CN108509796A - A kind of detection method and server of risk - Google Patents
A kind of detection method and server of risk Download PDFInfo
- Publication number
- CN108509796A CN108509796A CN201710104591.0A CN201710104591A CN108509796A CN 108509796 A CN108509796 A CN 108509796A CN 201710104591 A CN201710104591 A CN 201710104591A CN 108509796 A CN108509796 A CN 108509796A
- Authority
- CN
- China
- Prior art keywords
- risk
- feature
- application
- data
- default
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention discloses a kind of detection method of risk and servers, first applies corresponding application code in acquisition terminal, according to the file type of application code and default application code, the feature of risk vector set between the corresponding different file types of the first application is established;When the first application is run mode, the operation data of the first application is obtained, according to operation data and preset boundary strategy, first is established and applies corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging feature of risk data;The active user's behavioral data for acting on the first application is obtained, according to active user's behavioral data and default risk model, first is established and applies corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior;According to feature of risk vector set, feature of risk data acquisition system and feature of risk behavior set, the first application of judgement is based on the polymorphic risk of multidimensional.
Description
Technical field
The present invention relates to mobile application security field more particularly to the detection methods and server of a kind of risk.
Background technology
With the continuous promotion of the development and terminal soft and hardware ability of mobile communication technology, the business of mobile application carrying
Range and professional ability are increasingly extensive and abundant, it has also become are the main entrances of mobile Internet information, so the safety of terminal
Problem is increasingly by extensive concern.It is counted according to release mechanism, there are different type difference levels of risk for the mobile application more than 90%
Other Security Vulnerability problem, can be utilized by attacker, constitute significant threat to enterprise operation and user's right, therefore compel to be essential
Mobile application vulnerability analysis ability and means are established, mobile application security risk are taken precautions against, to ensure enterprise mobile application
Safe operation.
Currently, existing technological means mainly by static nature code extractive technique, feature of risk matching technique and
Static nature code extractive technique is combined the vulnerability analysis that equal several methods carry out mobile application with feature of risk matching technique.
In the implementation of the present invention, inventor has found that at least there are the following problems in the prior art:
When carrying out the vulnerability analysis of mobile application using static nature code extractive technique, need previously according to empirical data
Feature recognition model and characteristic matching model are established, risk identification ranging from known art is thus defined;Meanwhile static nature
Code extractive technique and feature of risk matching technique acquire the static code feature from mobile application, therefore lack to mobile application
The collection apparatus of dynamic behaviour feature and stream compression defines the ranging from static fragility of risk identification, to cause
Limitation when carrying out risk supervision to mobile application and monistic defect.
Invention content
In order to solve the above technical problems, an embodiment of the present invention is intended to provide a kind of detection method of risk and server,
It can be by defining the feature of risk mapping relations under the first application various dimensions multimode, structure feature of risk identification path and wind
Dangerous decision tree carries out mobile application to solve limitation when risk detection and monistic defect.
In order to achieve the above objectives, the technical solution of the embodiment of the present invention is realized in:
An embodiment of the present invention provides a kind of detection method of risk, the method includes:
First applies corresponding application code in acquisition terminal, according to the file of the application code and default application code
Type establishes the feature of risk vector set between the corresponding different file types of first application;
When first application is run mode, the operation data of first application is obtained, according to the operation data
With preset boundary strategy, establishes described first and apply corresponding feature of risk data acquisition system;Wherein, the preset boundary strategy is used
In judgement feature of risk data;
The active user's behavioral data for acting on first application is obtained, according to active user's behavioral data and in advance
If risk model, establishes described first and apply corresponding feature of risk behavior set;Wherein, the default risk model is for sentencing
Determine feature of risk behavior;
According to the feature of risk vector set, the feature of risk data acquisition system and the feature of risk behavior collection
It closes, judgement first application is based on the polymorphic risk of multidimensional.
In the above scheme, the file type according to the application code and default application code establishes described
Feature of risk vector set between the corresponding different file types of one application, including:
That extracts first application applies sample, and obtains the application code using sample;
It is never vectorial with each feature of risk is extracted in the corresponding application code of file type;
According to each feature of risk vector, establishes described first and apply the corresponding feature of risk vector set.
In the above scheme, described according to the operation data and preset boundary strategy, it establishes first application and corresponds to
Feature of risk data acquisition system, including:
The operation data is monitored, the corresponding call parameters of the operation data are obtained;
When the call parameters are not belonging to default call parameters range, by the corresponding operation number of the call parameters
According to being determined as risk data;
According to the risk data, establishes described first and apply the corresponding feature of risk data acquisition system.
In the above scheme, described according to active user's behavioral data and default risk model, establish described first
Using corresponding feature of risk behavior set, including:
According to default multidirectional amount integration algorithm, the corresponding current grayvalue of active user's behavioral data is obtained;
According to the current grayvalue and the default risk model, the behavior wind of active user's behavioral data is determined
Dangerous result;
According to the behaviorist risk as a result, establishing described first applies the corresponding feature of risk behavior set.
In the above scheme, described according to the user behavior data and default risk model, establish first application
Before corresponding feature of risk behavior set, the method for establishing the default risk model includes:
According to existing historical behavior data, default training pattern and multidirectional amount integration algorithm is preset, obtains positive sample pair
Corresponding second gray value interval of the first gray value interval and negative sample answered;Wherein, the positive sample is the historical behavior
The behavioral data sample of devoid of risk in data, the negative sample are risky behavioral data sample in the historical behavior data
This;
It is corresponded to according to the positive sample and corresponding first gray value interval of the positive sample, the negative sample and negative sample
The second gray value interval, determine the correspondence of risk and gray value;
According to the correspondence of the risk and gray value, the default risk model is established.
In the above scheme, described according to the feature of risk vector set, the feature of risk data acquisition system and institute
Feature of risk behavior set is stated, judges first application based on the polymorphic risk of multidimensional, including:
According to the feature of risk vector set, the feature of risk data acquisition system and the feature of risk behavior collection
It closes, determines that described first applies the polymorphic feature of risk mapping relations of corresponding multidimensional;
Described first, which is established, according to the polymorphic feature of risk mapping relations of the multidimensional applies corresponding risk decision rule;
Judge first application based on the polymorphic risk of multidimensional according to the risk decision rule.
In the above scheme, the file type of the default application code, including:Configuration file, code file, resource text
Part.
An embodiment of the present invention provides a kind of server, the server includes establishing unit and judging unit,
It is described to establish unit, apply corresponding application code for obtaining in terminal first, according to the application code and
The file type of default application code establishes the feature of risk vector set between the corresponding different file types of first application
It closes;And when first application is run mode, obtain the operation data of first application, according to the operation data and
Preset boundary strategy establishes described first and applies corresponding feature of risk data acquisition system;Wherein, the preset boundary strategy is used for
Judge feature of risk data;And the active user's behavioral data for acting on first application is obtained, according to the current use
Family behavioral data and default risk model establish described first and apply corresponding feature of risk behavior set;Wherein, described default
Risk model is for judging the feature of risk behavior;
The judging unit, for according to the feature of risk vector set, the feature of risk data acquisition system and institute
Feature of risk behavior set is stated, judgement first application is based on the polymorphic risk of multidimensional.
In the above scheme, the unit of establishing applies sample specifically for extraction first application, and obtains institute
State the application code using sample;It is never vectorial with each feature of risk is extracted in the corresponding application code of file type;Root
According to each feature of risk vector, the feature of risk vector set is established.
In the above scheme, the unit of establishing specifically is additionally operable to monitor the operation data, obtains the operation data
Corresponding call parameters;When the call parameters are not belonging to default call parameters range, by the corresponding institute of the call parameters
It states operation data and is determined as the feature of risk data;According to the risk data, it is corresponding described to establish first application
First applies the corresponding feature of risk data acquisition system.
In the above scheme, described to establish unit specifically also according to default multidirectional amount integration algorithm, obtain the current use
The corresponding current grayvalue of family behavioral data;According to the current grayvalue and the default risk model, determine described current
The behaviorist risk result of user behavior data;According to the behaviorist risk as a result, establishing described first applies the corresponding wind
Dangerous characteristic behavior set.
In the above scheme, the server further includes acquiring unit and determination unit,
The acquiring unit, for being integrated according to existing historical behavior data, default training pattern and default multidirectional amount
Algorithm obtains corresponding first gray value interval of positive sample and corresponding second gray value interval of negative sample;Wherein, the positive sample
This is the behavioral data sample of devoid of risk in the historical behavior data, and the negative sample is to have wind in the historical behavior data
The behavioral data sample of danger;
The determination unit, for according to the positive sample and corresponding first gray value interval of the positive sample, negative sample
This second gray value interval corresponding with the negative sample, determines the correspondence of risk and gray value;
It is described to establish unit, it is additionally operable to the correspondence according to the risk and gray value, establishes the default risk
Model.
In the above scheme, the judging unit is specifically used for special according to the feature of risk vector set, the risk
Data acquisition system and the feature of risk behavior set are levied, determines the polymorphic feature of risk mapping of the corresponding multidimensional of first application
Relationship;Described first, which is established, according to the polymorphic feature of risk mapping relations of the multidimensional applies corresponding risk decision rule;According to
The risk decision rule judges first application based on the polymorphic risk of multidimensional.
In the above scheme, the file type of the default application code, including:Configuration file, code file, resource text
Part.
It can be seen that in the technical solution of the embodiment of the present invention, first applies corresponding application code, root in acquisition terminal
According to the file type of application code and default application code, the risk established between the corresponding different file types of the first application is special
Sign vector set;When the first application is run mode, the operation data of the first application is obtained, according to operation data and preset boundary
Strategy establishes first and applies corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging feature of risk number
According to;Active user's behavioral data that acquisition acts on the first application is built according to active user's behavioral data and default risk model
Vertical first applies corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior;According to wind
Dangerous feature vector set, feature of risk data acquisition system and feature of risk behavior set, the first application of judgement are polymorphic based on multidimensional
Risk.It can be seen that the detection method and server of a kind of risk that the embodiment of the present invention proposes, can pass through definition
Feature of risk mapping relations under mobile application various dimensions institute state, structure feature of risk identification path and decision in the face of risk tree, from
And solve limitation when carrying out risk detection to mobile application and monistic defect;Also, implement simple side
Just, it is convenient for popularizing, the scope of application is wider.
Description of the drawings
Fig. 1 is a kind of implementation process schematic diagram one of the detection method for risk that the embodiment of the present invention proposes;
Fig. 2 is a kind of implementation process schematic diagram two of the detection method for risk that the embodiment of the present invention proposes;
Fig. 3 is a kind of implementation process schematic diagram three of the detection method for risk that the embodiment of the present invention proposes;
Fig. 4 is a kind of implementation process schematic diagram four of the detection method for risk that the embodiment of the present invention proposes;
Fig. 5 is a kind of implementation process schematic diagram five of the detection method for risk that the embodiment of the present invention proposes;
Fig. 6 is a kind of implementation process schematic diagram six of the detection method for risk that the embodiment of the present invention proposes;
Fig. 7 is the composed structure schematic diagram one for the server that the embodiment of the present invention proposes;
Fig. 8 is the composed structure schematic diagram two for the server that the embodiment of the present invention proposes.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes.
Embodiment one
Fig. 1 is a kind of implementation process schematic diagram one of the detection method for risk that the embodiment of the present invention proposes, such as Fig. 1 institutes
Show, in a specific embodiment of the present invention, the method that server carries out risk detection to the first application in terminal is mainly wrapped
Include following steps:
Step 101 obtains in terminal first and applies corresponding application code, according to application code and default application code
File type establishes the feature of risk vector set between the corresponding different file types of the first application.
In a specific embodiment of the present invention, first in server acquisition terminal applies corresponding application code, then
According to the file type of above application code and pre-set application code, the not identical text for corresponding to above-mentioned first application is established
Feature of risk vector set between the application code of part type, wherein above-mentioned first application can be in terminal
Mobile application;Above-mentioned server can be detection device that can be to first in terminal using progress risk detection, such as
Computer.
Further, in a specific embodiment of the present invention, first application of the server on obtaining terminal is corresponding answers
Before code, server needs and terminal to be detected is attached, wherein server can be by a variety of methods and to be checked
It surveys device to be attached, for example, server can be by using the modes such as standard USB data line or WIFI and device to be detected
It is attached.
Further, in a specific embodiment of the present invention, server with terminal to be detected after being attached, service
Device can extract the installation file of application to be detected in terminal to be detected, i.e., the installation file of the first application, then by a variety of
Means obtain the corresponding application code of the first application.
It should be noted that in a specific embodiment of the present invention, server can be by using reversal technique, decompiling
Dis-assembling obtains first and applies corresponding application code.
It should be noted that in a specific embodiment of the present invention, above application code can be higher-level language code or
Assembly code.
In a specific embodiment of the present invention, further, the file type of above-mentioned default application code includes but unlimited
In:Configuration file, code file, resource file etc..
It should be noted that in a specific embodiment of the present invention, it is corresponding that server obtains the first application in terminal
Then application code establishes the feature of risk vector between the application code for the different file types for corresponding to above-mentioned first application
The premise of set carries out when being in resting state based on above-mentioned first application.
Step 102, when the first application is run mode, the operation data of the first application is obtained, according to operation data and pre-
If boundary is tactful, establishes first and apply corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging risk spy
Levy data.
In a specific embodiment of the present invention, when above-mentioned first application is run mode, server obtains the first application
Then operation data can be established first and apply corresponding feature of risk data set according to operation data and preset boundary strategy
It closes;Wherein, above-mentioned preset boundary strategy is for judging feature of risk data.
It further, in a specific embodiment of the present invention, can after the operation data that server obtains the first application
It is fully transparent to the first application to ensure above-mentioned operation data is carried out implicit security label, do not interfering with the first application just
Then often operation can establish first and apply corresponding risk by above-mentioned operation data and pre-set boundary strategy
Characteristic set.
It should be noted that in a specific embodiment of the present invention, above-mentioned operation data may include in above-mentioned terminal
Operation data in operation data and service end system.
Step 103, acquisition act on active user's behavioral data of the first application, according to active user's behavioral data and in advance
If risk model, establishes first and apply corresponding feature of risk behavior set;Wherein, risk model is preset for judging risk spy
Sign behavior.
In a specific embodiment of the present invention, when there is user to above-mentioned first application carry out behavior operation, server obtains
It is taken as building then according to active user's behavioral data and default risk model for active user's behavioral data of the first application
Vertical first applies corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior.
Step 104, according to feature of risk vector set, feature of risk data acquisition system and feature of risk behavior set, sentence
Fixed first application is based on the polymorphic risk of multidimensional.
In a specific embodiment of the present invention, server the feature of risk vector set for establishing the first application respectively,
It, can be special according to above-mentioned feature of risk vector set, risk after feature of risk data acquisition system and feature of risk behavior set
Sign data acquisition system and feature of risk behavior set judge above-mentioned first application based on the polymorphic risk of multidimensional.
Further, in a specific embodiment of the present invention, since when the first application is resting state, server establishes
Characterize the feature of risk vector set of the first application of code dimension;When the first application is run mode, characterization is established respectively
The feature of risk data acquisition system of first application of data dimension and the first feature of risk behavior applied for characterizing behavior dimension
Set, therefore server can be according to above-mentioned feature of risk vector set, feature of risk data acquisition system and feature of risk behavior
Set defines under resting state and run mode, and the mapping between code dimension, data dimension and behavior dimension between feature of risk is closed
System.Such as:For privacy leakage security risk, there are the configuration of private data access rights, behavior dimensions to exist for code dimension
Access the feature of the behavioural characteristic data, data dimension of private data there are mobile application across application boundary transmission private data
Data, triple combination establish the privacy concerns with privacy leakage security risk.
A kind of detection method for risk that the embodiment of the present invention proposes obtains the first application corresponding application generation in terminal
Code is established according to the file type of application code and default application code between the corresponding different file types of the first application
Feature of risk vector set;When first using being run mode, the operation data of the first application is obtained, according to operation data and in advance
If boundary is tactful, establishes first and apply corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging risk spy
Levy data;The active user's behavioral data for acting on the first application is obtained, according to active user's behavioral data and default risk mould
Type establishes first and applies corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior;
According to feature of risk vector set, feature of risk data acquisition system and feature of risk behavior set, the first application of judgement is based on more
Tie up polymorphic risk.It can be seen that a kind of detection method for risk that the embodiment of the present invention proposes, can be moved by defining
The dynamic feature of risk mapping relations using under various dimensions institute state, structure feature of risk identification path and decision in the face of risk tree, to
Solve limitation when carrying out risk detection to mobile application and monistic defect;Also, implement it is simple and convenient,
Convenient for universal, the scope of application is wider.
Embodiment two
Based on embodiment one, Fig. 2 is that a kind of implementation process of the detection method for risk that the embodiment of the present invention proposes is shown
It is intended to two, as shown in Fig. 2, in a specific embodiment of the present invention, server establishes the first corresponding difference of application in terminal
The method of feature of risk vector set between file type mainly includes the following steps that:
What step 101a, extraction first was applied applies sample, and obtains the application code using sample.
In a specific embodiment of the present invention, server can extract the application sample of the first application, then obtain application
The application code of sample.
Further, in a specific embodiment of the present invention, server with terminal to be detected after being attached, service
Device can extract the installation file of application to be detected in terminal to be detected, i.e., the installation file of the first application, then by using
Reversal technique, decompiling dis-assembling obtain first and corresponding higher-level language code or assembly code, i.e., the first application are applied to correspond to
Application code.
Step 101b, never vectorial with each feature of risk is extracted in the corresponding application code of file type.
In a specific embodiment of the present invention, sample is applied in the first application of extraction, and obtains the application using sample
After code, server can be never vectorial with each feature of risk is extracted in the corresponding application code of file type.Wherein, it applies
The file type of code includes but not limited to:Configuration file, code file, resource file etc..
Further, in a specific embodiment of the present invention, server can audit configuration file, identify and extract all kinds of
The feature vector of known risk.It should be noted that in a specific embodiment of the present invention, server audits configuration file, is
Configuration reasonability audit is carried out to the configuration item in configuration file, including the security configuration item of each component, data backup switch are matched
The configuration reasonableness check for setting item, debugging switchgear distribution item and each sensitive permission configuration item etc., determines whether that there are safety winds
Danger.
Further, in a specific embodiment of the present invention, server can also audit resource file, identify and extract each
The feature vector of risk known to class;Server can also audit code file, identify and extract the features of all kinds of known risks to
Amount.
Step 101c, it according to each feature of risk vector, establishes first and applies corresponding feature of risk vector set.
In a specific embodiment of the present invention, each feature of risk is extracted in never with the corresponding application code of file type
After vector, server can establish above-mentioned first application corresponding feature of risk vector according to above-mentioned each feature of risk vector
Set.
Further, in a specific embodiment of the present invention, server can build risk according to each feature of risk vector
Vector relations between feature vector, form code dimension first apply corresponding feature of risk vector set.Specifically, needle
It is existing between the different characteristic index in each verification field (configuration file, resource file, code file) of code dimension
Interior raw incidence relation establishes the vectorial expression way for including characteristic item and characteristic value, and then forms the vector of Expressive Features data
Relationship.Vector relations i.e. in mobile application code between the characteristic index of different dimensions.
In conclusion in a specific embodiment of the present invention, 101a-101c, server can be carried first through the above steps
Take the first application applies sample, and obtains the application code using sample, then the corresponding application generation never with file type
Each feature of risk vector is extracted in code, finally according to each feature of risk vector, establishes the first application corresponding feature of risk vector
Set.
Embodiment three
Based on embodiment one, Fig. 3 is that a kind of implementation process of the detection method for risk that the embodiment of the present invention proposes is shown
It is intended to three, as shown in figure 3, in a specific embodiment of the present invention, server establishes the first corresponding risk of application in terminal
The method of characteristic set mainly includes the following steps that:
Step 102a, operation data is monitored, the corresponding call parameters of operation data are obtained.
In a specific embodiment of the present invention, after the operation data for obtaining the first application, the above-mentioned fortune of monitoring server
Then row data obtain the corresponding call parameters of operation data.Wherein, it is fortune that above-mentioned call parameters, which can be above-mentioned first application,
When row state, all of running environment can be by the first application call I/O abilities.
It should be noted that in a specific embodiment of the present invention, various actions of the mobile application in run mode, essence
On show as calling the I/O of the various abilities of its running environment, management and control is carried out to these I/O abilities, can reach and movement is answered
The management and control of data exchange forms the boundary fence of a track data.When mobile application attempts to pass data to using outer, energy
It is enough to be arrived by management and control sequential monitoring.
Step 102b, when call parameters are not belonging to default call parameters range, by the corresponding operation data of call parameters
It is determined as risk data.
In a specific embodiment of the present invention, after obtaining the corresponding call parameters of operation data, server can root
Above-mentioned operation data is judged according to above-mentioned call parameters, specifically, when above-mentioned call parameters are not belonging to default call parameters
When range, the corresponding operation data of call parameters is determined as risk data by server.
Further, in a specific embodiment of the present invention, server can establish the management and control called to all I/O, when
First application attempts by calling some I/O to call, when passing data to other than application boundary, such as:Written document is sent out short
By network data occur for letter to distal end, will be monitored by server.
Further, in a specific embodiment of the present invention, attempt by calling quilt when by the operation data of hidden indicium
The I/O abilities for surrounding management and control cross over the boundary of the first application, and when being leaked to except the first application boundary, server triggers boundary is got over
The operation data is identified as the risk data of the first application by boundary's event.
Step 102c, it according to risk data, establishes first and applies corresponding feature of risk data acquisition system.
In a specific embodiment of the present invention, after the risk data that the first application is determined, service area can basis
Above-mentioned risk data establishes first and applies corresponding feature of risk data acquisition system.
In conclusion in a specific embodiment of the present invention, 102a-102c, server can pass through through the above steps
It monitors operation data and obtains the corresponding call parameters of operation data, if call parameters are not belonging to default call parameters range, clothes
The corresponding operation data of call parameters is then determined as risk data by business device, and then establishing the first application according to risk data corresponds to
Feature of risk data acquisition system.
Example IV
Based on embodiment one, Fig. 4 is that a kind of implementation process of the detection method for risk that the embodiment of the present invention proposes is shown
It is intended to four, as shown in figure 4, in a specific embodiment of the present invention, server establishes the first corresponding risk of application in terminal
The method of characteristic behavior set mainly includes the following steps that:
Step 103a, according to multidirectional amount integration algorithm is preset, the corresponding current grayvalue of active user's behavioral data is obtained.
In a specific embodiment of the present invention, obtain act on it is described first application active user's behavioral data it
Afterwards, server can obtain the corresponding current grayvalue of active user's behavioral data according to default multidirectional amount integration algorithm.
Further, in a specific embodiment of the present invention, server is calculating current use according to multidirectional amount integration algorithm
When the corresponding current grayvalue of family behavioral data, above-mentioned current gray level is calculated by taking the method for multidirectional amount weighted average
Value.
It should be noted that in a specific embodiment of the present invention, the method that server takes multidirectional amount weighted average
During calculating above-mentioned current grayvalue, above-mentioned multidirectional amount can be behavior dimension different user behavioral data it is each to
The data of amount;The size of above-mentioned authority credentials, the corresponding venture influence size of behavioral data represented by each vector determines, high-risk
Risk corresponds to bigger weight, otherwise permission smaller.
Step 103b, according to current grayvalue and default risk model, the behaviorist risk of active user's behavioral data is determined
As a result.
In a specific embodiment of the present invention, after obtaining the corresponding current grayvalue of active user's behavioral data, clothes
Business device can determine the behaviorist risk result of active user's behavioral data according to current grayvalue and default risk model.
Further, in a specific embodiment of the present invention, above-mentioned default risk model can be by historical behavior
The data of generation calculate its gray value and carry out machine learning, then use positive sample (devoid of risk) or negative sample (risky) into
Row training, obtains the high model of accuracy rate.Specifically, above-mentioned model both can be the mapping pass of risk feature and behavioural characteristic
System, or the mapping relations of gray value interval and risk feature, wherein the corresponding gray value interval of positive sample is exactly the
One gray value interval, the corresponding gray value interval of negative sample are exactly the second gray value interval.
Further, in a specific embodiment of the present invention, if above-mentioned current grayvalue is in the first gray value interval,
Then judge that the behaviorist risk result of active user's behavioral data is low;If current grayvalue in the second gray value interval,
Judge that the behaviorist risk result of active user's behavioral data is height;Otherwise, it is determined that current grayvalue is neither in the first gray value area
In, also not in the second gray value interval, server then needs the characteristic for assisting other dimensions further to be sentenced
It is disconnected.
Step 103c, according to behaviorist risk as a result, establishing first applies corresponding feature of risk behavior set.
In a specific embodiment of the present invention, according to current grayvalue and default risk model, active user's row is determined
After the behaviorist risk result of data, server can be according to above-mentioned behaviorist risk as a result, establishing first applies corresponding wind
Dangerous characteristic behavior set.
In conclusion in a specific embodiment of the present invention, 103a-103c, server can bases through the above steps
Preset multidirectional amount integration algorithm, obtain the corresponding current grayvalue of active user's behavioral data, then according to current grayvalue and
Default risk model determines the behaviorist risk of active user's behavioral data as a result, and establishing first using corresponding feature of risk
Behavior set.
Embodiment five
Based on embodiment one, Fig. 5 is that a kind of implementation process of the detection method for risk that the embodiment of the present invention proposes is shown
It is intended to five, as shown in figure 5, in a specific embodiment of the present invention, server establishes the method for presetting risk model and includes mainly
Following steps:
Step 201 according to existing historical behavior data, default training pattern and presets multidirectional amount integration algorithm, obtains
Corresponding first gray value interval of positive sample and corresponding second gray value interval of negative sample.
In a specific embodiment of the present invention, server can be according to existing historical behavior data, default training pattern
With default multidirectional amount integration algorithm, corresponding first gray value interval of positive sample and negative sample corresponding second gray value area are obtained
Between.Wherein, above-mentioned positive sample is the behavioral data sample of devoid of risk in historical behavior data, and above-mentioned negative sample is historical behavior number
The risky behavioral data sample in.
Step 202, according to corresponding first gray value interval of positive sample and positive sample, negative sample and negative sample corresponding
Two gray value intervals determine the correspondence of risk and gray value.
In a specific embodiment of the present invention, corresponding in corresponding first gray value interval of acquisition positive sample and negative sample
After second gray value interval, server can according to corresponding first gray value interval of positive sample and positive sample, negative sample and
Corresponding second gray value interval of negative sample, determines the correspondence of risk and gray value.
It further, in a specific embodiment of the present invention, can be by the behavioral data of devoid of risk in historical behavior data
Corresponding gray value is divided to above-mentioned first gray value interval, meanwhile, by risky behavioral data pair in historical behavior data
The gray value answered is divided to above-mentioned second gray value interval, may thereby determine that the correspondence of risk and gray value.
Step 203, according to the correspondence of risk and gray value, establish and preset risk model.
In a specific embodiment of the present invention, after determining the correspondence of risk and gray value, server can be with
According to the correspondence of above-mentioned risk and gray value, establishes and preset risk model.
Further, in a specific embodiment of the present invention, when a behavioral data in historical behavior data is corresponding
It, can be by the corresponding ash of the behavior data when gray value is not belonging to above-mentioned first gray value interval and above-mentioned second gray value interval
Angle value is divided in third gray value interval.
Further, in a specific embodiment of the present invention, server can be according to above-mentioned first gray value interval and right
It should be in the behavioral data of the first gray value interval, above-mentioned second gray value interval and corresponding to the behavior number of the second gray value interval
According to, above-mentioned third gray value interval and corresponding to the behavioral data of third gray value interval, establishes and preset risk model.
It can be seen that a kind of detection method for risk that the embodiment of the present invention proposes, it can be by defining mobile application
Feature of risk mapping relations under various dimensions institute state, structure feature of risk identification path and decision in the face of risk tree, to solve
Limitation when risk detection and monistic defect are carried out to mobile application;Also, implement it is simple and convenient, convenient for general
And the scope of application is wider.
Embodiment six
Based on embodiment one, Fig. 6 is that a kind of implementation process of the detection method for risk that the embodiment of the present invention proposes is shown
It is intended to six, as shown in fig. 6, in a specific embodiment of the present invention, server judges that the first application in terminal is more based on multidimensional
The method of the risk of state mainly includes the following steps that:
Step 104a, according to feature of risk vector set, feature of risk data acquisition system and feature of risk behavior set, really
Fixed first applies the polymorphic feature of risk mapping relations of corresponding multidimensional.
In a specific embodiment of the present invention, server the feature of risk vector set for establishing the first application respectively,
It, can be special according to above-mentioned feature of risk vector set, risk after feature of risk data acquisition system and feature of risk behavior set
Data acquisition system and feature of risk behavior set are levied, determines that first applies the polymorphic feature of risk mapping relations of corresponding multidimensional.
Further, in a specific embodiment of the present invention, server can be according to above-mentioned feature of risk vector set, wind
Dangerous characteristic set and feature of risk behavior set, are established under resting state and run mode, code dimension, data dimension and row
Mapping relations between dimension between feature of risk.Such as:For privacy leakage security risk, there are privacy numbers for code dimension
According to the configuration of access rights, behavior dimension, in the presence of accessing, the behavioural characteristic data of private data, there are mobile applications for data dimension
The characteristic of private data is transmitted across application boundary, triple combination establishes the privacy concerns with privacy leakage security risk.
Step 104b, it establishes first according to the polymorphic feature of risk mapping relations of multidimensional and applies corresponding risk decision rule.
In a specific embodiment of the present invention, determine the first application corresponding multidimensional polymorphic feature of risk mapping relations it
Afterwards, server can be established first and apply corresponding risk decision rule according to the polymorphic feature of risk mapping relations of above-mentioned multidimensional,
Wherein, the corresponding risk decision rule of above-mentioned first application can be that a knowledge of risk sex determination is carried out to each feature of risk
Other path and corresponding decision tree.
Step 104c, according to the first application of risk decision rule judgement based on the polymorphic risk of multidimensional.
In a specific embodiment of the present invention, the first application correspondence is being established according to the polymorphic feature of risk mapping relations of multidimensional
Risk decision rule after, service area can according to risk decision rule judge first application based on the polymorphic risk of multidimensional
Property.
It further, in a specific embodiment of the present invention, can basis when carrying out risk sex determination to the first application
Above-mentioned risk decision rule, the feature of risk of the corresponding each dimension of the application of comprehensive analysis first.
In conclusion in a specific embodiment of the present invention, 104a-104c, server can bases through the above steps
Feature of risk vector set, feature of risk data acquisition system and feature of risk behavior set determine that first applies corresponding multidimensional
Then polymorphic feature of risk mapping relations are established first according to the polymorphic feature of risk mapping relations of multidimensional and are sentenced using corresponding risk
Set pattern then, finally judges the first application based on the polymorphic risk of multidimensional according to risk decision rule.
Embodiment seven
Fig. 7 is the composed structure schematic diagram one for the server that the embodiment of the present invention proposes, as shown in fig. 7, the present invention's
In specific embodiment, the server 1 that risk detection is carried out to the first application in terminal includes establishing unit 11 and judging single
Member 12, wherein
Unit 11 is established, for obtaining the first corresponding application code of application in terminal, is answered with default according to application code
With the file type of code, the feature of risk vector set between the corresponding different file types of the first application is established;And work as
When first application is run mode, the operation data for obtaining the first application establishes first according to operation data and preset boundary strategy
Using corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging feature of risk data;And acquisition effect
The first application is established according to active user's behavioral data and default risk model in active user's behavioral data of the first application
Corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior.
Judging unit 12, for according to feature of risk vector set, feature of risk data acquisition system and feature of risk behavior
Set, the first application of judgement is based on the polymorphic risk of multidimensional.
In a specific embodiment of the present invention, further, the application that unit 11 is specifically used for the first application of extraction is established
Sample, and obtain the application code using sample;Never with extracted in the corresponding application code of file type each feature of risk to
Amount;According to each feature of risk vector, feature of risk vector set is established.
In a specific embodiment of the present invention, further, it establishes unit 11 and is specifically additionally operable to monitoring operation data, obtain
The corresponding call parameters of operation data;When call parameters are not belonging to default call parameters range, by the corresponding fortune of call parameters
Row data are determined as feature of risk data;According to risk data, it is special to establish the corresponding risk of corresponding first application of the first application
Levy data acquisition system.
In a specific embodiment of the present invention, further, establish unit 11 it is specific be additionally operable to it is comprehensive according to multidirectional amount is preset
Hop algorithm obtains the corresponding current grayvalue of active user's behavioral data;According to current grayvalue and default risk model, determine
The behaviorist risk result of active user's behavioral data;According to behaviorist risk as a result, establishing first applies corresponding feature of risk row
For set.
It is the composed structure schematic diagram two for the server that the embodiment of the present invention proposes based on Fig. 7, Fig. 8, as shown in figure 8,
In specific embodiments of the present invention, server 1 further includes acquiring unit 13 and determination unit 14, wherein
Acquiring unit 13, for being calculated according to existing historical behavior data, default training pattern and default multidirectional amount synthesis
Method obtains corresponding first gray value interval of positive sample and corresponding second gray value interval of negative sample;Wherein, positive sample is to go through
The behavioral data sample of devoid of risk in history behavioral data, negative sample are risky behavioral data sample in historical behavior data.
Determination unit 14, for according to corresponding first gray value interval of positive sample and positive sample, negative sample and negative sample
Corresponding second gray value interval, determines the correspondence of risk and gray value.
Unit 11 is established, the correspondence according to risk and gray value is additionally operable to, establishes and presets risk model.
In a specific embodiment of the present invention, further, judging unit be specifically used for according to feature of risk vector set,
Feature of risk data acquisition system and feature of risk behavior set determine that the polymorphic feature of risk mapping of the first corresponding multidimensional of application is closed
System;First, which is established, according to the polymorphic feature of risk mapping relations of multidimensional applies corresponding risk decision rule;Judge to advise according to risk
Then the first application of judgement is based on the polymorphic risk of multidimensional.
Unit 11, judging unit 12, acquiring unit 13 and the determination unit 14 provided in an embodiment of the present invention established all may be used
To be realized in the form of program code by executing corresponding function by the processor in mobile terminal;It certainly also can be by specific
Logic circuit realize;During specific embodiment, processor can be central processing unit (CPU), microprocessor
(MPU), digital signal processor (DSP) or field programmable gate array (FPGA) etc.;Above-mentioned server further includes:Memory,
The memory can be the storage device with physical form, such as memory bar, TF card, or the circuit with store function, such as
Random access memory (RAM), FIFO reservoirs etc..
The server that the embodiment of the present invention proposes obtains the first corresponding application code of application in terminal, according to using generation
The file type of code and default application code establishes the feature of risk vector set between the corresponding different file types of the first application
It closes;When the first application is run mode, the operation data for obtaining the first application is built according to operation data and preset boundary strategy
Vertical first applies corresponding feature of risk data acquisition system;Wherein, preset boundary strategy is for judging feature of risk data;It obtains and makees
Active user's behavioral data for the first application is established first and is answered according to active user's behavioral data and default risk model
With corresponding feature of risk behavior set;Wherein, risk model is preset for judging feature of risk behavior;According to feature of risk to
Duration set, feature of risk data acquisition system and feature of risk behavior set, the first application of judgement is based on the polymorphic risk of multidimensional.
It can be seen that the server that the embodiment of the present invention proposes, it can be special by defining the risk under mobile application various dimensions institute state
Mapping relations, structure feature of risk identification path and decision in the face of risk tree are levied, risk inspection is carried out to mobile application to solve
Limitation when survey and monistic defect;Also, implement simple and convenient, convenient for universal, the scope of application is wider.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program
Product.Therefore, the shape of hardware embodiment, software implementation or embodiment combining software and hardware aspects can be used in the present invention
Formula.Moreover, the present invention can be used can use storage in the computer that one or more wherein includes computer usable program code
The form for the computer program product implemented on medium (including but not limited to magnetic disk storage and optical memory etc.).
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real
The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or
The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.
Claims (14)
1. a kind of detection method of risk, which is characterized in that the method includes:
First applies corresponding application code in acquisition terminal, according to the files classes of the application code and default application code
Type establishes the feature of risk vector set between the corresponding different file types of first application;
When described first using being run mode, the operation data of first application is obtained, according to the operation data and in advance
If boundary is tactful, establishes described first and apply corresponding feature of risk data acquisition system;Wherein, the preset boundary strategy is for sentencing
Determine feature of risk data;
The active user's behavioral data for acting on first application is obtained, according to active user's behavioral data and default wind
Dangerous model establishes described first and applies corresponding feature of risk behavior set;Wherein, the default risk model is for judging wind
Dangerous characteristic behavior;
According to the feature of risk vector set, the feature of risk data acquisition system and the feature of risk behavior set, sentence
Fixed first application is based on the polymorphic risk of multidimensional.
2. according to the method described in claim 1, it is characterized in that, described according to the application code and default application code
File type establishes the feature of risk vector set between the corresponding different file types of first application, including:
That extracts first application applies sample, and obtains the application code using sample;
It is never vectorial with each feature of risk is extracted in the corresponding application code of file type;
According to each feature of risk vector, establishes described first and apply the corresponding feature of risk vector set.
3. according to the method described in claim 1, it is characterized in that, described according to the operation data and preset boundary strategy,
It establishes described first and applies corresponding feature of risk data acquisition system, including:
The operation data is monitored, the corresponding call parameters of the operation data are obtained;
It is when the call parameters are not belonging to default call parameters range, the corresponding operation data of the call parameters is true
It is set to risk data;
According to the risk data, establishes described first and apply the corresponding feature of risk data acquisition system.
4. according to the method described in claim 1, it is characterized in that, described according to active user's behavioral data and default wind
Dangerous model establishes described first and applies corresponding feature of risk behavior set, including:
According to default multidirectional amount integration algorithm, the corresponding current grayvalue of active user's behavioral data is obtained;
According to the current grayvalue and the default risk model, the behaviorist risk knot of active user's behavioral data is determined
Fruit;
According to the behaviorist risk as a result, establishing described first applies the corresponding feature of risk behavior set.
5. according to the method described in claim 1, it is characterized in that, described according to the user behavior data and default risk mould
Type is established before the corresponding feature of risk behavior set of first application, and the method for establishing the default risk model includes:
According to existing historical behavior data, default training pattern and multidirectional amount integration algorithm is preset, it is corresponding to obtain positive sample
First gray value interval and corresponding second gray value interval of negative sample;Wherein, the positive sample is the historical behavior data
The behavioral data sample of middle devoid of risk, the negative sample are risky behavioral data sample in the historical behavior data;
According to the positive sample and corresponding first gray value interval of the positive sample, the negative sample and negative sample corresponding
Two gray value intervals determine the correspondence of risk and gray value;
According to the correspondence of the risk and gray value, the default risk model is established.
6. according to the method described in claim 1, it is characterized in that, described according to the feature of risk vector set, the wind
Dangerous characteristic set and the feature of risk behavior set, judgement described first are applied based on the polymorphic risk of multidimensional,
Including:
According to the feature of risk vector set, the feature of risk data acquisition system and the feature of risk behavior set, really
Fixed described first applies the polymorphic feature of risk mapping relations of corresponding multidimensional;
Described first, which is established, according to the polymorphic feature of risk mapping relations of the multidimensional applies corresponding risk decision rule;
Judge first application based on the polymorphic risk of multidimensional according to the risk decision rule.
7. according to the method described in claim 1, it is characterized in that, the file type of the default application code, including:Configuration
File, code file, resource file.
8. a kind of server, which is characterized in that the server includes establishing unit and judging unit,
It is described to establish unit, for obtaining the first corresponding application code of application in terminal, according to the application code and preset
The file type of application code establishes the feature of risk vector set between the corresponding different file types of first application;
And when described first using being run mode, the operation data of first application is obtained, according to the operation data and in advance
If boundary is tactful, establishes described first and apply corresponding feature of risk data acquisition system;Wherein, the preset boundary strategy is for sentencing
Determine feature of risk data;And the active user's behavioral data for acting on first application is obtained, according to the active user
Behavioral data and default risk model establish described first and apply corresponding feature of risk behavior set;Wherein, the default wind
Dangerous model is for judging the feature of risk behavior;
The judging unit, for according to the feature of risk vector set, the feature of risk data acquisition system and the wind
Dangerous characteristic behavior set, judgement first application is based on the polymorphic risk of multidimensional.
9. server according to claim 8, which is characterized in that the unit of establishing is answered specifically for extraction described first
Sample is applied, and obtains the application code using sample;Never with file type in corresponding application code
Extract each feature of risk vector;According to each feature of risk vector, the feature of risk vector set is established.
10. server according to claim 8, which is characterized in that the unit of establishing specifically is additionally operable to monitor the fortune
Row data obtain the corresponding call parameters of the operation data;When the call parameters are not belonging to default call parameters range,
The corresponding operation data of the call parameters is determined as the feature of risk data;According to the risk data, establish
The corresponding feature of risk data acquisition system is applied in first application corresponding described first.
11. server according to claim 8, which is characterized in that the unit of establishing specifically is additionally operable to according to default more
Vectorial integration algorithm obtains the corresponding current grayvalue of active user's behavioral data;According to the current grayvalue and institute
Default risk model is stated, determines the behaviorist risk result of active user's behavioral data;According to the behaviorist risk as a result, building
Vertical described first applies the corresponding feature of risk behavior set.
12. server according to claim 8, which is characterized in that the server further includes acquiring unit and determines single
Member,
The acquiring unit is used for according to existing historical behavior data, default training pattern and presets multidirectional amount integration algorithm,
Obtain corresponding first gray value interval of positive sample and corresponding second gray value interval of negative sample;Wherein, the positive sample is
The behavioral data sample of devoid of risk in the historical behavior data, the negative sample are risky in the historical behavior data
Behavioral data sample;
The determination unit, for according to the positive sample and corresponding first gray value interval of the positive sample, negative sample and
Corresponding second gray value interval of the negative sample, determines the correspondence of risk and gray value;
It is described to establish unit, it is additionally operable to the correspondence according to the risk and gray value, establishes the default risk model.
13. server according to claim 8, which is characterized in that the judging unit is specifically used for according to the risk
Feature vector set, the feature of risk data acquisition system and the feature of risk behavior set determine first application pair
The polymorphic feature of risk mapping relations of multidimensional answered;First application is established according to the polymorphic feature of risk mapping relations of the multidimensional
Corresponding risk decision rule;Judge first application based on the polymorphic risk of multidimensional according to the risk decision rule.
14. server according to claim 8, which is characterized in that the file type of the default application code, including:
Configuration file, code file, resource file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710104591.0A CN108509796B (en) | 2017-02-24 | 2017-02-24 | Method for detecting risk and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710104591.0A CN108509796B (en) | 2017-02-24 | 2017-02-24 | Method for detecting risk and server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108509796A true CN108509796A (en) | 2018-09-07 |
CN108509796B CN108509796B (en) | 2022-02-11 |
Family
ID=63372755
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710104591.0A Active CN108509796B (en) | 2017-02-24 | 2017-02-24 | Method for detecting risk and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108509796B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110390198A (en) * | 2019-07-31 | 2019-10-29 | 阿里巴巴集团控股有限公司 | Risk method for inspecting, device and the electronic equipment of a kind of pair of small routine |
CN113254932A (en) * | 2021-06-16 | 2021-08-13 | 百度在线网络技术(北京)有限公司 | Application program risk detection method and device, electronic equipment and medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103927483A (en) * | 2014-04-04 | 2014-07-16 | 西安电子科技大学 | Decision model used for detecting malicious programs and detecting method of malicious programs |
CN104376258A (en) * | 2014-11-20 | 2015-02-25 | 工业和信息化部电信研究院 | Safety risk detecting method and device for Android application program |
CN104866763A (en) * | 2015-05-28 | 2015-08-26 | 天津大学 | Permission-based Android malicious software hybrid detection method |
CN105205396A (en) * | 2015-10-15 | 2015-12-30 | 上海交通大学 | Detecting system for Android malicious code based on deep learning and method thereof |
CN105893848A (en) * | 2016-04-27 | 2016-08-24 | 南京邮电大学 | Precaution method for Android malicious application program based on code behavior similarity matching |
-
2017
- 2017-02-24 CN CN201710104591.0A patent/CN108509796B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103927483A (en) * | 2014-04-04 | 2014-07-16 | 西安电子科技大学 | Decision model used for detecting malicious programs and detecting method of malicious programs |
CN104376258A (en) * | 2014-11-20 | 2015-02-25 | 工业和信息化部电信研究院 | Safety risk detecting method and device for Android application program |
CN104866763A (en) * | 2015-05-28 | 2015-08-26 | 天津大学 | Permission-based Android malicious software hybrid detection method |
CN105205396A (en) * | 2015-10-15 | 2015-12-30 | 上海交通大学 | Detecting system for Android malicious code based on deep learning and method thereof |
CN105893848A (en) * | 2016-04-27 | 2016-08-24 | 南京邮电大学 | Precaution method for Android malicious application program based on code behavior similarity matching |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110390198A (en) * | 2019-07-31 | 2019-10-29 | 阿里巴巴集团控股有限公司 | Risk method for inspecting, device and the electronic equipment of a kind of pair of small routine |
CN110390198B (en) * | 2019-07-31 | 2023-09-29 | 创新先进技术有限公司 | Risk inspection method and device for small program and electronic equipment |
CN113254932A (en) * | 2021-06-16 | 2021-08-13 | 百度在线网络技术(北京)有限公司 | Application program risk detection method and device, electronic equipment and medium |
CN113254932B (en) * | 2021-06-16 | 2024-02-27 | 百度在线网络技术(北京)有限公司 | Application risk detection method and device, electronic equipment and medium |
Also Published As
Publication number | Publication date |
---|---|
CN108509796B (en) | 2022-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6732806B2 (en) | Account theft risk identification method, identification device, and prevention/control system | |
CN112395159B (en) | Log detection method, system, device and medium | |
CN105376255B (en) | A kind of Android platform intrusion detection method based on K-means cluster | |
CN107659543B (en) | Protection method for APT (android packet) attack of cloud platform | |
CN109446817A (en) | A kind of detection of big data and auditing system | |
CN106709345A (en) | Deep learning method-based method and system for deducing malicious code rules and equipment | |
CN106230773A (en) | Risk evaluating system based on fuzzy matrix analytic hierarchy process (AHP) | |
CN110213236B (en) | Method for determining business safety risk, electronic equipment and computer storage medium | |
CN107180190A (en) | A kind of Android malware detection method and system based on composite character | |
CN104915600B (en) | A kind of Android application securitys methods of risk assessment and device | |
CN111522746B (en) | Data processing method, device, equipment and computer readable storage medium | |
CN107689954A (en) | Power information system monitoring method and device | |
CN109564609A (en) | It mitigates and corrects using the detection of the computer attack of advanced computers decision-making platform | |
CN116366374B (en) | Security assessment method, system and medium for power grid network management based on big data | |
CN110324323A (en) | A kind of new energy plant stand relates to net end real-time, interactive process exception detection method and system | |
CN105956469A (en) | Method and device for identifying file security | |
CN104320271B (en) | A kind of network equipment safety evaluation method and device | |
CN107330345A (en) | A kind of method and apparatus for detecting private data leakage | |
CN113946560A (en) | Database security management method and system | |
CN105939200A (en) | Method and system for performing network security risk evaluation by utilizing expert system | |
CN110009224A (en) | Suspect's violation probability prediction technique, device, computer equipment and storage medium | |
CN106529283A (en) | Software defined network-oriented controller security quantitative analysis method | |
CN107612927B (en) | Safety detection method for power dispatching automation system | |
CN102521496A (en) | Method and system for acquiring importance levels of evaluation indexes | |
CN109101820A (en) | A kind of Web application security breaches prediction technique based on execution flowchart |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |