CN109002696A - It establishes the method for installation kit identification model, identify the method and device of installation kit - Google Patents

It establishes the method for installation kit identification model, identify the method and device of installation kit Download PDF

Info

Publication number
CN109002696A
CN109002696A CN201810714195.4A CN201810714195A CN109002696A CN 109002696 A CN109002696 A CN 109002696A CN 201810714195 A CN201810714195 A CN 201810714195A CN 109002696 A CN109002696 A CN 109002696A
Authority
CN
China
Prior art keywords
installation kit
sample
illegal
identification model
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810714195.4A
Other languages
Chinese (zh)
Inventor
陈宇龙
华元彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201810714195.4A priority Critical patent/CN109002696A/en
Publication of CN109002696A publication Critical patent/CN109002696A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to technical field of data processing, more particularly to it establishes the method for installation kit identification model, identify the method and device of installation kit, it include: to obtain multiple sample installation kits, it include legal installation kit and illegal installation kit in the multiple sample installation kit, the legal installation kit be premised on the installation requirements of user installation kit generated, the illegal installation kit be not the installation kit generated premised on the installation requirements of user;The sample installation kit characteristic information of the feature for characterizing the sample installation kit is extracted from each sample installation kit respectively;Model training is carried out to all sample installation kit characteristic informations extracted, establishes the illegal installation kit identification model of the illegal installation kit for identification.The present invention improves the recognition efficiency for illegal installation kit.

Description

It establishes the method for installation kit identification model, identify the method and device of installation kit
Technical field
The present invention relates to technical field of data processing, more particularly to establish the method for installation kit identification model, identification installation The method and device of packet.
Background technique
With popularizing for Android intelligent equipment, more and more black production author position shifts cause to Android mobile platform Malice installation kit under Android platform is in the outburst of blowout.Malice installation kit is a kind of special Android program, they are usually By the modes such as induction installation and channel prepackage, the device systems of user are installed in the case where user is unaware of also unauthorized In, so that the device systems to user are attacked, user is caused to cause damages.Malice installation kit can on influence caused by user security risk To include that rate consume, privacy is stolen, maliciously deduct fees, remotely control and malice advertisement etc..
In the prior art, virus analysis teacher's manual analysis processing is often relied on for the identification of malice installation kit, therefore, There is a problem of that recognition efficiency is low.
Summary of the invention
In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind It states the method for establishing installation kit identification model of problem, identify the method and device of installation kit.
First aspect according to the present invention provides a kind of method for establishing installation kit identification model, the method packet It includes:
Multiple sample installation kits are obtained, include legal installation kit and illegal installation kit, institute in the multiple sample installation kit State legal installation kit be premised on the installation requirements of user installation kit generated, the illegal installation kit be not be with user Installation requirements premised on installation kit generated;
The sample peace of the feature for characterizing the sample installation kit is extracted from each sample installation kit respectively Fill packet characteristic information;
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the illegal installation for identification The illegal installation kit identification model of packet.
Preferably, the illegal installation kit includes malice installation kit and/or advertisement installation kit.
Preferably, when the illegal installation kit includes the malice installation kit and the advertisement installation kit, described pair is mentioned All sample installation kit characteristic informations taken out carry out model training, establish the illegal installation of the illegal installation kit for identification Packet identification model, comprising:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice for identification respectively The advertisement installation kit identification model of the malice installation kit identification model of installation kit and for identification the advertisement installation kit.
Preferably, the described pair of all sample installation kit characteristic informations extracted carry out model training, comprising:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on depth The model training of habit.
Preferably, the sample installation of the feature for characterizing the sample installation kit is extracted from the sample installation kit Packet characteristic information, comprising:
The sample installation kit is unziped it, the critical file for running the sample installation kit is obtained;
File characteristic is extracted from the critical file;
Dimension-reduction treatment is carried out to the file characteristic, obtains the sample installation of the feature for characterizing the sample installation kit Packet feature vector.
Preferably, the critical file includes classes.dex, resources.arsc, AndroidManifest.xml With at least one of MANIFEST.MF file.
The second aspect according to the present invention provides a kind of method for identifying installation kit, which comprises
Obtain target installation kit;
The target installation kit feature of the feature for characterizing the target installation kit is extracted from the target installation kit Information;
The target installation kit characteristic information is input to illegal installation kit identification model, is known according to the illegal installation kit The recognition result of other model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is is obtained based on any one of the first aspect of the invention step The illegal installation kit identification model obtained.
Preferably, when the illegal installation kit identification model includes malice installation kit identification model and the identification of advertisement installation kit Model, it is described that the target installation kit characteristic information is input to illegal installation kit identification model, according to the illegal installation kit The recognition result of identification model output determines the type of the target installation kit, comprising:
The target installation kit characteristic information is input to malice installation kit identification model, the malice installation kit is obtained and knows First recognition result of other model output;
If first recognition result is that the target installation kit is malice installation kit, it is determined that the target installation kit Type is malice installation kit;
If first recognition result is that the target installation kit is not malice installation kit, and the target installation kit is special Reference breath is input to advertisement installation kit identification model, obtains the second recognition result of the advertisement installation kit identification model output;
If second recognition result is that the target installation kit is advertisement installation kit, it is determined that the target installation kit is Advertisement installation kit;
If second recognition result is that the target installation kit is not advertisement installation kit, it is determined that the target installation kit For legal installation kit.
In terms of third according to the present invention, a kind of device for establishing installation kit identification model, described device packet are provided It includes:
First obtains module, includes legal installation in the multiple sample installation kit for obtaining multiple sample installation kits Packet and illegal installation kit, the legal installation kit are the installation kit generated premised on the installation requirements of user, described illegal Installation kit be not the installation kit generated premised on the installation requirements of user;
Second extraction module, for being extracted from each sample installation kit respectively for characterizing the sample installation The sample installation kit characteristic information of the feature of packet;
Module is established, for carrying out model training to all sample installation kit characteristic informations extracted, is established for knowing The illegal installation kit identification model of the not described illegal installation kit.
Preferably, the illegal installation kit includes malice installation kit and/or advertisement installation kit.
Preferably, when the illegal installation kit includes the malice installation kit and the advertisement installation kit, the foundation Module is specifically used for:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice for identification respectively The advertisement installation kit identification model of the malice installation kit identification model of installation kit and for identification the advertisement installation kit.
Preferably, described to establish module, it is specifically used for:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on depth The model training of habit.
Preferably, first extraction module, comprising:
Decompression unit is obtained for unziping it to the sample installation kit for running the sample installation kit Critical file;
Extraction unit, for extracting file characteristic from the critical file;
Dimensionality reduction unit is obtained for carrying out dimension-reduction treatment to the file characteristic for characterizing the sample installation kit The sample installation kit feature vector of feature.
Preferably, the critical file includes classes.dex, resources.arsc, AndroidManifest.xml With at least one of MANIFEST.MF file.
The 4th aspect according to the present invention, provides a kind of device for identifying installation kit, and described device includes:
Second obtains module, for obtaining target installation kit;
Second extraction module, for extracting the feature for characterizing the target installation kit from the target installation kit Target installation kit characteristic information;
Determining module, for the target installation kit characteristic information to be input to illegal installation kit identification model, according to institute The recognition result for stating illegal installation kit identification model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is based on based on any one of the first aspect of the invention step Illegal installation kit identification model obtained.
Preferably, when the illegal installation kit identification model includes malice installation kit identification model and the identification of advertisement installation kit Model, the determining module, comprising:
First obtains unit is obtained for the target installation kit characteristic information to be input to malice installation kit identification model Obtain the first recognition result of the malice installation kit identification model output;
First determination unit, if being the target installation kit for first recognition result is malice installation kit, really The type of the fixed target installation kit is malice installation kit;
Second obtaining unit, if being the target installation kit for first recognition result is not malice installation kit, The target installation kit characteristic information is input to advertisement installation kit identification model, it is defeated to obtain the advertisement installation kit identification model The second recognition result out;
Second determination unit, if being the target installation kit for second recognition result is advertisement installation kit, really The fixed target installation kit is advertisement installation kit;
Third determination unit, if it is not advertisement installation kit that second recognition result, which is the target installation kit, it is determined that The target installation kit is legal installation kit.
The 5th aspect according to the present invention, provides a kind of computer readable storage medium, is stored thereon with computer Program realizes such as any one of the first aspect of the present invention or second aspect step when the program is executed by processor.
According to the present invention the 6th aspect, provides a kind of computer equipment, including memory, processor and is stored in On memory and the computer program that can run on a processor, which is characterized in that the processor executes real when described program Now such as any one of the first aspect of the present invention or second aspect step.
The method and device according to the present invention for establishing installation kit identification model, firstly, including legal installation by obtaining Multiple sample installation kits of packet and illegal installation kit, legal installation kit are the installation generated premised on the installation requirements of user Packet, illegal installation kit is is not the installation kit generated premised on the installation requirements of user, then, is pacified respectively from each sample The sample installation kit characteristic information of the feature for characterizing sample installation kit is extracted in dress packet, it is then, all to what is extracted Sample installation kit characteristic information carries out model training, establishes illegal installation kit identification model, utilizes illegal installation kit identification model Can recognize that whether unknown installation kit is illegal installation kit, which not only overcomes the prior art and adopt The low problem of existing recognition efficiency is manually handled, improves the recognition efficiency for illegal installation kit, and pass through mould Type training can be realized the excavation of data, find in illegal installation kit rule so that finally utilizing illegal installation kit The result that identification model identifies accuracy with higher.
Further, the method and device of identification installation kit according to the present invention, first acquisition target installation kit, then from mesh The target installation kit characteristic information that the feature for characterizing target installation kit is extracted in mark installation kit, then by target installation kit Characteristic information is input to illegal installation kit identification model, determines target according to the recognition result that illegal installation kit identification model exports The type of installation kit can not only improve the recognition efficiency to target installation Packet type using the above method, and due to utilizing Target installation kit characteristic information is as basis of characterization, additionally it is possible to target installation kit be avoided to be exempted from due to using shell adding or obfuscation It kills, improves installation kit difficulty free to kill.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, identical component is indicated with identical reference pattern.In the accompanying drawings:
Fig. 1 shows the flow chart that the method for installation kit identification model is established in the embodiment of the present invention;
Fig. 2 shows the flow charts of step 102 in the embodiment of the present invention;
Fig. 3 shows the flow chart that the method for installation kit is identified in the embodiment of the present invention;
Fig. 4 shows the structure chart that the device of installation kit identification model is established in the embodiment of the present invention;
Fig. 5 shows the structure chart that the device of installation kit is identified in the embodiment of the present invention;
Fig. 6 shows the structure chart of computer equipment in the embodiment of the present invention.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.
First embodiment of the invention provides a kind of method for establishing installation kit identification model, and this method can be applied to Android In system, so that Android system is that this establishes the executing subject of the method for installation kit identification model.
According to shown in Fig. 1, the method for establishing installation kit identification model in first embodiment of the invention includes:
Step 101: obtaining multiple sample installation kits, include legal installation kit and illegal installation in multiple sample installation kits Packet, legal installation kit be premised on the installation requirements of user installation kit generated, illegal installation kit be not be with user Installation kit generated premised on installation requirements.
Step 102: extracting the sample peace of the feature for characterizing sample installation kit from each sample installation kit respectively Fill packet characteristic information.
Step 103: model training being carried out to all sample installation kit characteristic informations extracted, is established illegal for identification The illegal installation kit identification model of installation kit.
Specifically, the type of installation kit includes legal installation kit and illegal installation kit, and legal installation kit is with user's Installation kit generated premised on installation requirements meets user installation demand by running legal installation kit and can install to obtain Application program, the normal mounting packet in general, legal installation kit is otherwise known as.And illegal installation kit, which is, to be needed with the installation of user Installation kit generated premised on asking, illegal installation kit include malice installation kit and advertisement installation kit, malice installation kit be for Cause the installation kit of malicious act to user, malicious act include but is not limited to steal the privacy of user, the property for stealing user, The rate of user, the equipment of remote control user or interference user equipment normal work etc. are wasted, advertisement installation kit is to carry The installation kit of advertisement, either malice installation kit or advertisement installation kit, are not to be given birth to premised on the installation requirements of user At installation kit, therefore, malice installation kit and advertisement installation kit belong to illegal installation kit.
Further, in a step 101, the sample installation kit of magnanimity is obtained first, and the type of sample installation kit is it is known that obtain To Massive Sample installation kit in may include legal installation kit, malice installation kit and advertisement installation kit, that is, the magnanimity got Containing type belongs to the sample installation kit of legal installation kit in sample installation kit, type belongs to the sample installation kit of malice installation kit And type belongs to the sample installation kit of advertisement installation kit.
Specifically, it after getting sample installation kit, is extracted from sample installation kit for characterizing sample installation The sample installation kit characteristic information of packet feature, the corresponding sample installation kit characteristic information of each sample installation kit.
The extraction process of sample installation kit characteristic information will be described in detail by taking a sample installation kit as an example below, According to extracting the process of sample installation kit characteristic information shown in Fig. 2 the following steps are included:
Step 201: sample installation kit being unziped it, the critical file for running sample installation kit is obtained.
Step 202: file characteristic is extracted from critical file.
Step 203: dimension-reduction treatment being carried out to file characteristic, obtains the sample installation of the feature for characterizing sample installation kit Packet feature vector.
Specifically, the critical file for running sample installation kit include classes.dex, resources.arsc, At least one of AndroidManifest.xml and MANIFEST.MF file.
Wherein, classes.dex file is the core document of installation kit, may operate in Android Dalvik virtual machine On, by checking the compiling generating process of installation kit it is found that Java source code is compiled into .class file first, then Android The included dx tool of Software Development Kit will be these, and class file is converted into classes.dex, passes through decompiling Java source code can be obtained in classes.dex.
Wherein, resources.arsc file is used to the ID of Resource be converted to the title of resource file, in Android In system, each application program can configure many resources, these resources are used to be adapted to the screen of different densities, size and Orientation Curtain, and country, area and language etc. that adaptation is different, these resources are in application program operation automatically according to equipment What current configuration information was adapted to, that is, give an identical resource ID, under different device configurations, what is found can Resource can be different, this search procedure is completed by Android resource management framework, Android resource management framework then by Two classes of AssetManager and Resources realize that Resources class can search resource according to ID, and AssetManager class searches resource according to filename, if it is a file that a resource ID is corresponding, Resources class first finds resource file title according to ID, then gives this document title to AssetManager class again Corresponding file is opened, and the ID of Resources class is converted to resource by resources.arsc file by Resources class The title of file, resources.arsc file are stored in installation kit, are generated in packing process by AAPT tool, Resources.arsc file is the concordance list of a resource, maintain in the concordance list resource ID, Name, Path or The corresponding relationship of Value, AssetManager pass through this concordance list, so that it may which it is corresponding to find this resource by the ID of resource File or data.
Wherein, AndroidManifest.xml file is necessary file in Android program, is located at the root of entire project In catalogue, component necessary to being run in AndroidManifest.xml file configured with program, permission and relevant information, AndroidManifest.xml file be also Android application entry file, which depict in package exposure component, this The respective realization class of a little components, the processed data of various energy and starting position, AndroidManifest.xml file is in addition to energy State Activities, ContentProviders, Services and the Intent Receivers in program, moreover it is possible to specified Permissions and instrumentation.
Wherein, MANIFEST.MF file contains the information such as version, founder and the class searching route of installation kit, if peace Dress packet is executable installation kit, then MANIFEST.MF file can include also Main-Class attribute, shows Main method entrance.
Further, after obtaining critical file, file characteristic is first extracted from critical file, then to extracting All Files feature carries out dimension-reduction treatment, obtains sample installation kit feature vector corresponding with sample installation kit, wherein sample peace Dress packet feature vector is the sample installation kit characteristic information for being used to characterize the feature of sample installation kit.Wherein, dimension-reduction treatment is A kind for the treatment of process converting high dimensional data to low-dimensional data carries out dimension-reduction treatment using dimension-reduction algorithm, for dimension-reduction algorithm For, PCA dimension-reduction algorithm, LDA dimension-reduction algorithm, LLE dimension-reduction algorithm or other improvements dimension-reduction algorithm can be used, the present invention is implemented Example to which kind of specifically used dimension-reduction algorithm without limitation, meanwhile, above-mentioned dimension-reduction algorithm is also the prior art, and the present invention is for such as What, which carries out dimension-reduction treatment using dimension-reduction algorithm, repeats no more.
It should be noted that in embodiments of the present invention, the critical file extracted from sample installation kit may include It is multiple, when a corresponding sample installation kit is there are when multiple critical files, in step 202, respectively from each critical file File characteristic is extracted, then, in step 203, dimension-reduction treatment is carried out based on the All Files feature extracted, obtains sample Installation kit feature vector.For example, the critical file of acquisition includes the first crucial text after decompressing to a sample installation kit Part classes.dex, the second critical file resources.arsc, third critical file AndroidManifest.xml and Four critical file MANIFEST.MF then extract the first file characteristic from the first critical file, from the second critical file In extract the second file characteristic, third file characteristic is extracted from third critical file, is extracted from the 4th critical file Then 4th file characteristic out is based on the first file characteristic, the second file characteristic, third file characteristic and the 4th file characteristic, Dimension-reduction treatment is carried out, sample installation kit feature vector corresponding with the sample installation kit is obtained.
Specifically, file characteristic includes the characteristic information of file, for different critical files, file characteristic Can be different, for example, classes.dex is the structured binary text after a compiling if critical file is classes.dex Part, it comprises the JAVA codes that can be performed after compiling, and it is fixed to extract class after the format definition parsing provided according to Android Justice, function prototype information, function execute code, reference the information such as constant character string as file characteristic;If critical file is Resources.arsc, resources.arsc are the structured binary files after a compiling, and it comprises can after compiling The resource of execution, according to Android provide format definition parsing after, extract anim, animator, interpolator, Title and corresponding data under the classifications such as drawable, layout, values, xml, raw, color, menu, mipmap, any As file characteristic;If critical file be AndroidManifest.xml, AndroidManifest.xml be one compiling after Structured binary file, according to Android provide format definition parsing after, extract packet name, APK version, SDK editions Sheet, permission, Activities, ContentProviders, Services, Intent Receivers, permissions, The information such as instrumentation are as file characteristic;If critical file is MANIFEST.MF, MANIFEST.MF is a text This document extracts file path described in this document and cryptographic Hash as file characteristic.
Explanation is needed further exist for, no matter sample installation kit belongs to legal installation kit or illegal installation kit, and one The corresponding sample installation kit characteristic information of sample installation kit namely the corresponding sample installation kit of a sample installation kit are special Levy vector.
Specifically, in step 103, after extracting the sample installation kit feature vector of all sample installation kits, Model training is carried out to all sample installation kit feature vectors extracted, wherein can be using the model instruction based on vector machine Practice method and model training is carried out to sample installation kit feature vector, it can also be using the model training method based on decision tree to sample This installation kit feature vector carries out model training, can also be using the model training method based on deep learning to sample installation kit Feature vector carry out model training, and based on vector machine, based on decision tree and based on the model training method of deep learning Using corresponding model training method, the embodiment of the present invention repeat no more in the prior art.To all samples extracted After installation kit feature vector carries out model training, the illegal installation kit identification model of illegal installation kit for identification is obtained, is utilized Illegal installation kit identification model can recognize that whether unknown installation kit belongs to illegal installation kit.
Further, when illegal installation kit includes malice installation kit and advertisement installation kit, by all samples extracted This installation kit characteristic information carry out model training, establish respectively malice installation kit for identification malice installation kit identification model and The advertisement installation kit identification model of advertisement installation kit for identification can recognize that unknown peace using malice installation kit identification model Whether dress packet belongs to malice installation kit, can recognize that whether unknown installation kit belongs to advertisement using advertisement installation kit identification model Installation kit.
In addition, can be the training pattern with coding, or compression for illegal installation kit identification model Training pattern, the illegal installation kit identification model of compression can be effectively reduced the storage volume of model, save model to depositing Store up the occupancy in space.
Based on the same inventive concept, second embodiment of the invention also provides a kind of method for identifying installation kit, is applied to peace In tall and erect system, so that Android system is the executing subject of the method for the identification installation kit.
According to shown in Fig. 3, the method for the identification installation kit in second embodiment of the invention includes:
Step 301: obtaining target installation kit.
Step 302: the target installation kit feature of the feature for characterizing target installation kit is extracted from target installation kit Information.
Step 303: target installation kit characteristic information being input to illegal installation kit identification model, is known according to illegal installation kit The recognition result of other model output determines the type of target installation kit.
Wherein, illegal installation kit identification model identifies mould for the installation kit of establishing introduced in first embodiment according to the present invention The method of type illegal installation kit identification model obtained.
Specifically, the type of target installation kit is unknown, after obtaining target installation kit, in step 302, from target Target installation kit characteristic information is extracted in installation kit, extracts the process of target installation kit characteristic information and extracts sample installation kit Sample installation kit characteristic information process it is identical, specifically, firstly, unziped it to target installation kit, obtain for transporting The critical file of row target installation kit, critical file may include classes.dex, resources.arsc, At least one of AndroidManifest.xml and MANIFEST.MF file are then mentioned from each critical file respectively File characteristic is taken out, then dimension-reduction treatment is carried out to the All Files feature extracted, obtains target corresponding with target installation kit Installation kit feature vector, the target installation kit feature vector are that the target installation kit for the feature for being used to characterize target installation kit is special Reference breath.Finally, in step 303, the target installation kit feature vector extracted is input to illegal installation kit identification model, Illegal installation kit identification model exports recognition result, if recognition result is by identifying to target installation kit characteristic information Target installation kit is illegal installation kit, it is determined that the type of target installation kit is illegal installation kit, if recognition result is target peace Dress packet is not illegal installation kit, it is determined that the type of target installation kit is legal installation kit.
Further, in embodiments of the present invention, illegal installation kit identification model may include malice installation kit identification model With advertisement installation kit identification model, thus, in step 303, target installation kit characteristic information is first input to malice installation kit Identification model obtains the first recognition result of malice installation kit identification model output, if the first recognition result is target installation kit Malice installation kit, it is determined that the type of target installation kit be malice installation kit, if the first recognition result be target installation kit not It is malice installation kit, then target installation kit characteristic information is input to advertisement installation kit identification model, obtains advertisement installation kit and know Second recognition result of other model output, if it is advertisement installation kit that the second recognition result, which is target installation kit, it is determined that target peace Dress packet is advertisement installation kit, if it is not advertisement installation kit that the second recognition result, which is target installation kit, it is determined that target installation kit is Legal installation kit.
It should be noted that being set since malice installation kit is significantly larger than advertisement installation kit to the harm of user equipment to user Therefore target installation kit in a preferred embodiment, is first input to malice installation kit identification model and known by standby harm Not, it can not only determine whether target installation kit belongs to malice installation kit at the first time in this way, if target installation kit is that malice is pacified Dress packet is then in time handled it, and malice installation kit is avoided to damage user equipment, additionally it is possible to be improved and be pacified to malice Fill the killing efficiency of packet.
Based on the same inventive concept, third embodiment of the invention also provides a kind of device for establishing installation kit identification model, As shown in figure 4, described device includes:
First obtains module 401, includes legal peace in the multiple sample installation kit for obtaining multiple sample installation kits Dress packet and illegal installation kit, the legal installation kit is the installation kit generated premised on the installation requirements of user, described non- Method installation kit be not the installation kit generated premised on the installation requirements of user;
First extraction module 402, for extracting from each sample installation kit for characterizing the sample respectively The sample installation kit characteristic information of the feature of installation kit;
Module 403 is established, for carrying out model training to all sample installation kit characteristic informations extracted, foundation is used for Identify the illegal installation kit identification model of the illegal installation kit.
Preferably, the illegal installation kit includes malice installation kit and/or advertisement installation kit.
Preferably, when the illegal installation kit includes the malice installation kit and the advertisement installation kit, the foundation Module is specifically used for:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice for identification respectively The advertisement installation kit identification model of the malice installation kit identification model of installation kit and for identification the advertisement installation kit.
Preferably, described to establish module, it is specifically used for:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on depth The model training of habit.
Preferably, first extraction module, comprising:
Decompression unit is obtained for unziping it to the sample installation kit for running the sample installation kit Critical file;
Extraction unit, for extracting file characteristic from the critical file;
Dimensionality reduction unit is obtained for carrying out dimension-reduction treatment to the file characteristic for characterizing the sample installation kit The sample installation kit feature vector of feature.
Preferably, the critical file includes classes.dex, resources.arsc, AndroidManifest.xml With at least one of MANIFEST.MF file.
Based on the same inventive concept, fourth embodiment of the invention also provides a kind of device for identifying installation kit, such as Fig. 5 institute Show, described device includes:
Second obtains module 501, for obtaining target installation kit;
Second extraction module 502, for extracting from the target installation kit for characterizing the target installation kit The target installation kit characteristic information of feature;
Determining module 503, for the target installation kit characteristic information to be input to illegal installation kit identification model, according to The recognition result of the illegal installation kit identification model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is based on establishing installation kit identification model described in first embodiment Method illegal installation kit identification model obtained.
Preferably, when the illegal installation kit identification model includes malice installation kit identification model and the identification of advertisement installation kit Model, the determining module, comprising:
First obtains unit is obtained for the target installation kit characteristic information to be input to malice installation kit identification model Obtain the first recognition result of the malice installation kit identification model output;
First determination unit, if being the target installation kit for first recognition result is malice installation kit, really The type of the fixed target installation kit is malice installation kit;
Second obtaining unit, if being the target installation kit for first recognition result is not malice installation kit, The target installation kit characteristic information is input to advertisement installation kit identification model, it is defeated to obtain the advertisement installation kit identification model The second recognition result out;
Second determination unit, if being the target installation kit for second recognition result is advertisement installation kit, really The fixed target installation kit is advertisement installation kit;
Third determination unit, if it is not advertisement installation kit that second recognition result, which is the target installation kit, it is determined that The target installation kit is legal installation kit.
Based on the same inventive concept, fifth embodiment of the invention also provides a kind of computer readable storage medium, deposits thereon Computer program is contained, the step of method described in aforementioned first embodiment or second embodiment is realized when which is executed by processor Suddenly.
Based on the same inventive concept, sixth embodiment of the invention additionally provides a kind of computer equipment, as shown in fig. 6, being Convenient for explanation, only parts related to embodiments of the present invention are shown, disclosed by specific technical details, please refers to the present invention Embodiment method part.The computer equipment can be include mobile phone, tablet computer, PDA (Personal Digital Assistant, personal digital assistant), POS (Point of Sales, point-of-sale terminal), any terminal device such as vehicle-mounted computer, By taking computer equipment is mobile phone as an example:
Fig. 6 shows the block diagram of part-structure relevant to computer equipment provided in an embodiment of the present invention.With reference to figure 6, which includes: memory 601 and processor 602.It will be understood by those skilled in the art that meter shown in Fig. 6 It calculates machine equipment structure and does not constitute the restriction to computer equipment, may include than illustrating more or fewer components or group Close certain components or different component layouts.
It is specifically introduced below with reference to each component parts of the Fig. 6 to computer equipment:
Memory 601 can be used for storing software program and module, and processor 602 is stored in memory 601 by operation Software program and module, thereby executing various function application and data processing.Memory 601 can mainly include storage journey Sequence area and storage data area, wherein storing program area can the (ratio of application program needed for storage program area, at least one function Such as sound-playing function, image player function) etc.;It storage data area can storing data (such as audio data, phone directory etc.) Deng.In addition, memory 601 may include high-speed random access memory, it can also include nonvolatile memory, for example, at least One disk memory, flush memory device or other volatile solid-state parts.
Processor 602 is the control centre of computer equipment, by running or executing the software being stored in memory 601 Program and/or module, and the data being stored in memory 601 are called, perform various functions and handle data.Optionally, Processor 602 may include one or more processing units;Preferably, processor 602 can integrate application processor and modulation /demodulation Processor, wherein the main processing operation system of application processor, user interface and application program etc., modem processor master Handle wireless communication.
In embodiments of the present invention, processor 602 included by the computer equipment can have aforementioned first embodiment Or function corresponding to any one of second embodiment step.
In short, the method and device according to the present invention for establishing installation kit identification model, firstly, including legal by obtaining Multiple sample installation kits of installation kit and illegal installation kit, legal installation kit are generated premised on the installation requirements of user Installation kit, illegal installation kit is is not the installation kit generated premised on the installation requirements of user, then, respectively from each sample The sample installation kit characteristic information that the feature for characterizing sample installation kit is extracted in this installation kit, then, to what is extracted All sample installation kit characteristic informations carry out model training, establish illegal installation kit identification model, are identified using illegal installation kit Model can recognize that whether unknown installation kit is illegal installation kit, which not only overcomes existing skill The art problem low using recognition efficiency present in artificial treatment, improves the recognition efficiency for illegal installation kit, Er Qietong Crossing model training can be realized the excavation of data, find in illegal installation kit rule so that final utilize illegal peace The result accuracy with higher that dress packet identification model identifies.
Further, the method and device of identification installation kit according to the present invention, first acquisition target installation kit, then from mesh The target installation kit characteristic information that the feature for characterizing target installation kit is extracted in mark installation kit, then by target installation kit Characteristic information is input to illegal installation kit identification model, determines target according to the recognition result that illegal installation kit identification model exports The type of installation kit can not only improve the recognition efficiency to target installation Packet type using the above method, and due to utilizing Target installation kit characteristic information is as basis of characterization, additionally it is possible to target installation kit be avoided to be exempted from due to using shell adding or obfuscation It kills, improves installation kit difficulty free to kill.
Algorithm and display are not inherently related to any particular computer, virtual system, or other device provided herein. Various general-purpose systems can also be used together with teachings based herein.As described above, it constructs required by this kind of system Structure be obvious.In addition, the present invention is also not directed to any particular programming language.It should be understood that can use various Programming language realizes summary of the invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects, Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself All as a separate embodiment of the present invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed Meaning one of can in any combination mode come using.
Various component embodiments of the invention can be implemented in hardware, or to run on one or more processors Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice Microprocessor or digital signal processor (DSP) realize one of some or all components according to embodiments of the present invention A little or repertoire.The present invention is also implemented as setting for executing some or all of method as described herein Standby or program of device (for example, computer program and computer program product).It is such to realize that program of the invention deposit Storage on a computer-readable medium, or may be in the form of one or more signals.Such signal can be from because of spy It downloads and obtains on net website, be perhaps provided on the carrier signal or be provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame Claim.
A1, a kind of method for establishing installation kit identification model, which is characterized in that the described method includes:
Multiple sample installation kits are obtained, include legal installation kit and illegal installation kit, institute in the multiple sample installation kit State legal installation kit be premised on the installation requirements of user installation kit generated, the illegal installation kit be not be with user Installation requirements premised on installation kit generated;
The sample peace of the feature for characterizing the sample installation kit is extracted from each sample installation kit respectively Fill packet characteristic information;
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the illegal installation for identification The illegal installation kit identification model of packet.
A2, the method according to a1 for establishing installation kit identification model, which is characterized in that the illegal installation kit includes Malice installation kit and/or advertisement installation kit.
A3, the method that installation kit identification model is established according to A2, which is characterized in that when the illegal installation kit packet When including the malice installation kit and the advertisement installation kit, the described pair of all sample installation kit characteristic informations extracted carry out mould The illegal installation kit identification model of the illegal installation kit for identification is established in type training, comprising:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice for identification respectively The advertisement installation kit identification model of the malice installation kit identification model of installation kit and for identification the advertisement installation kit.
A4, the method according to a1 for establishing installation kit identification model, which is characterized in that described pair extract it is all Sample installation kit characteristic information carries out model training, comprising:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on depth The model training of habit.
A5, the method according to a1 for establishing installation kit identification model, which is characterized in that from the sample installation kit Extract the sample installation kit characteristic information of the feature for characterizing the sample installation kit, comprising:
The sample installation kit is unziped it, the critical file for running the sample installation kit is obtained;
File characteristic is extracted from the critical file;
Dimension-reduction treatment is carried out to the file characteristic, obtains the sample installation of the feature for characterizing the sample installation kit Packet feature vector.
A6, the method according to a5 for establishing installation kit identification model, which is characterized in that the critical file includes At least one of classes.dex, resources.arsc, AndroidManifest.xm1 and MANIFEST.MF file.
B7, a kind of method for identifying installation kit, which is characterized in that the described method includes:
Obtain target installation kit;
The target installation kit feature of the feature for characterizing the target installation kit is extracted from the target installation kit Information;
The target installation kit characteristic information is input to illegal installation kit identification model, is known according to the illegal installation kit The recognition result of other model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model be based on established described in any one of A1-A6 installation kit identify mould The method of type illegal installation kit identification model obtained.
B8, the method that installation kit is identified according to B7, which is characterized in that when the illegal installation kit identification model packet Include malice installation kit identification model and advertisement installation kit identification model, it is described the target installation kit characteristic information is input to it is non- Method installation kit identification model determines the target installation kit according to the recognition result of the illegal installation kit identification model output Type, comprising:
The target installation kit characteristic information is input to malice installation kit identification model, the malice installation kit is obtained and knows First recognition result of other model output;
If first recognition result is that the target installation kit is malice installation kit, it is determined that the target installation kit Type is malice installation kit;
If first recognition result is that the target installation kit is not malice installation kit, and the target installation kit is special Reference breath is input to advertisement installation kit identification model, obtains the second recognition result of the advertisement installation kit identification model output;
If second recognition result is that the target installation kit is advertisement installation kit, it is determined that the target installation kit is Advertisement installation kit;
If second recognition result is that the target installation kit is not advertisement installation kit, it is determined that the target installation kit For legal installation kit.
C9, a kind of device for establishing installation kit identification model, which is characterized in that described device includes:
First obtains module, includes legal installation in the multiple sample installation kit for obtaining multiple sample installation kits Packet and illegal installation kit, the legal installation kit are the installation kit generated premised on the installation requirements of user, described illegal Installation kit be not the installation kit generated premised on the installation requirements of user;
Second extraction module, for being extracted from each sample installation kit respectively for characterizing the sample installation The sample installation kit characteristic information of the feature of packet;
Module is established, for carrying out model training to all sample installation kit characteristic informations extracted, is established for knowing The illegal installation kit identification model of the not described illegal installation kit.
C10, the device that installation kit identification model is established according to C9, which is characterized in that the illegal installation kit packet Include malice installation kit and/or advertisement installation kit.
C11, the device that installation kit identification model is established according to C10, which is characterized in that when the illegal installation kit It is described to establish module including the malice installation kit and when the advertisement installation kit, it is specifically used for:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice for identification respectively The advertisement installation kit identification model of the malice installation kit identification model of installation kit and for identification the advertisement installation kit.
C12, the device that installation kit identification model is established according to C9, which is characterized in that it is described to establish module, specifically For:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on depth The model training of habit.
C13, the device that installation kit identification model is established according to C9, which is characterized in that first extraction module, Include:
Decompression unit is obtained for unziping it to the sample installation kit for running the sample installation kit Critical file;
Extraction unit, for extracting file characteristic from the critical file;
Dimensionality reduction unit is obtained for carrying out dimension-reduction treatment to the file characteristic for characterizing the sample installation kit The sample installation kit feature vector of feature.
C14, the device that installation kit identification model is established according to C13, which is characterized in that the critical file includes At least one of classes.dex, resources.arsc, AndroidManifest.xml and MANIFEST.MF file.
D15, a kind of device for identifying installation kit, which is characterized in that described device includes:
Second obtains module, for obtaining target installation kit;
Second extraction module, for extracting the feature for characterizing the target installation kit from the target installation kit Target installation kit characteristic information;
Determining module, for the target installation kit characteristic information to be input to illegal installation kit identification model, according to institute The recognition result for stating illegal installation kit identification model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is based on foundation described in any claim in claim 1-6 The method of installation kit identification model illegal installation kit identification model obtained.
D16, the device that installation kit is identified according to D15, which is characterized in that when the illegal installation kit identification model Including malice installation kit identification model and advertisement installation kit identification model, the determining module, comprising:
First obtains unit is obtained for the target installation kit characteristic information to be input to malice installation kit identification model Obtain the first recognition result of the malice installation kit identification model output;
First determination unit, if being the target installation kit for first recognition result is malice installation kit, really The type of the fixed target installation kit is malice installation kit;
Second obtaining unit, if being the target installation kit for first recognition result is not malice installation kit, The target installation kit characteristic information is input to advertisement installation kit identification model, it is defeated to obtain the advertisement installation kit identification model The second recognition result out;
Second determination unit, if being the target installation kit for second recognition result is advertisement installation kit, really The fixed target installation kit is advertisement installation kit;
Third determination unit, if it is not advertisement installation kit that second recognition result, which is the target installation kit, it is determined that The target installation kit is legal installation kit.
E17, a kind of computer readable storage medium, are stored thereon with computer program, which is characterized in that the program is located It manages when device executes and realizes the method and step according to any one of A1-B8.
F18, a kind of computer equipment, including memory, processor and storage can transport on a memory and on a processor Capable computer program, which is characterized in that the processor is realized according to any one of A1-B8 when executing described program Method and step.

Claims (10)

1. a kind of method for establishing installation kit identification model, which is characterized in that the described method includes:
Multiple sample installation kits are obtained, include legal installation kit and illegal installation kit, the conjunction in the multiple sample installation kit Method installation kit is the installation kit generated premised on the installation requirements of user, the illegal installation kit be not peace with user Installation kit generated premised on dress demand;
The sample installation kit of the feature for characterizing the sample installation kit is extracted from each sample installation kit respectively Characteristic information;
Model training is carried out to all sample installation kit characteristic informations for extracting, establishes the illegal installation kit for identification Illegal installation kit identification model.
2. the method for establishing installation kit identification model as described in claim 1, which is characterized in that the illegal installation kit includes Malice installation kit and/or advertisement installation kit.
3. the method for establishing installation kit identification model as claimed in claim 2, which is characterized in that when the illegal installation kit packet When including the malice installation kit and the advertisement installation kit, the described pair of all sample installation kit characteristic informations extracted carry out mould The illegal installation kit identification model of the illegal installation kit for identification is established in type training, comprising:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice installation for identification respectively The advertisement installation kit identification model of the malice installation kit identification model of packet and for identification the advertisement installation kit.
4. the method for establishing installation kit identification model as described in claim 1, which is characterized in that described pair extract it is all Sample installation kit characteristic information carries out model training, comprising:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on deep learning Model training.
5. the method for establishing installation kit identification model as described in claim 1, which is characterized in that from the sample installation kit Extract the sample installation kit characteristic information of the feature for characterizing the sample installation kit, comprising:
The sample installation kit is unziped it, the critical file for running the sample installation kit is obtained;
File characteristic is extracted from the critical file;
Dimension-reduction treatment is carried out to the file characteristic, the sample installation kit for obtaining the feature for characterizing the sample installation kit is special Levy vector.
6. a kind of method for identifying installation kit, which is characterized in that the described method includes:
Obtain target installation kit;
The target installation kit characteristic information of the feature for characterizing the target installation kit is extracted from the target installation kit;
The target installation kit characteristic information is input to illegal installation kit identification model, mould is identified according to the illegal installation kit The recognition result of type output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is to be installed based on foundation described in any claim in claim 1-5 The method of packet identification model illegal installation kit identification model obtained.
7. a kind of device for establishing installation kit identification model, which is characterized in that described device includes:
First obtains module, include for obtaining multiple sample installation kits, in the multiple sample installation kit legal installation kit and Illegal installation kit, the legal installation kit are installation kit generated, the illegal installation premised on the installation requirements of user It wraps not to be the installation kit generated premised on the installation requirements of user;
First extraction module, for extracting from each sample installation kit for characterizing the sample installation kit respectively The sample installation kit characteristic information of feature;
Module is established, for carrying out model training to all sample installation kit characteristic informations extracted, establishes institute for identification State the illegal installation kit identification model of illegal installation kit.
8. a kind of device for identifying installation kit, which is characterized in that described device includes:
Second obtains module, for obtaining target installation kit;
Second extraction module, for extracting the mesh of the feature for characterizing the target installation kit from the target installation kit Mark installation kit characteristic information;
Determining module, for the target installation kit characteristic information to be input to illegal installation kit identification model, according to described non- The recognition result of method installation kit identification model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is to be installed based on foundation described in any claim in claim 1-6 The method of packet identification model illegal installation kit identification model obtained.
9. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is held by processor The method and step as described in any claim in claim 1-6 is realized when row.
10. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor Calculation machine program, which is characterized in that the processor is realized when executing described program such as any claim institute in claim 1-6 The method and step stated.
CN201810714195.4A 2018-06-29 2018-06-29 It establishes the method for installation kit identification model, identify the method and device of installation kit Pending CN109002696A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810714195.4A CN109002696A (en) 2018-06-29 2018-06-29 It establishes the method for installation kit identification model, identify the method and device of installation kit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810714195.4A CN109002696A (en) 2018-06-29 2018-06-29 It establishes the method for installation kit identification model, identify the method and device of installation kit

Publications (1)

Publication Number Publication Date
CN109002696A true CN109002696A (en) 2018-12-14

Family

ID=64598162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810714195.4A Pending CN109002696A (en) 2018-06-29 2018-06-29 It establishes the method for installation kit identification model, identify the method and device of installation kit

Country Status (1)

Country Link
CN (1) CN109002696A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109816007A (en) * 2019-01-18 2019-05-28 北京智游网安科技有限公司 Trade classification method, storage medium and the terminal device of application program text information
CN111027029A (en) * 2019-10-21 2020-04-17 厦门天锐科技股份有限公司 Method for judging whether file is installation package or not and limiting opening
CN115221516A (en) * 2022-07-13 2022-10-21 中国电信股份有限公司 Malicious application program identification method and device, storage medium and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103473506A (en) * 2013-08-30 2013-12-25 北京奇虎科技有限公司 Method and device of recognizing malicious APK files
CN105205396A (en) * 2015-10-15 2015-12-30 上海交通大学 Detecting system for Android malicious code based on deep learning and method thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103473506A (en) * 2013-08-30 2013-12-25 北京奇虎科技有限公司 Method and device of recognizing malicious APK files
CN105205396A (en) * 2015-10-15 2015-12-30 上海交通大学 Detecting system for Android malicious code based on deep learning and method thereof

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109816007A (en) * 2019-01-18 2019-05-28 北京智游网安科技有限公司 Trade classification method, storage medium and the terminal device of application program text information
CN111027029A (en) * 2019-10-21 2020-04-17 厦门天锐科技股份有限公司 Method for judging whether file is installation package or not and limiting opening
CN111027029B (en) * 2019-10-21 2022-02-08 厦门天锐科技股份有限公司 Method for judging whether file is installation package or not and limiting opening
CN115221516A (en) * 2022-07-13 2022-10-21 中国电信股份有限公司 Malicious application program identification method and device, storage medium and electronic equipment
CN115221516B (en) * 2022-07-13 2024-04-26 中国电信股份有限公司 Malicious application program identification method and device, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
Cimitile et al. Talos: no more ransomware victims with formal methods
CN107169358B (en) Code homology detection method and its device based on code fingerprint
CN104123493B (en) The safety detecting method and device of application program
CN102831338B (en) A kind of safety detection method of Android application program and system
US10409966B2 (en) Optimizing and protecting software
US9824212B2 (en) Method and system for recognizing advertisement plug-ins
US11580222B2 (en) Automated malware analysis that automatically clusters sandbox reports of similar malware samples
US11159547B2 (en) Malware clustering approaches based on cognitive computing techniques
CN109002696A (en) It establishes the method for installation kit identification model, identify the method and device of installation kit
Ravi et al. A Multi-View attention-based deep learning framework for malware detection in smart healthcare systems
CN109492355B (en) Software anti-analysis method and system based on deep learning
CN109657488A (en) A kind of resource file cipher processing method, intelligent terminal and storage medium
CN104680065A (en) Virus detection method, virus detection device and virus detection equipment
Martinelli et al. Model checking and machine learning techniques for HummingBad mobile malware detection and mitigation
Aldriwish A deep learning approach for malware and software piracy threat detection
KR102462541B1 (en) Methods and systems for validating licenses for open source software
Bhaskara et al. Emulating malware authors for proactive protection using GANs over a distributed image visualization of dynamic file behavior
CN115510445A (en) Android malicious program detection method based on deep learning
Zhang et al. A php and jsp web shell detection system with text processing based on machine learning
Ullah et al. IoT-based cloud service for secured android markets using PDG-based deep learning classification
Ding et al. Automaticlly learning featurs of android apps using cnn
Yahaya et al. A framework on halal product recognition system through smartphone authentication
CN113971283A (en) Malicious application program detection method and device based on features
CN115688108B (en) Webshell static detection method and system
Chau et al. An entropy-based solution for identifying android packers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181214