wherein, it is fortune that above-mentioned call parameters, which can be above-mentioned first application, When row state, all of running environment can be by the first application call I/O abilities.
It should be noted that in a specific embodiment of the present invention, various actions of the mobile application in run mode, essence On show as calling the I/O of the various abilities of its running environment, management and control is carried out to these I/O abilities, can reach and movement is answered The management and control of data exchange forms the boundary fence of a track data.When mobile application attempts to pass data to using outer, energy It is enough to be arrived by management and control sequential monitoring.
Step 102b, when call parameters are not belonging to default call parameters range, by the corresponding operation data of call parameters It is determined as risk data.
In a specific embodiment of the present invention, after obtaining the corresponding call parameters of operation data, server can root Above-mentioned operation data is judged according to above-mentioned call parameters, specifically, when above-mentioned call parameters are not belonging to default call parameters When range, the corresponding operation data of call parameters is determined as risk data by server.
Further, in a specific embodiment of the present invention, server can establish the management and control called to all I/O, when First application attempts by calling some I/O to call, when passing data to other than application boundary, such as:Written document is sent out short By network data occur for letter to distal end, will be monitored by server.
Further, in a specific embodiment of the present invention, attempt by calling quilt when by the operation data of hidden indicium The I/O abilities for surrounding management and control cross over the boundary of the first application, and when being leaked to except the first application boundary, server triggers boundary is got over The operation data is identified as the risk data of the first application by boundary's event.
Step 102c, it according to risk data, establishes first and applies corresponding feature of risk data acquisition system.
In a specific embodiment of the present invention, after the risk data that the first application is determined, service area can basis Above-mentioned risk data establishes first and applies corresponding feature of risk data acquisition system.
In conclusion in a specific embodiment of the present invention, 102a-102c, server can pass through through the above steps It monitors operation data and obtains the corresponding call parameters of operation data, if call parameters are not belonging to default call parameters range, clothes The corresponding operation data of call parameters is then determined as risk data by business device, and then establishing the first application according to risk data corresponds to Feature of risk data acquisition system.
Example IV
Based on embodiment one, Fig. 4 is that a kind of implementation process of the detection method for risk that the embodiment of the present invention proposes is shown It is intended to four, as shown in figure 4, in a specific embodiment of the present invention, server establishes the first corresponding risk of application in terminal The method of characteristic behavior set mainly includes the following steps that:
Step 103a, according to multidirectional amount integration algorithm is preset, the corresponding current grayvalue of active user's behavioral data is obtained.
In a specific embodiment of the present invention, obtain act on it is described first application active user's behavioral data it Afterwards, server can obtain the corresponding current grayvalue of active user's behavioral data according to default multidirectional amount integration algorithm.
Further, in a specific embodiment of the present invention, server is calculating current use according to multidirectional amount integration algorithm When the corresponding current grayvalue of family behavioral data, above-mentioned current gray level is calculated by taking the method for multidirectional amount weighted average Value.
It should be noted that in a specific embodiment of the present invention, the method that server takes multidirectional amount weighted average During calculating above-mentioned current grayvalue, above-mentioned multidirectional amount can be behavior dimension different user behavioral data it is each to The data of amount;The size of above-mentioned authority credentials, the corresponding venture influence size of behavioral data represented by each vector determines, high-risk Risk corresponds to bigger weight, otherwise permission smaller.
Step 103b, according to current grayvalue and default risk model, the behaviorist risk of active user's behavioral data is determined As a result.
In a specific embodiment of the present invention, after obtaining the corresponding current grayvalue of active user's behavioral data, clothes Business device can determine the behaviorist risk result of active user's behavioral data according to current grayvalue and default risk model.
Further, in a specific embodiment of the present invention, above-mentioned default risk model can be by historical behavior The data of generation calculate its gray value and carry out machine learning, then use positive sample (devoid of risk) or negative sample (risky) into Row training, obtains the high model of accuracy rate.Specifically, above-mentioned model both can be the mapping pass of risk feature and behavioural characteristic System, or the mapping relations of gray value interval and risk feature, wherein the corresponding gray value interval of positive sample is exactly the One gray value interval, the corresponding gray value interval of negative sample are exactly the second gray value interval.
