CN109002696A - It establishes the method for installation kit identification model, identify the method and device of installation kit - Google Patents
It establishes the method for installation kit identification model, identify the method and device of installation kit Download PDFInfo
- Publication number
- CN109002696A CN109002696A CN201810714195.4A CN201810714195A CN109002696A CN 109002696 A CN109002696 A CN 109002696A CN 201810714195 A CN201810714195 A CN 201810714195A CN 109002696 A CN109002696 A CN 109002696A
- Authority
- CN
- China
- Prior art keywords
- installation kit
- sample
- illegal
- identification model
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000009434 installation Methods 0.000 title claims abstract description 742
- 238000000034 method Methods 0.000 title claims abstract description 82
- 238000012549 training Methods 0.000 claims abstract description 43
- 239000013598 vector Substances 0.000 claims description 29
- 238000000605 extraction Methods 0.000 claims description 15
- 239000000284 extract Substances 0.000 claims description 11
- 238000003860 storage Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 8
- 238000003066 decision tree Methods 0.000 claims description 8
- 238000004364 calculation method Methods 0.000 claims 1
- 238000013136 deep learning model Methods 0.000 claims 1
- 238000012545 processing Methods 0.000 abstract description 6
- 230000006870 function Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 4
- 230000006837 decompression Effects 0.000 description 3
- 230000009467 reduction Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000009412 basement excavation Methods 0.000 description 2
- 238000012512 characterization method Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 238000013135 deep learning Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 108010092377 aminoalcoholphosphotransferase Proteins 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to technical field of data processing, more particularly to it establishes the method for installation kit identification model, identify the method and device of installation kit, it include: to obtain multiple sample installation kits, it include legal installation kit and illegal installation kit in the multiple sample installation kit, the legal installation kit be premised on the installation requirements of user installation kit generated, the illegal installation kit be not the installation kit generated premised on the installation requirements of user;The sample installation kit characteristic information of the feature for characterizing the sample installation kit is extracted from each sample installation kit respectively;Model training is carried out to all sample installation kit characteristic informations extracted, establishes the illegal installation kit identification model of the illegal installation kit for identification.The present invention improves the recognition efficiency for illegal installation kit.
Description
Technical field
The present invention relates to technical field of data processing, more particularly to establish the method for installation kit identification model, identification installation
The method and device of packet.
Background technique
With popularizing for Android intelligent equipment, more and more black production author position shifts cause to Android mobile platform
Malice installation kit under Android platform is in the outburst of blowout.Malice installation kit is a kind of special Android program, they are usually
By the modes such as induction installation and channel prepackage, the device systems of user are installed in the case where user is unaware of also unauthorized
In, so that the device systems to user are attacked, user is caused to cause damages.Malice installation kit can on influence caused by user security risk
To include that rate consume, privacy is stolen, maliciously deduct fees, remotely control and malice advertisement etc..
In the prior art, virus analysis teacher's manual analysis processing is often relied on for the identification of malice installation kit, therefore,
There is a problem of that recognition efficiency is low.
Summary of the invention
In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind
It states the method for establishing installation kit identification model of problem, identify the method and device of installation kit.
First aspect according to the present invention provides a kind of method for establishing installation kit identification model, the method packet
It includes:
Multiple sample installation kits are obtained, include legal installation kit and illegal installation kit, institute in the multiple sample installation kit
State legal installation kit be premised on the installation requirements of user installation kit generated, the illegal installation kit be not be with user
Installation requirements premised on installation kit generated;
The sample peace of the feature for characterizing the sample installation kit is extracted from each sample installation kit respectively
Fill packet characteristic information;
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the illegal installation for identification
The illegal installation kit identification model of packet.
Preferably, the illegal installation kit includes malice installation kit and/or advertisement installation kit.
Preferably, when the illegal installation kit includes the malice installation kit and the advertisement installation kit, described pair is mentioned
All sample installation kit characteristic informations taken out carry out model training, establish the illegal installation of the illegal installation kit for identification
Packet identification model, comprising:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice for identification respectively
The advertisement installation kit identification model of the malice installation kit identification model of installation kit and for identification the advertisement installation kit.
Preferably, the described pair of all sample installation kit characteristic informations extracted carry out model training, comprising:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on depth
The model training of habit.
Preferably, the sample installation of the feature for characterizing the sample installation kit is extracted from the sample installation kit
Packet characteristic information, comprising:
The sample installation kit is unziped it, the critical file for running the sample installation kit is obtained;
File characteristic is extracted from the critical file;
Dimension-reduction treatment is carried out to the file characteristic, obtains the sample installation of the feature for characterizing the sample installation kit
Packet feature vector.
Preferably, the critical file includes classes.dex, resources.arsc, AndroidManifest.xml
With at least one of MANIFEST.MF file.
The second aspect according to the present invention provides a kind of method for identifying installation kit, which comprises
Obtain target installation kit;
The target installation kit feature of the feature for characterizing the target installation kit is extracted from the target installation kit
Information;
The target installation kit characteristic information is input to illegal installation kit identification model, is known according to the illegal installation kit
The recognition result of other model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is is obtained based on any one of the first aspect of the invention step
The illegal installation kit identification model obtained.
Preferably, when the illegal installation kit identification model includes malice installation kit identification model and the identification of advertisement installation kit
Model, it is described that the target installation kit characteristic information is input to illegal installation kit identification model, according to the illegal installation kit
The recognition result of identification model output determines the type of the target installation kit, comprising:
The target installation kit characteristic information is input to malice installation kit identification model, the malice installation kit is obtained and knows
First recognition result of other model output;
If first recognition result is that the target installation kit is malice installation kit, it is determined that the target installation kit
Type is malice installation kit;
If first recognition result is that the target installation kit is not malice installation kit, and the target installation kit is special
Reference breath is input to advertisement installation kit identification model, obtains the second recognition result of the advertisement installation kit identification model output;
If second recognition result is that the target installation kit is advertisement installation kit, it is determined that the target installation kit is
Advertisement installation kit;
If second recognition result is that the target installation kit is not advertisement installation kit, it is determined that the target installation kit
For legal installation kit.
In terms of third according to the present invention, a kind of device for establishing installation kit identification model, described device packet are provided
It includes:
First obtains module, includes legal installation in the multiple sample installation kit for obtaining multiple sample installation kits
Packet and illegal installation kit, the legal installation kit are the installation kit generated premised on the installation requirements of user, described illegal
Installation kit be not the installation kit generated premised on the installation requirements of user;
Second extraction module, for being extracted from each sample installation kit respectively for characterizing the sample installation
The sample installation kit characteristic information of the feature of packet;
Module is established, for carrying out model training to all sample installation kit characteristic informations extracted, is established for knowing
The illegal installation kit identification model of the not described illegal installation kit.
Preferably, the illegal installation kit includes malice installation kit and/or advertisement installation kit.
Preferably, when the illegal installation kit includes the malice installation kit and the advertisement installation kit, the foundation
Module is specifically used for:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice for identification respectively
The advertisement installation kit identification model of the malice installation kit identification model of installation kit and for identification the advertisement installation kit.
Preferably, described to establish module, it is specifically used for:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on depth
The model training of habit.
Preferably, first extraction module, comprising:
Decompression unit is obtained for unziping it to the sample installation kit for running the sample installation kit
Critical file;
Extraction unit, for extracting file characteristic from the critical file;
Dimensionality reduction unit is obtained for carrying out dimension-reduction treatment to the file characteristic for characterizing the sample installation kit
The sample installation kit feature vector of feature.
Preferably, the critical file includes classes.dex, resources.arsc, AndroidManifest.xml
With at least one of MANIFEST.MF file.
The 4th aspect according to the present invention, provides a kind of device for identifying installation kit, and described device includes:
Second obtains module, for obtaining target installation kit;
Second extraction module, for extracting the feature for characterizing the target installation kit from the target installation kit
Target installation kit characteristic information;
Determining module, for the target installation kit characteristic information to be input to illegal installation kit identification model, according to institute
The recognition result for stating illegal installation kit identification model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is based on based on any one of the first aspect of the invention step
Illegal installation kit identification model obtained.
Preferably, when the illegal installation kit identification model includes malice installation kit identification model and the identification of advertisement installation kit
Model, the determining module, comprising:
First obtains unit is obtained for the target installation kit characteristic information to be input to malice installation kit identification model
Obtain the first recognition result of the malice installation kit identification model output;
First determination unit, if being the target installation kit for first recognition result is malice installation kit, really
The type of the fixed target installation kit is malice installation kit;
Second obtaining unit, if being the target installation kit for first recognition result is not malice installation kit,
The target installation kit characteristic information is input to advertisement installation kit identification model, it is defeated to obtain the advertisement installation kit identification model
The second recognition result out;
Second determination unit, if being the target installation kit for second recognition result is advertisement installation kit, really
The fixed target installation kit is advertisement installation kit;
Third determination unit, if it is not advertisement installation kit that second recognition result, which is the target installation kit, it is determined that
The target installation kit is legal installation kit.
The 5th aspect according to the present invention, provides a kind of computer readable storage medium, is stored thereon with computer
Program realizes such as any one of the first aspect of the present invention or second aspect step when the program is executed by processor.
According to the present invention the 6th aspect, provides a kind of computer equipment, including memory, processor and is stored in
On memory and the computer program that can run on a processor, which is characterized in that the processor executes real when described program
Now such as any one of the first aspect of the present invention or second aspect step.
The method and device according to the present invention for establishing installation kit identification model, firstly, including legal installation by obtaining
Multiple sample installation kits of packet and illegal installation kit, legal installation kit are the installation generated premised on the installation requirements of user
Packet, illegal installation kit is is not the installation kit generated premised on the installation requirements of user, then, is pacified respectively from each sample
The sample installation kit characteristic information of the feature for characterizing sample installation kit is extracted in dress packet, it is then, all to what is extracted
Sample installation kit characteristic information carries out model training, establishes illegal installation kit identification model, utilizes illegal installation kit identification model
Can recognize that whether unknown installation kit is illegal installation kit, which not only overcomes the prior art and adopt
The low problem of existing recognition efficiency is manually handled, improves the recognition efficiency for illegal installation kit, and pass through mould
Type training can be realized the excavation of data, find in illegal installation kit rule so that finally utilizing illegal installation kit
The result that identification model identifies accuracy with higher.
Further, the method and device of identification installation kit according to the present invention, first acquisition target installation kit, then from mesh
The target installation kit characteristic information that the feature for characterizing target installation kit is extracted in mark installation kit, then by target installation kit
Characteristic information is input to illegal installation kit identification model, determines target according to the recognition result that illegal installation kit identification model exports
The type of installation kit can not only improve the recognition efficiency to target installation Packet type using the above method, and due to utilizing
Target installation kit characteristic information is as basis of characterization, additionally it is possible to target installation kit be avoided to be exempted from due to using shell adding or obfuscation
It kills, improves installation kit difficulty free to kill.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, identical component is indicated with identical reference pattern.In the accompanying drawings:
Fig. 1 shows the flow chart that the method for installation kit identification model is established in the embodiment of the present invention;
Fig. 2 shows the flow charts of step 102 in the embodiment of the present invention;
Fig. 3 shows the flow chart that the method for installation kit is identified in the embodiment of the present invention;
Fig. 4 shows the structure chart that the device of installation kit identification model is established in the embodiment of the present invention;
Fig. 5 shows the structure chart that the device of installation kit is identified in the embodiment of the present invention;
Fig. 6 shows the structure chart of computer equipment in the embodiment of the present invention.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
First embodiment of the invention provides a kind of method for establishing installation kit identification model, and this method can be applied to Android
In system, so that Android system is that this establishes the executing subject of the method for installation kit identification model.
According to shown in Fig. 1, the method for establishing installation kit identification model in first embodiment of the invention includes:
Step 101: obtaining multiple sample installation kits, include legal installation kit and illegal installation in multiple sample installation kits
Packet, legal installation kit be premised on the installation requirements of user installation kit generated, illegal installation kit be not be with user
Installation kit generated premised on installation requirements.
Step 102: extracting the sample peace of the feature for characterizing sample installation kit from each sample installation kit respectively
Fill packet characteristic information.
Step 103: model training being carried out to all sample installation kit characteristic informations extracted, is established illegal for identification
The illegal installation kit identification model of installation kit.
Specifically, the type of installation kit includes legal installation kit and illegal installation kit, and legal installation kit is with user's
Installation kit generated premised on installation requirements meets user installation demand by running legal installation kit and can install to obtain
Application program, the normal mounting packet in general, legal installation kit is otherwise known as.And illegal installation kit, which is, to be needed with the installation of user
Installation kit generated premised on asking, illegal installation kit include malice installation kit and advertisement installation kit, malice installation kit be for
Cause the installation kit of malicious act to user, malicious act include but is not limited to steal the privacy of user, the property for stealing user,
The rate of user, the equipment of remote control user or interference user equipment normal work etc. are wasted, advertisement installation kit is to carry
The installation kit of advertisement, either malice installation kit or advertisement installation kit, are not to be given birth to premised on the installation requirements of user
At installation kit, therefore, malice installation kit and advertisement installation kit belong to illegal installation kit.
Further, in a step 101, the sample installation kit of magnanimity is obtained first, and the type of sample installation kit is it is known that obtain
To Massive Sample installation kit in may include legal installation kit, malice installation kit and advertisement installation kit, that is, the magnanimity got
Containing type belongs to the sample installation kit of legal installation kit in sample installation kit, type belongs to the sample installation kit of malice installation kit
And type belongs to the sample installation kit of advertisement installation kit.
Specifically, it after getting sample installation kit, is extracted from sample installation kit for characterizing sample installation
The sample installation kit characteristic information of packet feature, the corresponding sample installation kit characteristic information of each sample installation kit.
The extraction process of sample installation kit characteristic information will be described in detail by taking a sample installation kit as an example below,
According to extracting the process of sample installation kit characteristic information shown in Fig. 2 the following steps are included:
Step 201: sample installation kit being unziped it, the critical file for running sample installation kit is obtained.
Step 202: file characteristic is extracted from critical file.
Step 203: dimension-reduction treatment being carried out to file characteristic, obtains the sample installation of the feature for characterizing sample installation kit
Packet feature vector.
Specifically, the critical file for running sample installation kit include classes.dex, resources.arsc,
At least one of AndroidManifest.xml and MANIFEST.MF file.
Wherein, classes.dex file is the core document of installation kit, may operate in Android Dalvik virtual machine
On, by checking the compiling generating process of installation kit it is found that Java source code is compiled into .class file first, then Android
The included dx tool of Software Development Kit will be these, and class file is converted into classes.dex, passes through decompiling
Java source code can be obtained in classes.dex.
Wherein, resources.arsc file is used to the ID of Resource be converted to the title of resource file, in Android
In system, each application program can configure many resources, these resources are used to be adapted to the screen of different densities, size and Orientation
Curtain, and country, area and language etc. that adaptation is different, these resources are in application program operation automatically according to equipment
What current configuration information was adapted to, that is, give an identical resource ID, under different device configurations, what is found can
Resource can be different, this search procedure is completed by Android resource management framework, Android resource management framework then by
Two classes of AssetManager and Resources realize that Resources class can search resource according to ID, and
AssetManager class searches resource according to filename, if it is a file that a resource ID is corresponding,
Resources class first finds resource file title according to ID, then gives this document title to AssetManager class again
Corresponding file is opened, and the ID of Resources class is converted to resource by resources.arsc file by Resources class
The title of file, resources.arsc file are stored in installation kit, are generated in packing process by AAPT tool,
Resources.arsc file is the concordance list of a resource, maintain in the concordance list resource ID, Name, Path or
The corresponding relationship of Value, AssetManager pass through this concordance list, so that it may which it is corresponding to find this resource by the ID of resource
File or data.
Wherein, AndroidManifest.xml file is necessary file in Android program, is located at the root of entire project
In catalogue, component necessary to being run in AndroidManifest.xml file configured with program, permission and relevant information,
AndroidManifest.xml file be also Android application entry file, which depict in package exposure component, this
The respective realization class of a little components, the processed data of various energy and starting position, AndroidManifest.xml file is in addition to energy
State Activities, ContentProviders, Services and the Intent Receivers in program, moreover it is possible to specified
Permissions and instrumentation.
Wherein, MANIFEST.MF file contains the information such as version, founder and the class searching route of installation kit, if peace
Dress packet is executable installation kit, then MANIFEST.MF file can include also Main-Class attribute, shows Main method entrance.
Further, after obtaining critical file, file characteristic is first extracted from critical file, then to extracting
All Files feature carries out dimension-reduction treatment, obtains sample installation kit feature vector corresponding with sample installation kit, wherein sample peace
Dress packet feature vector is the sample installation kit characteristic information for being used to characterize the feature of sample installation kit.Wherein, dimension-reduction treatment is
A kind for the treatment of process converting high dimensional data to low-dimensional data carries out dimension-reduction treatment using dimension-reduction algorithm, for dimension-reduction algorithm
For, PCA dimension-reduction algorithm, LDA dimension-reduction algorithm, LLE dimension-reduction algorithm or other improvements dimension-reduction algorithm can be used, the present invention is implemented
Example to which kind of specifically used dimension-reduction algorithm without limitation, meanwhile, above-mentioned dimension-reduction algorithm is also the prior art, and the present invention is for such as
What, which carries out dimension-reduction treatment using dimension-reduction algorithm, repeats no more.
It should be noted that in embodiments of the present invention, the critical file extracted from sample installation kit may include
It is multiple, when a corresponding sample installation kit is there are when multiple critical files, in step 202, respectively from each critical file
File characteristic is extracted, then, in step 203, dimension-reduction treatment is carried out based on the All Files feature extracted, obtains sample
Installation kit feature vector.For example, the critical file of acquisition includes the first crucial text after decompressing to a sample installation kit
Part classes.dex, the second critical file resources.arsc, third critical file AndroidManifest.xml and
Four critical file MANIFEST.MF then extract the first file characteristic from the first critical file, from the second critical file
In extract the second file characteristic, third file characteristic is extracted from third critical file, is extracted from the 4th critical file
Then 4th file characteristic out is based on the first file characteristic, the second file characteristic, third file characteristic and the 4th file characteristic,
Dimension-reduction treatment is carried out, sample installation kit feature vector corresponding with the sample installation kit is obtained.
Specifically, file characteristic includes the characteristic information of file, for different critical files, file characteristic
Can be different, for example, classes.dex is the structured binary text after a compiling if critical file is classes.dex
Part, it comprises the JAVA codes that can be performed after compiling, and it is fixed to extract class after the format definition parsing provided according to Android
Justice, function prototype information, function execute code, reference the information such as constant character string as file characteristic;If critical file is
Resources.arsc, resources.arsc are the structured binary files after a compiling, and it comprises can after compiling
The resource of execution, according to Android provide format definition parsing after, extract anim, animator, interpolator,
Title and corresponding data under the classifications such as drawable, layout, values, xml, raw, color, menu, mipmap, any
As file characteristic;If critical file be AndroidManifest.xml, AndroidManifest.xml be one compiling after
Structured binary file, according to Android provide format definition parsing after, extract packet name, APK version, SDK editions
Sheet, permission, Activities, ContentProviders, Services, Intent Receivers, permissions,
The information such as instrumentation are as file characteristic;If critical file is MANIFEST.MF, MANIFEST.MF is a text
This document extracts file path described in this document and cryptographic Hash as file characteristic.
Explanation is needed further exist for, no matter sample installation kit belongs to legal installation kit or illegal installation kit, and one
The corresponding sample installation kit characteristic information of sample installation kit namely the corresponding sample installation kit of a sample installation kit are special
Levy vector.
Specifically, in step 103, after extracting the sample installation kit feature vector of all sample installation kits,
Model training is carried out to all sample installation kit feature vectors extracted, wherein can be using the model instruction based on vector machine
Practice method and model training is carried out to sample installation kit feature vector, it can also be using the model training method based on decision tree to sample
This installation kit feature vector carries out model training, can also be using the model training method based on deep learning to sample installation kit
Feature vector carry out model training, and based on vector machine, based on decision tree and based on the model training method of deep learning
Using corresponding model training method, the embodiment of the present invention repeat no more in the prior art.To all samples extracted
After installation kit feature vector carries out model training, the illegal installation kit identification model of illegal installation kit for identification is obtained, is utilized
Illegal installation kit identification model can recognize that whether unknown installation kit belongs to illegal installation kit.
Further, when illegal installation kit includes malice installation kit and advertisement installation kit, by all samples extracted
This installation kit characteristic information carry out model training, establish respectively malice installation kit for identification malice installation kit identification model and
The advertisement installation kit identification model of advertisement installation kit for identification can recognize that unknown peace using malice installation kit identification model
Whether dress packet belongs to malice installation kit, can recognize that whether unknown installation kit belongs to advertisement using advertisement installation kit identification model
Installation kit.
In addition, can be the training pattern with coding, or compression for illegal installation kit identification model
Training pattern, the illegal installation kit identification model of compression can be effectively reduced the storage volume of model, save model to depositing
Store up the occupancy in space.
Based on the same inventive concept, second embodiment of the invention also provides a kind of method for identifying installation kit, is applied to peace
In tall and erect system, so that Android system is the executing subject of the method for the identification installation kit.
According to shown in Fig. 3, the method for the identification installation kit in second embodiment of the invention includes:
Step 301: obtaining target installation kit.
Step 302: the target installation kit feature of the feature for characterizing target installation kit is extracted from target installation kit
Information.
Step 303: target installation kit characteristic information being input to illegal installation kit identification model, is known according to illegal installation kit
The recognition result of other model output determines the type of target installation kit.
Wherein, illegal installation kit identification model identifies mould for the installation kit of establishing introduced in first embodiment according to the present invention
The method of type illegal installation kit identification model obtained.
Specifically, the type of target installation kit is unknown, after obtaining target installation kit, in step 302, from target
Target installation kit characteristic information is extracted in installation kit, extracts the process of target installation kit characteristic information and extracts sample installation kit
Sample installation kit characteristic information process it is identical, specifically, firstly, unziped it to target installation kit, obtain for transporting
The critical file of row target installation kit, critical file may include classes.dex, resources.arsc,
At least one of AndroidManifest.xml and MANIFEST.MF file are then mentioned from each critical file respectively
File characteristic is taken out, then dimension-reduction treatment is carried out to the All Files feature extracted, obtains target corresponding with target installation kit
Installation kit feature vector, the target installation kit feature vector are that the target installation kit for the feature for being used to characterize target installation kit is special
Reference breath.Finally, in step 303, the target installation kit feature vector extracted is input to illegal installation kit identification model,
Illegal installation kit identification model exports recognition result, if recognition result is by identifying to target installation kit characteristic information
Target installation kit is illegal installation kit, it is determined that the type of target installation kit is illegal installation kit, if recognition result is target peace
Dress packet is not illegal installation kit, it is determined that the type of target installation kit is legal installation kit.
Further, in embodiments of the present invention, illegal installation kit identification model may include malice installation kit identification model
With advertisement installation kit identification model, thus, in step 303, target installation kit characteristic information is first input to malice installation kit
Identification model obtains the first recognition result of malice installation kit identification model output, if the first recognition result is target installation kit
Malice installation kit, it is determined that the type of target installation kit be malice installation kit, if the first recognition result be target installation kit not
It is malice installation kit, then target installation kit characteristic information is input to advertisement installation kit identification model, obtains advertisement installation kit and know
Second recognition result of other model output, if it is advertisement installation kit that the second recognition result, which is target installation kit, it is determined that target peace
Dress packet is advertisement installation kit, if it is not advertisement installation kit that the second recognition result, which is target installation kit, it is determined that target installation kit is
Legal installation kit.
It should be noted that being set since malice installation kit is significantly larger than advertisement installation kit to the harm of user equipment to user
Therefore target installation kit in a preferred embodiment, is first input to malice installation kit identification model and known by standby harm
Not, it can not only determine whether target installation kit belongs to malice installation kit at the first time in this way, if target installation kit is that malice is pacified
Dress packet is then in time handled it, and malice installation kit is avoided to damage user equipment, additionally it is possible to be improved and be pacified to malice
Fill the killing efficiency of packet.
Based on the same inventive concept, third embodiment of the invention also provides a kind of device for establishing installation kit identification model,
As shown in figure 4, described device includes:
First obtains module 401, includes legal peace in the multiple sample installation kit for obtaining multiple sample installation kits
Dress packet and illegal installation kit, the legal installation kit is the installation kit generated premised on the installation requirements of user, described non-
Method installation kit be not the installation kit generated premised on the installation requirements of user;
First extraction module 402, for extracting from each sample installation kit for characterizing the sample respectively
The sample installation kit characteristic information of the feature of installation kit;
Module 403 is established, for carrying out model training to all sample installation kit characteristic informations extracted, foundation is used for
Identify the illegal installation kit identification model of the illegal installation kit.
Preferably, the illegal installation kit includes malice installation kit and/or advertisement installation kit.
Preferably, when the illegal installation kit includes the malice installation kit and the advertisement installation kit, the foundation
Module is specifically used for:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice for identification respectively
The advertisement installation kit identification model of the malice installation kit identification model of installation kit and for identification the advertisement installation kit.
Preferably, described to establish module, it is specifically used for:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on depth
The model training of habit.
Preferably, first extraction module, comprising:
Decompression unit is obtained for unziping it to the sample installation kit for running the sample installation kit
Critical file;
Extraction unit, for extracting file characteristic from the critical file;
Dimensionality reduction unit is obtained for carrying out dimension-reduction treatment to the file characteristic for characterizing the sample installation kit
The sample installation kit feature vector of feature.
Preferably, the critical file includes classes.dex, resources.arsc, AndroidManifest.xml
With at least one of MANIFEST.MF file.
Based on the same inventive concept, fourth embodiment of the invention also provides a kind of device for identifying installation kit, such as Fig. 5 institute
Show, described device includes:
Second obtains module 501, for obtaining target installation kit;
Second extraction module 502, for extracting from the target installation kit for characterizing the target installation kit
The target installation kit characteristic information of feature;
Determining module 503, for the target installation kit characteristic information to be input to illegal installation kit identification model, according to
The recognition result of the illegal installation kit identification model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is based on establishing installation kit identification model described in first embodiment
Method illegal installation kit identification model obtained.
Preferably, when the illegal installation kit identification model includes malice installation kit identification model and the identification of advertisement installation kit
Model, the determining module, comprising:
First obtains unit is obtained for the target installation kit characteristic information to be input to malice installation kit identification model
Obtain the first recognition result of the malice installation kit identification model output;
First determination unit, if being the target installation kit for first recognition result is malice installation kit, really
The type of the fixed target installation kit is malice installation kit;
Second obtaining unit, if being the target installation kit for first recognition result is not malice installation kit,
The target installation kit characteristic information is input to advertisement installation kit identification model, it is defeated to obtain the advertisement installation kit identification model
The second recognition result out;
Second determination unit, if being the target installation kit for second recognition result is advertisement installation kit, really
The fixed target installation kit is advertisement installation kit;
Third determination unit, if it is not advertisement installation kit that second recognition result, which is the target installation kit, it is determined that
The target installation kit is legal installation kit.
Based on the same inventive concept, fifth embodiment of the invention also provides a kind of computer readable storage medium, deposits thereon
Computer program is contained, the step of method described in aforementioned first embodiment or second embodiment is realized when which is executed by processor
Suddenly.
Based on the same inventive concept, sixth embodiment of the invention additionally provides a kind of computer equipment, as shown in fig. 6, being
Convenient for explanation, only parts related to embodiments of the present invention are shown, disclosed by specific technical details, please refers to the present invention
Embodiment method part.The computer equipment can be include mobile phone, tablet computer, PDA (Personal Digital
Assistant, personal digital assistant), POS (Point of Sales, point-of-sale terminal), any terminal device such as vehicle-mounted computer,
By taking computer equipment is mobile phone as an example:
Fig. 6 shows the block diagram of part-structure relevant to computer equipment provided in an embodiment of the present invention.With reference to figure
6, which includes: memory 601 and processor 602.It will be understood by those skilled in the art that meter shown in Fig. 6
It calculates machine equipment structure and does not constitute the restriction to computer equipment, may include than illustrating more or fewer components or group
Close certain components or different component layouts.
It is specifically introduced below with reference to each component parts of the Fig. 6 to computer equipment:
Memory 601 can be used for storing software program and module, and processor 602 is stored in memory 601 by operation
Software program and module, thereby executing various function application and data processing.Memory 601 can mainly include storage journey
Sequence area and storage data area, wherein storing program area can the (ratio of application program needed for storage program area, at least one function
Such as sound-playing function, image player function) etc.;It storage data area can storing data (such as audio data, phone directory etc.)
Deng.In addition, memory 601 may include high-speed random access memory, it can also include nonvolatile memory, for example, at least
One disk memory, flush memory device or other volatile solid-state parts.
Processor 602 is the control centre of computer equipment, by running or executing the software being stored in memory 601
Program and/or module, and the data being stored in memory 601 are called, perform various functions and handle data.Optionally,
Processor 602 may include one or more processing units;Preferably, processor 602 can integrate application processor and modulation /demodulation
Processor, wherein the main processing operation system of application processor, user interface and application program etc., modem processor master
Handle wireless communication.
In embodiments of the present invention, processor 602 included by the computer equipment can have aforementioned first embodiment
Or function corresponding to any one of second embodiment step.
In short, the method and device according to the present invention for establishing installation kit identification model, firstly, including legal by obtaining
Multiple sample installation kits of installation kit and illegal installation kit, legal installation kit are generated premised on the installation requirements of user
Installation kit, illegal installation kit is is not the installation kit generated premised on the installation requirements of user, then, respectively from each sample
The sample installation kit characteristic information that the feature for characterizing sample installation kit is extracted in this installation kit, then, to what is extracted
All sample installation kit characteristic informations carry out model training, establish illegal installation kit identification model, are identified using illegal installation kit
Model can recognize that whether unknown installation kit is illegal installation kit, which not only overcomes existing skill
The art problem low using recognition efficiency present in artificial treatment, improves the recognition efficiency for illegal installation kit, Er Qietong
Crossing model training can be realized the excavation of data, find in illegal installation kit rule so that final utilize illegal peace
The result accuracy with higher that dress packet identification model identifies.
Further, the method and device of identification installation kit according to the present invention, first acquisition target installation kit, then from mesh
The target installation kit characteristic information that the feature for characterizing target installation kit is extracted in mark installation kit, then by target installation kit
Characteristic information is input to illegal installation kit identification model, determines target according to the recognition result that illegal installation kit identification model exports
The type of installation kit can not only improve the recognition efficiency to target installation Packet type using the above method, and due to utilizing
Target installation kit characteristic information is as basis of characterization, additionally it is possible to target installation kit be avoided to be exempted from due to using shell adding or obfuscation
It kills, improves installation kit difficulty free to kill.
Algorithm and display are not inherently related to any particular computer, virtual system, or other device provided herein.
Various general-purpose systems can also be used together with teachings based herein.As described above, it constructs required by this kind of system
Structure be obvious.In addition, the present invention is also not directed to any particular programming language.It should be understood that can use various
Programming language realizes summary of the invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention
Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect
Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself
All as a separate embodiment of the present invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment
Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any
Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed
All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power
Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
Meaning one of can in any combination mode come using.
Various component embodiments of the invention can be implemented in hardware, or to run on one or more processors
Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice
Microprocessor or digital signal processor (DSP) realize one of some or all components according to embodiments of the present invention
A little or repertoire.The present invention is also implemented as setting for executing some or all of method as described herein
Standby or program of device (for example, computer program and computer program product).It is such to realize that program of the invention deposit
Storage on a computer-readable medium, or may be in the form of one or more signals.Such signal can be from because of spy
It downloads and obtains on net website, be perhaps provided on the carrier signal or be provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability
Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch
To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame
Claim.
A1, a kind of method for establishing installation kit identification model, which is characterized in that the described method includes:
Multiple sample installation kits are obtained, include legal installation kit and illegal installation kit, institute in the multiple sample installation kit
State legal installation kit be premised on the installation requirements of user installation kit generated, the illegal installation kit be not be with user
Installation requirements premised on installation kit generated;
The sample peace of the feature for characterizing the sample installation kit is extracted from each sample installation kit respectively
Fill packet characteristic information;
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the illegal installation for identification
The illegal installation kit identification model of packet.
A2, the method according to a1 for establishing installation kit identification model, which is characterized in that the illegal installation kit includes
Malice installation kit and/or advertisement installation kit.
A3, the method that installation kit identification model is established according to A2, which is characterized in that when the illegal installation kit packet
When including the malice installation kit and the advertisement installation kit, the described pair of all sample installation kit characteristic informations extracted carry out mould
The illegal installation kit identification model of the illegal installation kit for identification is established in type training, comprising:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice for identification respectively
The advertisement installation kit identification model of the malice installation kit identification model of installation kit and for identification the advertisement installation kit.
A4, the method according to a1 for establishing installation kit identification model, which is characterized in that described pair extract it is all
Sample installation kit characteristic information carries out model training, comprising:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on depth
The model training of habit.
A5, the method according to a1 for establishing installation kit identification model, which is characterized in that from the sample installation kit
Extract the sample installation kit characteristic information of the feature for characterizing the sample installation kit, comprising:
The sample installation kit is unziped it, the critical file for running the sample installation kit is obtained;
File characteristic is extracted from the critical file;
Dimension-reduction treatment is carried out to the file characteristic, obtains the sample installation of the feature for characterizing the sample installation kit
Packet feature vector.
A6, the method according to a5 for establishing installation kit identification model, which is characterized in that the critical file includes
At least one of classes.dex, resources.arsc, AndroidManifest.xm1 and MANIFEST.MF file.
B7, a kind of method for identifying installation kit, which is characterized in that the described method includes:
Obtain target installation kit;
The target installation kit feature of the feature for characterizing the target installation kit is extracted from the target installation kit
Information;
The target installation kit characteristic information is input to illegal installation kit identification model, is known according to the illegal installation kit
The recognition result of other model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model be based on established described in any one of A1-A6 installation kit identify mould
The method of type illegal installation kit identification model obtained.
B8, the method that installation kit is identified according to B7, which is characterized in that when the illegal installation kit identification model packet
Include malice installation kit identification model and advertisement installation kit identification model, it is described the target installation kit characteristic information is input to it is non-
Method installation kit identification model determines the target installation kit according to the recognition result of the illegal installation kit identification model output
Type, comprising:
The target installation kit characteristic information is input to malice installation kit identification model, the malice installation kit is obtained and knows
First recognition result of other model output;
If first recognition result is that the target installation kit is malice installation kit, it is determined that the target installation kit
Type is malice installation kit;
If first recognition result is that the target installation kit is not malice installation kit, and the target installation kit is special
Reference breath is input to advertisement installation kit identification model, obtains the second recognition result of the advertisement installation kit identification model output;
If second recognition result is that the target installation kit is advertisement installation kit, it is determined that the target installation kit is
Advertisement installation kit;
If second recognition result is that the target installation kit is not advertisement installation kit, it is determined that the target installation kit
For legal installation kit.
C9, a kind of device for establishing installation kit identification model, which is characterized in that described device includes:
First obtains module, includes legal installation in the multiple sample installation kit for obtaining multiple sample installation kits
Packet and illegal installation kit, the legal installation kit are the installation kit generated premised on the installation requirements of user, described illegal
Installation kit be not the installation kit generated premised on the installation requirements of user;
Second extraction module, for being extracted from each sample installation kit respectively for characterizing the sample installation
The sample installation kit characteristic information of the feature of packet;
Module is established, for carrying out model training to all sample installation kit characteristic informations extracted, is established for knowing
The illegal installation kit identification model of the not described illegal installation kit.
C10, the device that installation kit identification model is established according to C9, which is characterized in that the illegal installation kit packet
Include malice installation kit and/or advertisement installation kit.
C11, the device that installation kit identification model is established according to C10, which is characterized in that when the illegal installation kit
It is described to establish module including the malice installation kit and when the advertisement installation kit, it is specifically used for:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice for identification respectively
The advertisement installation kit identification model of the malice installation kit identification model of installation kit and for identification the advertisement installation kit.
C12, the device that installation kit identification model is established according to C9, which is characterized in that it is described to establish module, specifically
For:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on depth
The model training of habit.
C13, the device that installation kit identification model is established according to C9, which is characterized in that first extraction module,
Include:
Decompression unit is obtained for unziping it to the sample installation kit for running the sample installation kit
Critical file;
Extraction unit, for extracting file characteristic from the critical file;
Dimensionality reduction unit is obtained for carrying out dimension-reduction treatment to the file characteristic for characterizing the sample installation kit
The sample installation kit feature vector of feature.
C14, the device that installation kit identification model is established according to C13, which is characterized in that the critical file includes
At least one of classes.dex, resources.arsc, AndroidManifest.xml and MANIFEST.MF file.
D15, a kind of device for identifying installation kit, which is characterized in that described device includes:
Second obtains module, for obtaining target installation kit;
Second extraction module, for extracting the feature for characterizing the target installation kit from the target installation kit
Target installation kit characteristic information;
Determining module, for the target installation kit characteristic information to be input to illegal installation kit identification model, according to institute
The recognition result for stating illegal installation kit identification model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is based on foundation described in any claim in claim 1-6
The method of installation kit identification model illegal installation kit identification model obtained.
D16, the device that installation kit is identified according to D15, which is characterized in that when the illegal installation kit identification model
Including malice installation kit identification model and advertisement installation kit identification model, the determining module, comprising:
First obtains unit is obtained for the target installation kit characteristic information to be input to malice installation kit identification model
Obtain the first recognition result of the malice installation kit identification model output;
First determination unit, if being the target installation kit for first recognition result is malice installation kit, really
The type of the fixed target installation kit is malice installation kit;
Second obtaining unit, if being the target installation kit for first recognition result is not malice installation kit,
The target installation kit characteristic information is input to advertisement installation kit identification model, it is defeated to obtain the advertisement installation kit identification model
The second recognition result out;
Second determination unit, if being the target installation kit for second recognition result is advertisement installation kit, really
The fixed target installation kit is advertisement installation kit;
Third determination unit, if it is not advertisement installation kit that second recognition result, which is the target installation kit, it is determined that
The target installation kit is legal installation kit.
E17, a kind of computer readable storage medium, are stored thereon with computer program, which is characterized in that the program is located
It manages when device executes and realizes the method and step according to any one of A1-B8.
F18, a kind of computer equipment, including memory, processor and storage can transport on a memory and on a processor
Capable computer program, which is characterized in that the processor is realized according to any one of A1-B8 when executing described program
Method and step.
Claims (10)
1. a kind of method for establishing installation kit identification model, which is characterized in that the described method includes:
Multiple sample installation kits are obtained, include legal installation kit and illegal installation kit, the conjunction in the multiple sample installation kit
Method installation kit is the installation kit generated premised on the installation requirements of user, the illegal installation kit be not peace with user
Installation kit generated premised on dress demand;
The sample installation kit of the feature for characterizing the sample installation kit is extracted from each sample installation kit respectively
Characteristic information;
Model training is carried out to all sample installation kit characteristic informations for extracting, establishes the illegal installation kit for identification
Illegal installation kit identification model.
2. the method for establishing installation kit identification model as described in claim 1, which is characterized in that the illegal installation kit includes
Malice installation kit and/or advertisement installation kit.
3. the method for establishing installation kit identification model as claimed in claim 2, which is characterized in that when the illegal installation kit packet
When including the malice installation kit and the advertisement installation kit, the described pair of all sample installation kit characteristic informations extracted carry out mould
The illegal installation kit identification model of the illegal installation kit for identification is established in type training, comprising:
Model training is carried out to all sample installation kit characteristic informations extracted, establishes the malice installation for identification respectively
The advertisement installation kit identification model of the malice installation kit identification model of packet and for identification the advertisement installation kit.
4. the method for establishing installation kit identification model as described in claim 1, which is characterized in that described pair extract it is all
Sample installation kit characteristic information carries out model training, comprising:
All sample installation kit characteristic informations extracted are carried out based on vector machine, based on decision tree or based on deep learning
Model training.
5. the method for establishing installation kit identification model as described in claim 1, which is characterized in that from the sample installation kit
Extract the sample installation kit characteristic information of the feature for characterizing the sample installation kit, comprising:
The sample installation kit is unziped it, the critical file for running the sample installation kit is obtained;
File characteristic is extracted from the critical file;
Dimension-reduction treatment is carried out to the file characteristic, the sample installation kit for obtaining the feature for characterizing the sample installation kit is special
Levy vector.
6. a kind of method for identifying installation kit, which is characterized in that the described method includes:
Obtain target installation kit;
The target installation kit characteristic information of the feature for characterizing the target installation kit is extracted from the target installation kit;
The target installation kit characteristic information is input to illegal installation kit identification model, mould is identified according to the illegal installation kit
The recognition result of type output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is to be installed based on foundation described in any claim in claim 1-5
The method of packet identification model illegal installation kit identification model obtained.
7. a kind of device for establishing installation kit identification model, which is characterized in that described device includes:
First obtains module, include for obtaining multiple sample installation kits, in the multiple sample installation kit legal installation kit and
Illegal installation kit, the legal installation kit are installation kit generated, the illegal installation premised on the installation requirements of user
It wraps not to be the installation kit generated premised on the installation requirements of user;
First extraction module, for extracting from each sample installation kit for characterizing the sample installation kit respectively
The sample installation kit characteristic information of feature;
Module is established, for carrying out model training to all sample installation kit characteristic informations extracted, establishes institute for identification
State the illegal installation kit identification model of illegal installation kit.
8. a kind of device for identifying installation kit, which is characterized in that described device includes:
Second obtains module, for obtaining target installation kit;
Second extraction module, for extracting the mesh of the feature for characterizing the target installation kit from the target installation kit
Mark installation kit characteristic information;
Determining module, for the target installation kit characteristic information to be input to illegal installation kit identification model, according to described non-
The recognition result of method installation kit identification model output determines the type of the target installation kit;
Wherein, the illegal installation kit identification model is to be installed based on foundation described in any claim in claim 1-6
The method of packet identification model illegal installation kit identification model obtained.
9. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is held by processor
The method and step as described in any claim in claim 1-6 is realized when row.
10. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor
Calculation machine program, which is characterized in that the processor is realized when executing described program such as any claim institute in claim 1-6
The method and step stated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810714195.4A CN109002696A (en) | 2018-06-29 | 2018-06-29 | It establishes the method for installation kit identification model, identify the method and device of installation kit |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810714195.4A CN109002696A (en) | 2018-06-29 | 2018-06-29 | It establishes the method for installation kit identification model, identify the method and device of installation kit |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109002696A true CN109002696A (en) | 2018-12-14 |
Family
ID=64598162
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810714195.4A Pending CN109002696A (en) | 2018-06-29 | 2018-06-29 | It establishes the method for installation kit identification model, identify the method and device of installation kit |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109002696A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109816007A (en) * | 2019-01-18 | 2019-05-28 | 北京智游网安科技有限公司 | Trade classification method, storage medium and the terminal device of application program text information |
CN111027029A (en) * | 2019-10-21 | 2020-04-17 | 厦门天锐科技股份有限公司 | Method for judging whether file is installation package or not and limiting opening |
CN115221516A (en) * | 2022-07-13 | 2022-10-21 | 中国电信股份有限公司 | Malicious application program identification method and device, storage medium and electronic equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103473506A (en) * | 2013-08-30 | 2013-12-25 | 北京奇虎科技有限公司 | Method and device of recognizing malicious APK files |
CN105205396A (en) * | 2015-10-15 | 2015-12-30 | 上海交通大学 | Detecting system for Android malicious code based on deep learning and method thereof |
-
2018
- 2018-06-29 CN CN201810714195.4A patent/CN109002696A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103473506A (en) * | 2013-08-30 | 2013-12-25 | 北京奇虎科技有限公司 | Method and device of recognizing malicious APK files |
CN105205396A (en) * | 2015-10-15 | 2015-12-30 | 上海交通大学 | Detecting system for Android malicious code based on deep learning and method thereof |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109816007A (en) * | 2019-01-18 | 2019-05-28 | 北京智游网安科技有限公司 | Trade classification method, storage medium and the terminal device of application program text information |
CN111027029A (en) * | 2019-10-21 | 2020-04-17 | 厦门天锐科技股份有限公司 | Method for judging whether file is installation package or not and limiting opening |
CN111027029B (en) * | 2019-10-21 | 2022-02-08 | 厦门天锐科技股份有限公司 | Method for judging whether file is installation package or not and limiting opening |
CN115221516A (en) * | 2022-07-13 | 2022-10-21 | 中国电信股份有限公司 | Malicious application program identification method and device, storage medium and electronic equipment |
CN115221516B (en) * | 2022-07-13 | 2024-04-26 | 中国电信股份有限公司 | Malicious application program identification method and device, storage medium and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Cimitile et al. | Talos: no more ransomware victims with formal methods | |
CN107169358B (en) | Code homology detection method and its device based on code fingerprint | |
CN104123493B (en) | The safety detecting method and device of application program | |
CN102831338B (en) | A kind of safety detection method of Android application program and system | |
US10409966B2 (en) | Optimizing and protecting software | |
US9824212B2 (en) | Method and system for recognizing advertisement plug-ins | |
US11580222B2 (en) | Automated malware analysis that automatically clusters sandbox reports of similar malware samples | |
US11159547B2 (en) | Malware clustering approaches based on cognitive computing techniques | |
CN109002696A (en) | It establishes the method for installation kit identification model, identify the method and device of installation kit | |
Ravi et al. | A Multi-View attention-based deep learning framework for malware detection in smart healthcare systems | |
CN109492355B (en) | Software anti-analysis method and system based on deep learning | |
CN109657488A (en) | A kind of resource file cipher processing method, intelligent terminal and storage medium | |
CN104680065A (en) | Virus detection method, virus detection device and virus detection equipment | |
Martinelli et al. | Model checking and machine learning techniques for HummingBad mobile malware detection and mitigation | |
Aldriwish | A deep learning approach for malware and software piracy threat detection | |
KR102462541B1 (en) | Methods and systems for validating licenses for open source software | |
Bhaskara et al. | Emulating malware authors for proactive protection using GANs over a distributed image visualization of dynamic file behavior | |
CN115510445A (en) | Android malicious program detection method based on deep learning | |
Zhang et al. | A php and jsp web shell detection system with text processing based on machine learning | |
Ullah et al. | IoT-based cloud service for secured android markets using PDG-based deep learning classification | |
Ding et al. | Automaticlly learning featurs of android apps using cnn | |
Yahaya et al. | A framework on halal product recognition system through smartphone authentication | |
CN113971283A (en) | Malicious application program detection method and device based on features | |
CN115688108B (en) | Webshell static detection method and system | |
Chau et al. | An entropy-based solution for identifying android packers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181214 |