Further, in a specific embodiment of the present invention, if above-mentioned current grayvalue is in the first gray value interval, Then judge that the behaviorist risk result of active user's behavioral data is low;If current grayvalue in the second gray value interval, Judge that the behaviorist risk result of active user's behavioral data is height;Otherwise, it is determined that current grayvalue is neither in the first gray value area In, also not in the second gray value interval, server then needs the characteristic for assisting other dimensions further to be sentenced It is disconnected.
Step 103c, according to behaviorist risk as a result, establishing first applies corresponding feature of risk behavior set.
In a specific embodiment of the present invention, according to current grayvalue and default risk model, active user's row is determined After the behaviorist risk result of data, server can be according to above-mentioned behaviorist risk as a result, establishing first applies corresponding wind Dangerous characteristic behavior set.
In conclusion in a specific embodiment of the present invention, 103a-103c, server can bases through the above steps Preset multidirectional amount integration algorithm, obtain the corresponding current grayvalue of active user's behavioral data, then according to current grayvalue and Default risk model determines the behaviorist risk of active user's behavioral data as a result, and establishing first using corresponding feature of risk Behavior set.
Embodiment five
Based on embodiment one, Fig. 5 is that a kind of implementation process of the detection method for risk that the embodiment of the present invention proposes is shown It is intended to five, as shown in figure 5, in a specific embodiment of the present invention, server establishes the method for presetting risk model and includes mainly Following steps:
Step 201 according to existing historical behavior data, default training pattern and presets multidirectional amount integration algorithm, obtains Corresponding first gray value interval of positive sample and corresponding second gray value interval of negative sample.
In a specific embodiment of the present invention, server can be according to existing historical behavior data, default training pattern With default multidirectional amount integration algorithm, corresponding first gray value interval of positive sample and negative sample corresponding second gray value area are obtained Between.Wherein, above-mentioned positive sample is the behavioral data sample of devoid of risk in historical behavior data, and above-mentioned negative sample is historical behavior number The risky behavioral data sample in.
Step 202, according to corresponding first gray value interval of positive sample and positive sample, negative sample and negative sample corresponding Two gray value intervals determine the correspondence of risk and gray value.
In a specific embodiment of the present invention, corresponding in corresponding first gray value interval of acquisition positive sample and negative sample After second gray value interval, server can according to corresponding first gray value interval of positive sample and positive sample, negative sample and Corresponding second gray value interval of negative sample, determines the correspondence of risk and gray value.
It further, in a specific embodiment of the present invention, can be by the behavioral data of devoid of risk in historical behavior data Corresponding gray value is divided to above-mentioned first gray value interval, meanwhile, by risky behavioral data pair in historical behavior data The gray value answered is divided to above-mentioned second gray value interval, may thereby determine that the correspondence of risk and gray value.
Step 203, according to the correspondence of risk and gray value, establish and preset risk model.
In a specific embodiment of the present invention, after determining the correspondence of risk and gray value, server can be with According to the correspondence of above-mentioned risk and gray value, establishes and preset risk model.
Further, in a specific embodiment of the present invention, when a behavioral data in historical behavior data is corresponding It, can be by the corresponding ash of the behavior data when gray value is not belonging to above-mentioned first gray value interval and above-mentioned second gray value interval Angle value is divided in third gray value interval.
Further, in a specific embodiment of the present invention, server can be according to above-mentioned first gray value interval and right It should be in the behavioral data of the first gray value interval, above-mentioned second gray value interval and corresponding to the behavior number of the second gray value interval According to, above-mentioned third gray value interval and corresponding to the behavioral data of third gray value interval, establishes and preset risk model.
It can be seen that a kind of detection method for risk that the embodiment of the present invention proposes, it can be by defining mobile application Feature of risk mapping relations under various dimensions institute state, structure feature of risk identification path and decision in the face of risk tree, to solve Limitation when risk detection and monistic defect are carried out to mobile application;Also, implement it is simple and convenient, convenient for general And the scope of application is wider.
Embodiment six
Based on embodiment one, Fig. 6 is that a kind of implementation process of the detection method for risk that the embodiment of the present invention proposes is shown It is intended to six, as shown in fig. 6, in a specific embodiment of the present invention, server judges that the first application in terminal is more based on multidimensional The method of the risk of state mainly includes the following steps that:
Step 104a, according to feature of risk vector set, feature of risk data acquisition system and feature of risk behavior set, really Fixed first applies the polymorphic feature of risk mapping relations of corresponding multidimensional.
In a specific embodiment of the present invention, server the feature of risk vector set for establishing the first application respectively, It, can be special according to above-mentioned feature of risk vector set, risk after feature of risk data acquisition system and feature of risk behavior set Data acquisition system and feature of risk behavior set are levied, determines that first applies the polymorphic feature of risk mapping relations of corresponding multidimensional.
Further, in a specific embodiment of the present invention, server can be according to above-mentioned feature of risk vector set, wind Dangerous characteristic set and feature of risk behavior set, are established under resting state and run mode, code dimension, data dimension and row Mapping relations between dimension between feature of risk.Such as:For privacy leakage security risk, there are privacy numbers for code dimension According to the configuration of access rights, behavior dimension, in the presence of accessing, the behavioural characteristic data of private data, there are mobile applications for data dimension The characteristic of private data is transmitted across application boundary, triple combination establishes the privacy concerns with privacy leakage security risk.
Step 104b, it establishes first according to the polymorphic feature of risk mapping relations of multidimensional and applies corresponding risk decision rule.
In a specific embodiment of the present invention, determine the first application corresponding multidimensional polymorphic feature of risk mapping relations it Afterwards, server can be established first and apply corresponding risk decision rule according to the polymorphic feature of risk mapping relations of above-mentioned multidimensional, Wherein, the corresponding risk decision rule of above-mentioned first application can be that a knowledge of risk sex determination is carried out to each feature of risk Other path and corresponding decision tree.
Step 104c, according to the first application of risk decision rule judgement based on the polymorphic risk of multidimensional.
In a specific embodiment of the present invention, the first application correspondence is being established according to the polymorphic feature of risk mapping relations of multidimensional Risk decision rule after, service area can according to risk decision rule judge first application based on the polymorphic risk of multidimensional Property.
It further, in a specific embodiment of the present invention, can basis when carrying out risk sex determination to the first application Above-mentioned risk decision rule, the feature of risk of the corresponding each dimension of the application of comprehensive analysis first.
In conclusion in a specific embodiment of the present invention, 104a-104c, server can bases through the above steps Feature of risk vector set, feature of risk data acquisition system and feature of risk behavior set determine that first applies corresponding multidimensional Then polymorphic feature of risk mapping relations are established first according to the polymorphic feature of risk mapping relations of multidimensional and are sentenced using corresponding risk Set pattern then, finally judges the first application based on the polymorphic risk of multidimensional according to risk decision rule.
Embodiment seven
Fig. 7 is the composed structure schematic diagram one for the server that the embodiment of the present invention proposes, as shown in fig. 7, the present invention's In specific embodiment, the server 1 that risk detection is carried out to the first application in terminal includes establishing unit 11 and judging single Member 12, wherein
Unit 11 is established, for obtaining the first corresponding application code of application in terminal, is answered with default according to application code With the file type of code, the feature of risk vector set between the corresponding different file types of the first application is established;And work as When first application is run mode, the operation data for obtaining the first application establishes first according to operation data and preset boundary strategy Using corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging feature of risk data;And acquisition effect The first application is established according to active user's behavioral data and default risk model in active user's behavioral data of the first application Corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior.
Judging unit 12, for according to feature of risk vector set, feature of risk data acquisition system and feature of risk behavior Set, the first application of judgement is based on the polymorphic risk of multidimensional.
In a specific embodiment of the present invention, further, the application that unit 11 is specifically used for the first application of extraction is established Sample, and obtain the application code using sample;Never with extracted in the corresponding application code of file type each feature of risk to Amount;According to each feature of risk vector, feature of risk vector set is established.
In a specific embodiment of the present invention, further, it establishes unit 11 and is specifically additionally operable to monitoring operation data, obtain The corresponding call parameters of operation data;When call parameters are not belonging to default call parameters range, by the corresponding fortune of call parameters Row data are determined as feature of risk data;According to risk data, it is special to establish the corresponding risk of corresponding first application of the first application Levy data acquisition system.
In a specific embodiment of the present invention, further, establish unit 11 it is specific be additionally operable to it is comprehensive according to multidirectional amount is preset Hop algorithm obtains the corresponding current grayvalue of active user's behavioral data;According to current grayvalue and default risk model, determine The behaviorist risk result of active user's behavioral data;According to behaviorist risk as a result, establishing first applies corresponding feature of risk row For set.
It is the composed structure schematic diagram two for the server that the embodiment of the present invention proposes based on Fig. 7, Fig. 8, as shown in figure 8, In specific embodiments of the present invention, server 1 further includes acquiring unit 13 and determination unit 14, wherein
Acquiring unit 13, for being calculated according to existing historical behavior data, default training pattern and default multidirectional amount synthesis Method obtains corresponding first gray value interval of positive sample and corresponding second gray value interval of negative sample;Wherein, positive sample is to go through The behavioral data sample of devoid of risk in history behavioral data, negative sample are risky behavioral data sample in historical behavior data.
Determination unit 14, for according to corresponding first gray value interval of positive sample and positive sample, negative sample and negative sample Corresponding second gray value interval, determines the correspondence of risk and gray value.
Unit 11 is established, the correspondence according to risk and gray value is additionally operable to, establishes and presets risk model.
In a specific embodiment of the present invention, further, judging unit be specifically used for according to feature of risk vector set, Feature of risk data acquisition system and feature of risk behavior set determine that the polymorphic feature of risk mapping of the first corresponding multidimensional of application is closed System;First, which is established, according to the polymorphic feature of risk mapping relations of multidimensional applies corresponding risk decision rule;Judge to advise according to risk Then the first application of judgement is based on the polymorphic risk of multidimensional.
Unit 11, judging unit 12, acquiring unit 13 and the determination unit 14 provided in an embodiment of the present invention established all may be used To be realized in the form of program code by executing corresponding function by the processor in mobile terminal;It certainly also can be by specific Logic circuit realize;During specific embodiment, processor can be central processing unit (CPU), microprocessor (MPU), digital signal processor (DSP) or field programmable gate array (FPGA) etc.;Above-mentioned server further includes:Memory, The memory can be the storage device with physical form, such as memory bar, TF card, or the circuit with store function, such as Random access memory (RAM), FIFO reservoirs etc..
The server that the embodiment of the present invention proposes obtains the first corresponding application code of application in terminal, according to using generation The file type of code and default application code establishes the feature of risk vector set between the corresponding different file types of the first application It closes;When the first application is run mode, the operation data for obtaining the first application is built according to operation data and preset boundary strategy Vertical first applies corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging feature of risk data;It obtains and makees Active user's behavioral data for the first application is established first and is answered according to active user's behavioral data and default risk model With corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior;According to feature of risk to Duration set, feature of risk data acquisition system and feature of risk behavior set, the first application of judgement is based on the polymorphic risk of multidimensional. It can be seen that the server that the embodiment of the present invention proposes, it can be special by defining the risk under mobile application various dimensions institute state Mapping relations, structure feature of risk identification path and decision in the face of risk tree are levied, risk inspection is carried out to mobile application to solve Limitation when survey and monistic defect;Also, implement simple and convenient, convenient for universal, the scope of application is wider.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program Product.Therefore, the shape of hardware embodiment, software implementation or embodiment combining software and hardware aspects can be used in the present invention Formula.Moreover, the present invention can be used can use storage in the computer that one or more wherein includes computer usable program code The form for the computer program product implemented on medium (including but not limited to magnetic disk storage and optical memory etc.).
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.

Claims (14)

1. a kind of detection method of risk, which is characterized in that the method includes:
First applies corresponding application code in acquisition terminal, according to the files classes of the application code and default application code Type establishes the feature of risk vector set between the corresponding different file types of first application;
When described first using being run mode, the operation data of first application is obtained, according to the operation data and in advance If boundary is tactful, establishes described first and apply corresponding feature of risk data acquisition system;Wherein, the preset boundary strategy is for sentencing Determine feature of risk data;
The active user's behavioral data for acting on first application is obtained, according to active user's behavioral data and default wind Dangerous model establishes described first and applies corresponding feature of risk behavior set;Wherein, the default risk model is for judging wind Dangerous characteristic behavior;
According to the feature of risk vector set, the feature of risk data acquisition system and the feature of risk behavior set, sentence Fixed first application is based on the polymorphic risk of multidimensional.
2. according to the method described in claim 1, it is characterized in that, described according to the application code and default application code File type establishes the feature of risk vector set between the corresponding different file types of first application, including:
That extracts first application applies sample, and obtains the application code using sample;
It is never vectorial with each feature of risk is extracted in the corresponding application code of file type;
According to each feature of risk vector, establishes described first and apply the corresponding feature of risk vector set.
3. according to the method described in claim 1, it is characterized in that, described according to the operation data and preset boundary strategy, It establishes described first and applies corresponding feature of risk data acquisition system, including:
The operation data is monitored, the corresponding call parameters of the operation data are obtained;
It is when the call parameters are not belonging to default call parameters range, the corresponding operation data of the call parameters is true It is set to risk data;
According to the risk data, establishes described first and apply the corresponding feature of risk data acquisition system.
4. according to the method described in claim 1, it is characterized in that, described according to active user's behavioral data and default wind Dangerous model establishes described first and applies corresponding feature of risk behavior set, including:
According to default multidirectional amount integration algorithm, the corresponding current grayvalue of active user's behavioral data is obtained;
According to the current grayvalue and the default risk model, the behaviorist risk knot of active user's behavioral data is determined Fruit;
According to the behaviorist risk as a result, establishing described first applies the corresponding feature of risk behavior set.
5. according to the method described in claim 1, it is characterized in that, described according to the user behavior data and default risk mould Type is established before the corresponding feature of risk behavior set of first application, and the method for establishing the default risk model includes:
According to existing historical behavior data, default training pattern and multidirectional amount integration algorithm is preset, it is corresponding to obtain positive sample First gray value interval and corresponding second gray value interval of negative sample;Wherein, the positive sample is the historical behavior data The behavioral data sample of middle devoid of risk, the negative sample are risky behavioral data sample in the historical behavior data;
According to the positive sample and corresponding first gray value interval of the positive sample, the negative sample and negative sample corresponding Two gray value intervals determine the correspondence of risk and gray value;
According to the correspondence of the risk and gray value, the default risk model is established.
6. according to the method described in claim 1, it is characterized in that, described according to the feature of risk vector set, the wind Dangerous characteristic set and the feature of risk behavior set, judgement described first are applied based on the polymorphic risk of multidimensional, Including:
According to the feature of risk vector set, the feature of risk data acquisition system and the feature of risk behavior set, really Fixed described first applies the polymorphic feature of risk mapping relations of corresponding multidimensional;
Described first, which is established, according to the polymorphic feature of risk mapping relations of the multidimensional applies corresponding risk decision rule;
Judge first application based on the polymorphic risk of multidimensional according to the risk decision rule.
7. according to the method described in claim 1, it is characterized in that, the file type of the default application code, including:Configuration File, code file, resource file.
8. a kind of server, which is characterized in that the server includes establishing unit and judging unit,
It is described to establish unit, for obtaining the first corresponding application code of application in terminal, according to the application code and preset The file type of application code establishes the feature of risk vector set between the corresponding different file types of first application; And when described first using being run mode, the operation data of first application is obtained, according to the operation data and in advance If boundary is tactful, establishes described first and apply corresponding feature of risk data acquisition system;Wherein, the preset boundary strategy is for sentencing Determine feature of risk data;And the active user's behavioral data for acting on first application is obtained, according to the active user Behavioral data and default risk model establish described first and apply corresponding feature of risk behavior set;Wherein, the default wind Dangerous model is for judging the feature of risk behavior;
The judging unit, for according to the feature of risk vector set, the feature of risk data acquisition system and the wind Dangerous characteristic behavior set, judgement first application is based on the polymorphic risk of multidimensional.
9. server according to claim 8, which is characterized in that the unit of establishing is answered specifically for extraction described first Sample is applied, and obtains the application code using sample;Never with file type in corresponding application code Extract each feature of risk vector;According to each feature of risk vector, the feature of risk vector set is established.
10. server according to claim 8, which is characterized in that the unit of establishing specifically is additionally operable to monitor the fortune Row data obtain the corresponding call parameters of the operation data;When the call parameters are not belonging to default call parameters range, The corresponding operation data of the call parameters is determined as the feature of risk data;According to the risk data, establish The corresponding feature of risk data acquisition system is applied in first application corresponding described first.
11. server according to claim 8, which is characterized in that the unit of establishing specifically is additionally operable to according to default more Vectorial integration algorithm obtains the corresponding current grayvalue of active user's behavioral data;According to the current grayvalue and institute Default risk model is stated, determines the behaviorist risk result of active user's behavioral data;According to the behaviorist risk as a result, building Vertical described first applies the corresponding feature of risk behavior set.
12. server according to claim 8, which is characterized in that the server further includes acquiring unit and determines single Member,
The acquiring unit is used for according to existing historical behavior data, default training pattern and presets multidirectional amount integration algorithm, Obtain corresponding first gray value interval of positive sample and corresponding second gray value interval of negative sample;Wherein, the positive sample is The behavioral data sample of devoid of risk in the historical behavior data, the negative sample are risky in the historical behavior data Behavioral data sample;
The determination unit, for according to the positive sample and corresponding first gray value interval of the positive sample, negative sample and Corresponding second gray value interval of the negative sample, determines the correspondence of risk and gray value;
It is described to establish unit, it is additionally operable to the correspondence according to the risk and gray value, establishes the default risk model.
13. server according to claim 8, which is characterized in that the judging unit is specifically used for according to the risk Feature vector set, the feature of risk data acquisition system and the feature of risk behavior set determine first application pair The polymorphic feature of risk mapping relations of multidimensional answered;First application is established according to the polymorphic feature of risk mapping relations of the multidimensional Corresponding risk decision rule;Judge first application based on the polymorphic risk of multidimensional according to the risk decision rule.
14. server according to claim 8, which is characterized in that the file type of the default application code, including: Configuration file, code file, resource file.
CN201710104591.0A 2017-02-24 2017-02-24 Method for detecting risk and server Active CN108509796B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710104591.0A CN108509796B (en) 2017-02-24 2017-02-24 Method for detecting risk and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710104591.0A CN108509796B (en) 2017-02-24 2017-02-24 Method for detecting risk and server

Publications (2)

Publication Number Publication Date
CN108509796A true CN108509796A (en) 2018-09-07
CN108509796B CN108509796B (en) 2022-02-11

Family

ID=63372755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710104591.0A Active CN108509796B (en) 2017-02-24 2017-02-24 Method for detecting risk and server

Country Status (1)

Country Link
CN (1) CN108509796B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110390198A (en) * 2019-07-31 2019-10-29 阿里巴巴集团控股有限公司 Risk method for inspecting, device and the electronic equipment of a kind of pair of small routine
CN113254932A (en) * 2021-06-16 2021-08-13 百度在线网络技术(北京)有限公司 Application program risk detection method and device, electronic equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927483A (en) * 2014-04-04 2014-07-16 西安电子科技大学 Decision model used for detecting malicious programs and detecting method of malicious programs
CN104376258A (en) * 2014-11-20 2015-02-25 工业和信息化部电信研究院 Safety risk detecting method and device for Android application program
CN104866763A (en) * 2015-05-28 2015-08-26 天津大学 Permission-based Android malicious software hybrid detection method
CN105205396A (en) * 2015-10-15 2015-12-30 上海交通大学 Detecting system for Android malicious code based on deep learning and method thereof
CN105893848A (en) * 2016-04-27 2016-08-24 南京邮电大学 Precaution method for Android malicious application program based on code behavior similarity matching

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927483A (en) * 2014-04-04 2014-07-16 西安电子科技大学 Decision model used for detecting malicious programs and detecting method of malicious programs
CN104376258A (en) * 2014-11-20 2015-02-25 工业和信息化部电信研究院 Safety risk detecting method and device for Android application program
CN104866763A (en) * 2015-05-28 2015-08-26 天津大学 Permission-based Android malicious software hybrid detection method
CN105205396A (en) * 2015-10-15 2015-12-30 上海交通大学 Detecting system for Android malicious code based on deep learning and method thereof
CN105893848A (en) * 2016-04-27 2016-08-24 南京邮电大学 Precaution method for Android malicious application program based on code behavior similarity matching

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110390198A (en) * 2019-07-31 2019-10-29 阿里巴巴集团控股有限公司 Risk method for inspecting, device and the electronic equipment of a kind of pair of small routine
CN110390198B (en) * 2019-07-31 2023-09-29 创新先进技术有限公司 Risk inspection method and device for small program and electronic equipment
CN113254932A (en) * 2021-06-16 2021-08-13 百度在线网络技术(北京)有限公司 Application program risk detection method and device, electronic equipment and medium
CN113254932B (en) * 2021-06-16 2024-02-27 百度在线网络技术(北京)有限公司 Application risk detection method and device, electronic equipment and medium

Also Published As

Publication number Publication date
CN108509796B (en) 2022-02-11

Similar Documents

Publication Publication Date Title
JP6732806B2 (en) Account theft risk identification method, identification device, and prevention/control system
CN112395159B (en) Log detection method, system, device and medium
CN105376255B (en) A kind of Android platform intrusion detection method based on K-means cluster
CN107659543B (en) Protection method for APT (android packet) attack of cloud platform
CN109446817A (en) A kind of detection of big data and auditing system
CN106709345A (en) Deep learning method-based method and system for deducing malicious code rules and equipment
CN106230773A (en) Risk evaluating system based on fuzzy matrix analytic hierarchy process (AHP)
CN110213236B (en) Method for determining business safety risk, electronic equipment and computer storage medium
CN107180190A (en) A kind of Android malware detection method and system based on composite character
CN104915600B (en) A kind of Android application securitys methods of risk assessment and device
CN111522746B (en) Data processing method, device, equipment and computer readable storage medium
CN107689954A (en) Power information system monitoring method and device
CN109564609A (en) It mitigates and corrects using the detection of the computer attack of advanced computers decision-making platform
CN116366374B (en) Security assessment method, system and medium for power grid network management based on big data
CN110324323A (en) A kind of new energy plant stand relates to net end real-time, interactive process exception detection method and system
CN105956469A (en) Method and device for identifying file security
CN104320271B (en) A kind of network equipment safety evaluation method and device
CN107330345A (en) A kind of method and apparatus for detecting private data leakage
CN113946560A (en) Database security management method and system
CN105939200A (en) Method and system for performing network security risk evaluation by utilizing expert system
CN110009224A (en) Suspect's violation probability prediction technique, device, computer equipment and storage medium
CN106529283A (en) Software defined network-oriented controller security quantitative analysis method
CN107612927B (en) Safety detection method for power dispatching automation system
CN102521496A (en) Method and system for acquiring importance levels of evaluation indexes
CN109101820A (en) A kind of Web application security breaches prediction technique based on execution flowchart

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant