CN109558304A - A kind of component liaison analysis method, device and electronic equipment - Google Patents
A kind of component liaison analysis method, device and electronic equipment Download PDFInfo
- Publication number
- CN109558304A CN109558304A CN201710892309.XA CN201710892309A CN109558304A CN 109558304 A CN109558304 A CN 109558304A CN 201710892309 A CN201710892309 A CN 201710892309A CN 109558304 A CN109558304 A CN 109558304A
- Authority
- CN
- China
- Prior art keywords
- related network
- function
- component
- file
- file destination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3452—Performance evaluation by statistical analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Biology (AREA)
- Probability & Statistics with Applications (AREA)
- Quality & Reliability (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention provides a kind of component liaison analysis method, device and electronic equipment, the above method includes: the Android installation kit APK file for obtaining destination application, carries out decompiling to APK file and obtains file destination;Static analysis is carried out to file destination, generates the first related network;According to the call relation of the function in file destination, the second related network is determined, obtain third related network in conjunction with the first related network and the second related network;During running the destination application, dynamic monitoring is carried out to user behavior based on third related network, obtains the 4th related network between the component of user behavior triggering.Using component liaison analysis method provided by the invention, the 4th related network between the component of user behavior triggering can be obtained, the 4th related network can reflect out the use habit of the user using application program.
Description
Technical field
The present invention relates to Internet technical fields, set more particularly to a kind of component liaison analysis method, device and electronics
It is standby.
Background technique
Android application program is made of some scattered associated components, each component by the component function
It constitutes, by function call between component, matches jointly and user's offer service is provided.With the perfect and peace of Android system mechanism
Tall and erect function of application is enriched, and the demand of user also constantly complicates, and the single independent work of Android application program can not
The certain demands for meeting user need the component of the Android application program and the component of other Android application programs to pass through function
It calls mutually and (is alternatively referred to as associated with), the communication between realizing constitutes related network to meet the needs of users.To Android
The component liaison of application program is analyzed, and the association of the association approach between the component for indicating Android application program can be obtained
Network, this has the use habit for analyzing the permission of Android application program, ensureing the safety of Android system and understanding user
Significance.
Existing Android component liaison analysis is usually static analysis method, in the APK (Android for obtaining application program
Package, Android installation kit) after file, APK file is scanned using technological means such as morphological analysis, syntactic analyses, it is raw
At the dis-assembling code of application program, the related network between the component of dis-assembling code acquisition application program is then analyzed.It is existing
There is technology due to only being analyzed in code layer in face of application program itself, obtained related network can only be in objectively expression group
Existing association between part, the related network can not reflect the use habit of the user using application program.
Summary of the invention
The embodiment of the present invention is designed to provide a kind of component liaison analysis method, device and electronic equipment, to obtain
Related network between the component of user behavior triggering, the related network can reflect out the use of the user using application program
Habit.Specific technical solution is as follows:
In a first aspect, in order to achieve the above object, it is described the embodiment of the invention discloses a kind of component liaison analysis method
Method includes:
The Android installation kit APK file for obtaining destination application carries out decompiling to the APK file and obtains target text
Part;
Static analysis is carried out to the file destination, generates the first related network, first related network includes described
The incidence relation between each component that file destination is included;
According to the call relation of the function in the file destination, the second related network is determined, in conjunction with first association
Network and second related network obtain third related network, and the third related network includes that the file destination is included
Each component between incidence relation and the function in the file destination call relation;
During running the destination application, dynamic is carried out to user behavior based on the third related network
Monitoring obtains the 4th related network between the component of the user behavior triggering.
Optionally, the Android installation kit APK file for obtaining destination application includes:
Obtain the APK file and all mounted third-party application journeys of all system applications in terminal to be analyzed
The APK file of sequence.
Optionally, the call relation according to the function in the file destination, determines the second related network, comprising:
The corresponding file destination of APK file for parsing each third party application, obtains in the file destination
Function;
For each function of acquisition, its cofunction in file destination belonging to the function and the function is determined
Call relation;
Using the call relation of the function in each file destination determined as the second related network.
Optionally, described that dynamic monitoring is carried out to user behavior based on the third related network, obtain user's row
The 4th related network between the component of triggering, comprising:
It is inserted into detection function in the objective function in the third related network, according to the output knot of the detection function
Fruit determines the call relation of the incidence relation between the component of the user behavior triggering and the function of user behavior triggering;
Wherein, the objective function includes: the life cycle function, the target element and the association of target element and associated component
The function of component internal;The target element is the component of user behavior effect;The associated component be and the target
The associated component of component;
The calling of the incidence relation between component that the user behavior is triggered and the function of user behavior triggering
The 4th related network between the component that relationship is triggered as the user behavior.
Second aspect, in order to achieve the above object, the embodiment of the invention also discloses a kind of component liaison analytical equipment, institutes
Stating device includes:
File destination obtains module, for obtaining the Android installation kit APK file of destination application, to the APK text
Part carries out decompiling and obtains file destination;
First related network generation module, for generating the first related network to file destination progress static analysis,
First related network includes the incidence relation between each component that the file destination is included;
Third related network obtains module and determines second for the call relation according to the function in the file destination
Related network obtains third related network, the third association in conjunction with first related network and second related network
Network includes the calling of the incidence relation between each component that the file destination is included and the function in the file destination
Relationship;
4th related network obtains module, for being based on the third during running the destination application
Related network carries out dynamic monitoring to user behavior, obtains the 4th related network between the component of the user behavior triggering.
Optionally, it includes: that APK acquisition submodule and file destination obtain submodule that the file destination, which obtains module,;
The APK acquisition submodule, for obtaining APK file and the institute of all system applications in terminal to be analyzed
There is the APK file of mounted third party application;
The file destination obtains submodule, obtains file destination for carrying out decompiling to the APK file.
Optionally, it includes: that function obtains submodule, call relation determines submodule that the third related network, which obtains module,
Block, the second related network determine that submodule and third related network obtain submodule;
The function obtains submodule, for parsing the corresponding target of APK file of each third party application
File obtains the function in the file destination;
The call relation determines submodule, for determining the function and the function for each function obtained
The call relation of its cofunction in affiliated file destination;
Second related network determines submodule, for by the call relation of the function in each file destination determined
As the second related network;
The third related network obtains submodule, in conjunction with first related network and second related network
Third related network is obtained, the third related network includes the incidence relation between each component that the file destination is included
With the call relation of the function in the file destination.
Optionally, it includes: that relationship determines that submodule and the 4th related network obtain that the 4th related network, which obtains module,
Submodule;
The relationship determines submodule, for being inserted into detection function in the objective function in the third related network,
The incidence relation between the component of the user behavior triggering and the user are determined according to the output result of the detection function
The call relation of the function of behavior triggering;Wherein, the objective function includes: the life cycle letter of target element and associated component
Function inside several, the described target element and the associated component;The target element is the component of user behavior effect;
The associated component is component associated with the target element;
4th related network obtains submodule, the incidence relation between component for triggering the user behavior
The 4th between the component that trigger as the user behavior of the call relation of the function of user behavior triggering is associated with net
Network.
The third aspect, in order to achieve the above object, the embodiment of the invention also discloses a kind of electronic equipment, the electronics is set
Standby includes processor, communication interface, memory and communication bus, wherein processor, communication interface, memory are total by communication
Line completes mutual communication;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any of the above-described component liaison analysis
Method.
A kind of component liaison analysis method provided in an embodiment of the present invention and device, can be obtained in conjunction with static analysis the
The call relation of one related network and the function of component internal obtains third related network, based on third related network to user's row
To carry out dynamic monitoring, the 4th related network between the component of user behavior triggering can be obtained, the 4th related network can
To reflect the use habit for the user for using application program.Certainly, it implements any of the products of the present invention or method must be not necessarily
It needs to reach all the above advantage simultaneously.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is component liaison schematic diagram provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of component liaison analysis method provided in an embodiment of the present invention;
Fig. 3 is a kind of flow diagram provided in an embodiment of the present invention for obtaining file destination;
Fig. 4 is a kind of flow diagram provided in an embodiment of the present invention for obtaining third related network;
Fig. 5 is a kind of flow diagram provided in an embodiment of the present invention for obtaining the 4th related network;
Fig. 6 is a kind of structural schematic diagram of component liaison analytical equipment provided in an embodiment of the present invention;
Fig. 7 is a kind of structural schematic diagram that file destination provided in an embodiment of the present invention obtains module;
Fig. 8 is a kind of structural schematic diagram that third related network provided in an embodiment of the present invention obtains module;
Fig. 9 is a kind of structural schematic diagram that the 4th related network provided in an embodiment of the present invention obtains module;
Figure 10 is a kind of structural schematic diagram of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Nowadays the life that Android mobile phone and application program are increasingly close to the users, become in people's life and work can not
Or scarce a part.Android application program is mainly made of some scattered associated components, including display interface
Activity, service Service, broadcast Broadcast Receive and the big component of data communication Content Provider tetra-.
This four big component is each responsible for different work, is combined with and provides service for user.With function of application enrich constantly with
And Android system mechanism constantly improve, the demand of user also constantly complicates, and single application program has been unable to satisfy certain of user
A little demands, therefore single application program needs to rely on the component of other applications, passes through the function of component internal between component
Calling work in coordination, to meet user demand.This dependence between component can indicate with related network, analysis group
Related network between part is of great significance for understanding the use habit of user.
Currently, usually will be installed multiple application programs in terminal, each application program may include multiple components, each component
Between can be realized and call by function, that is, component can be called separately by the calling of one or more functions
One component, this call relation can be described as incidence relation.Referring to Fig. 1, Fig. 1 is that component liaison provided in an embodiment of the present invention shows
It is intended to.Component A exists with component B and is associated in Fig. 1, and component B exists with component C to be associated with, wherein component A and component B can pass through
Function 1 is called to realize association, it can also be by calling function 2 to be associated with the realization of function 3, component B and component C are by calling function
4 are associated with the realization of function 5.Existing Android application component related analysis technology obtains target text by decompiling application program
Part parses file destination, can obtain the related network between component.However existing component liaison technology can only obtain component
Between A and component B can by function 1 with can by function 3 realize be associated with, specific component A how to call function 1 and how
Call function 3 that can not but obtain.The information content that the related network between component that the prior art obtains includes is few, can not be by this
The use habit of related network acquisition user.
It is considered as desirable by the inventor to be based on existing component liaison analytical technology, pass through the abundant association net of the static analysis more refined
Network, namely the call relation (i.e. component A- function 1 and component A- function 2- function 3) of the function of component internal is obtained, so that closing
Network of networking is more detailed, then by dynamic analysis technology, is monitored to user behavior, between the component for obtaining user behavior triggering
More detailed related network.
Based on above-mentioned consideration, the present invention provides a kind of component liaison analysis method, this method can be applied to terminal, should
Terminal can be the terminal for being equipped with the application program for carrying out component liaison analysis, such as the movement such as mobile phone or tablet computer
Terminal, or other smart machines equipped with Android simulator;Alternatively, this method also can be applied to some application in terminal
In program (such as some plug-in unit).The present embodiment is applied to be illustrated for plug-in unit in this way, other situations are similar therewith.
The plug-in unit can obtain third in conjunction with the call relation of the first obtained related network of static analysis and the function of component internal and close
Networking network carries out dynamic monitoring to user behavior timing based on third related network, obtains between the component that user behavior triggers
The 4th related network.After obtaining the 4th related network, associated data therein can be sent to plug-in unit backstage or other
It can be analyzed according to the module that associated data analyzes user behavior, to obtain the use habit of user.
It is described in detail again by specific embodiment to the present invention below.
Fig. 2 is a kind of flow diagram for the component liaison analysis method that present invention implementation provides, comprising:
S201: obtaining the Android installation kit APK file of destination application, carries out decompiling to APK file and obtains target
File.
Wherein, destination application can be system application, be also possible to third party application.
When obtaining APK file, the configuration based on technical staff can be, obtain preset application program to be analyzed
APK file is also possible to obtain system application and installed whole third-party applications in the terminal that user uses
The APK file of program.
APK (Android Package, Android installation kit) file is that one kind can be directly in Android simulator or Android
The program file of installation is executed in mobile phone.
Decompiling is to carry out decompiling, available source file and resource to APK file by using APK decompiling instrument
File.And then the source code in obtained source file and resource file can be analyzed and counted, can also to source file and
It is compiled again after resource file processing, to reach the purpose of personalized customization APK file.Wherein, source file can be smali
File.
User can download the application program of oneself needs, intelligence by the download platform of application program in an intelligent terminal
Energy terminal can then obtain the APK file of the application program from download platform, and intelligent terminal can be created for each application program
A file is built, by the APK file storage of the application program into this document folder, and then this is installed based on the APK file and is answered
Use program.
In embodiments of the present invention, intelligent terminal can be installed to using the plug-in unit of invention components association analysis method
On, plug-in unit in the process of running, can the user behavior periodically to the user for using the intelligent terminal be monitored, can also
To be monitored according to the instruction of plug-in unit backstage instruction to user behavior.When being monitored to user behavior, plug-in unit can be read
The file of above-mentioned storage application program APK file obtains APK file, carries out decompiling to APK file, obtains smali file
(i.e. file destination) analyzes the source code in smali file, obtains the pass between the component and these components that file destination includes
Connection relationship, i.e. a kind of related network between acquisition component.
Wherein, the third-party application journey of all system applications on the available intelligent terminal of plug-in unit and user installation
The APK file of sequence.Optionally, referring to Fig. 3, the treatment process of S201 may include:
S2011: obtain all system applications in terminal to be analyzed APK file and all mounted third parties
The APK file of application program.
In a kind of implementation, all system applications on intelligent terminal that the above-mentioned available user of plug-in unit uses
APK file and the mounted third party application of all users APK file.
Specifically, plug-in unit can obtain the APK text of all system applications by reading system/app file
Part reads data/app file, obtains the APK file of all mounted third party applications.
Plug-in unit obtains the APK file of all system applications on the intelligent terminal that uses of user and all mounted
The APK file of third party application can obtain the related network for the maximum magnitude that user behavior can trigger.
S2012: decompiling is carried out to APK file and obtains file destination.
After above-mentioned plug-in unit obtains the APK file of destination application, the integrated decompiling instrument of therein can use
Decompiling is carried out to APK file, obtains file destination.The process for carrying out decompiling to APK file is referred to above-mentioned steps
The related description of S201, details are not described herein.
S202: static analysis is carried out to file destination, generates the first related network.
Wherein, first related network includes the incidence relation between each component that the file destination is included.
It in the present embodiment, can be for each function in file destination, building after above-mentioned plug-in unit obtains file destination
Abstract syntax tree can obtain the controlling stream graph of each function by the abstract syntax tree of each function, can using controlling stream graph
To obtain the crucial API (Application Programming Interface, application programming interface) of component liaison
(such as start Activity (), bind Service ()), divides the parameter of the intent in the crucial API of acquisition
Analysis, obtains inter-related component, namely obtain component A- function 1- component B and component A- as shown in Figure 1 for component A
Function 3- component B.
Wherein, abstract syntax tree is omitted some thin according to the syntactic structure of each function source code in file destination
Section (such as: bracket does not generate node), it is abstracted into a kind of structure of tree-like expression.Abstract syntax tree can make function source code
Level is more clear.
Intent is the tie that is mutually related between different components, is Correlation Criteria between an in store different components
Intent object, one purpose of an intent object representation or expectation have comprising its desired service or movement, with movement
The data etc. of pass.Android system is then responsible for pairing according to the content that this intent object includes, and finds out associated component, then
Intent object is passed to found component.
For example, being directed to component A, incidence relation (the component A- function between above-mentioned inter-related component and these components
1- component B and component A- function 3- component B) it that is to say the first related network.
S203: according to the call relation of the function in file destination, the second related network is determined, in conjunction with the first related network
Third related network is obtained with the second related network.
Wherein, third related network includes in the incidence relation and file destination between each component that file destination is included
Function call relation.
In the present embodiment, for component A, above-mentioned plug-in unit can obtain file destination by parsing to file destination
In function call relation namely the second related network (component A- function 1 and component A- function 2- function 3).The first pass
(component A- function 1- component B is associated with net with component A- function 3- component B) with second to incidence relation in networking network between component
The call relation (component A- function 1 and component A- function 2- function 3) of function is combined in network, obtains third related network
(component A- function 1- component B and component A- function 2- function 3- component B).Third related network can not only embody between component
Association, and the call relation between component by function can be embodied.
Optionally, it can be analyzed for third party application, determine the second related network, referring to fig. 4, for the
The number of tripartite's application program is multiple situation, and the treatment process of S203 may comprise steps of:
S2031: the corresponding file destination of APK file of each third party application is parsed, is obtained in the file destination
Function.
In a kind of implementation, above-mentioned plug-in unit can be directed to the corresponding target of APK file of each third party application
File, identification obtain all functions in these file destinations.
Specifically, above-mentioned function may include the member function and static function of inner classes in file destination.
S2032: for each function of acquisition, its cofunction in file destination belonging to the function and the function is determined
Call relation.
In a kind of implementation, above-mentioned plug-in unit can divide for each function obtained what is instructed in the function
Analysis, determines the call relation of function.
Specifically, due to being all to utilize unified API, and system API will not generate the pass of component when component is interrelated
Connection, therefore it is directed to each function, it can be determined that whether the objective function of the invoke instruction of the function is system API, if should
The objective function of the invoke instruction of function is not system API, it is determined that is application program between the function and its objective function
The call relation of internal function.
Illustratively, for component A, which can determine that component A calls directly function 1 and component A passes through function
2 call function 3 in turn.
S2033: using the call relation of the function in each file destination determined as the second related network.
The call relation of function in each file destination includes the concrete ways that each component and function realizes calling, for example,
For component A, available component A- function 1 and component A- function 2- function 3, for component B, available component B- function
4- function 5.The call relation namely the second related network of the above-mentioned function obtained for each component.
S2034: third related network is obtained in conjunction with the first related network and the second related network.
Wherein, third related network includes in the incidence relation and file destination between each component that file destination is included
Function call relation.
Third related network process, which is obtained, here in connection with the first related network and the second related network is referred to above-mentioned step
The related description of rapid S203, details are not described herein.
Will for the function that each function of file destination obtains call relation as the second related network, in combination with
First related network obtains third related network, and obtained third related network can either embody the association between component, and energy
Enough embody the call relation of the function between component.Therefore user behavior is analyzed based on third related network, can be obtained
To more specific analysis result.
S204: during operational objective application program, dynamic prison is carried out to user behavior based on third related network
Control obtains the 4th related network between the component of user behavior triggering.
Wherein, dynamic monitoring is a kind of real-time monitoring user behavior to realize the means of testing of component liaison analysis, this reality
It applies in example, detection function can be added in source program, after target program operation, according to the output of detection function as a result, reality
Now situations such as variation of the execution of source program sentence, variable, is checked.
It, can preset position insertion detection function (can be in third in third related network in a kind of implementation
The inlet insertion of function in related network counts sentence), when user operates in certain application program, terminal can be with
Corresponding operation instruction is received, and then corresponding application program is run according to the operational order and (calls the group of application program
Part).During calling the component of application program, the calling of the function inside meeting trigger assembly, terminal be may be performed simultaneously
Detection function.It, can be by checking the output result of detection function (according to the output knot for counting sentence after preset time
Fruit), the call relation namely the 4th related network of the function between the component and component triggered by user behavior are obtained, is utilized
4th related network analyzes user behavior, can obtain the use habit of user.
Wherein it is possible in the function of component and associated component that the user behavior in third related network is acted on
It is inserted into the monitoring that detection function carries out user behavior.Optionally, referring to Fig. 5, the treatment process of S204 may include:
S2041: being inserted into detection function in the objective function in third related network, according to the output result of detection function
Determine the call relation of the incidence relation between the component of user behavior triggering and the function of user behavior triggering.
Wherein, objective function includes: life cycle function, target element and the associated component of target element and associated component
Internal function;Target element is the component of user behavior effect;Associated component is component associated with target element.
In a kind of implementation, for user behavior, it is first determined the component namely target group that user behavior is acted on
Part, while obtaining all components namely associated component with target element direct correlation and indirect association.When two components are direct
It is associated by the call relation of function, then claim two components to be directly linked, when two components are associated by third component,
Then claim two component indirect associations, referring to Fig. 1, in Fig. 1, component A and component B are directly linked, component A and component C indirect association.
Illustratively, when obtaining target element, it can be determined and be used by layout extensible markup language xml document first
Activity component belonging to the control that family behavior is acted on.Then letter is adjusted back in the response of positioning user behavior in the application
Number, such as the on Click () of the monitoring event of button, can usually be found on Create () function of Activity by
Button clicks the setting of event, to position on Click () function and affiliated class.
User behavior is monitored, can be realized based on Xposed module.Specifically, user behavior is monitored
Process can be with are as follows: during operational objective program, plug-in unit can be in the mesh in third related network using Xposed module
It marks and is inserted into detection function (can be inserted into the inlet of function and count sentence) in component and the life cycle function of associated component,
When user operates in certain application program, terminal can receive corresponding operation instruction, and then be referred to according to the operation
It enables and runs corresponding application program (calling the component of application program).During calling the component of application program, it can touch
The calling of the function of component internal is sent out, terminal may be performed simultaneously counting sentence.After preset time, plug-in unit is according to counting language
The output of sentence is as a result, determine the component being called in target element and associated component, namely obtain in this time by user's row
For the component (i.e. component A- component B) of triggering.Plug-in unit can be inserted into inspection in the function of the calling in third related network simultaneously
Function (can be inserted into the inlet of function and count sentence) is surveyed, when user operates in certain application program, terminal can
To receive corresponding operation instruction, and then corresponding application program is run according to the operational order and (calls application program
Component).During calling the component of application program, the calling of the function inside meeting trigger assembly, terminal can be held simultaneously
Row counts sentence.After preset time, plug-in unit is performed according to the output for counting sentence as a result, determining in third related network
Function call relation (i.e. execution function 1 or executing function 2- function 3), namely obtain and touched by user behavior in this time
The call relation of function between the component of hair.
S2042: the calling of the function of incidence relation and user behavior triggering between the component of user behavior triggering is closed
It is the 4th related network between the component triggered as user behavior.
In a kind of implementation, for component A, it can be component A- component B between the component of user behavior triggering, use
The call relation of the function of family behavior triggering can be function 2- function 3, therefore both comprehensive available user behavior triggering
Related network be component A- function 2- function 3- component B namely the 4th related network.As can be seen that the 4th related network is
The network portion of a part of third related network, the part namely user behavior triggering.
The 4th related network is obtained by being pointedly inserted into detection function in objective function.The result energy of detection function
Clearly show that the call relation of the component triggered by user behavior and function, the 4th obtained related network being capable of comprehensive, tools
Body accurately reflects that user uses the use habit of application program.
Corresponding with above method embodiment, referring to Fig. 6, Fig. 6 is the component liaison analytical equipment that present invention implementation provides
A kind of structural schematic diagram, comprising: file destination obtain module 601, the first related network generation module 602, third be associated with net
Network obtains module 603 and the 4th related network obtains module 604.
Wherein, the file destination obtains module 601, for obtaining the Android installation kit APK file of destination application,
Decompiling is carried out to the APK file and obtains file destination;
The first related network generation module 602 generates first and closes for carrying out static analysis to the file destination
Networking network, first related network includes the incidence relation between each component that the file destination is included;
The third related network obtains module 603, for the call relation according to the function in the file destination, really
Fixed second related network obtains third related network in conjunction with first related network and second related network, and described the
Three related networks include the function in incidence relation and the file destination between each component that the file destination is included
Call relation;
4th related network obtains module 604, for being based on institute during running the destination application
It states third related network and dynamic monitoring is carried out to user behavior, obtain the 4th association between the component of the user behavior triggering
Network.
As seen from the above, in scheme provided in this embodiment, the first related network for being obtained in conjunction with static analysis and according to
The second related network that the call relation of function in file destination obtains obtains third related network, is associated with net based on third
Network carries out dynamic monitoring to user behavior, obtains the 4th related network between the component of user behavior triggering.4th association
Network contains the call relation of the function between the component and component of user behavior triggering, analyzes the 4th related network
The use habit of user can be obtained.
It in one particular embodiment of the present invention, is that the file destination that present invention implementation provides obtains referring to Fig. 7, Fig. 7
A kind of structural schematic diagram of module, wherein the file destination obtains module 601, comprising: APK acquisition submodule 6011 and mesh
It marks file and obtains submodule 6012.
Wherein, the APK acquisition submodule 6011, for obtaining all system applications in terminal to be analyzed
The APK file of APK file and all mounted third party applications;
The file destination obtains submodule 6012, obtains file destination for carrying out decompiling to the APK file.
As seen from the above, in scheme provided in this embodiment, the APK file of destination application uses terminal to be analyzed
On all system applications APK file and all mounted third party applications APK file, therefore can obtain
The related network for the maximum magnitude that user behavior can trigger is obtained, more fully to analyze the use habit of user.
It in one particular embodiment of the present invention, is that the present invention implements the third related network provided referring to Fig. 8, Fig. 8
Obtain a kind of structural schematic diagram of module;Wherein, the third related network obtains module 603, comprising: function obtains submodule
6031, call relation determines that submodule 6032, the second related network determine that submodule 6033 and third related network obtain submodule
Block 6034.
Wherein, the function obtains submodule 6031, for parsing the APK file pair of each third party application
The file destination answered obtains the function in the file destination;
The call relation determines submodule 6032, for determining the function and being somebody's turn to do for each function obtained
The call relation of its cofunction in file destination belonging to function;
Second related network determines submodule 6033, for by the calling of the function in each file destination determined
Relationship is as the second related network;
The third related network obtains submodule 6034, for being associated in conjunction with first related network with described second
Network obtains third related network, and the third related network includes the association between each component that the file destination is included
The call relation of relationship and the function in the file destination.
As seen from the above, in scheme provided in this embodiment, function that each function for file destination is obtained
Call relation obtains third related network as the second related network, in conjunction with the first related network, obtained third related network
The association between component can either be embodied, and the call relation of the function between component can be embodied.Based on third related network
User behavior is analyzed, can obtain more specifically analyzing result.
It in one particular embodiment of the present invention, is that the present invention implements the 4th related network provided referring to Fig. 9, Fig. 9
Obtain a kind of structural schematic diagram of module;Wherein, the 4th related network obtains module 604, comprising: relationship determines submodule
6041 and the 4th related network obtain submodule 6042.
Wherein, the relationship determines submodule 6041, for being inserted into the objective function in the third related network
Detection function, determined according to the output result of the detection function incidence relation between the component of user behavior triggering and
The call relation of the function of the user behavior triggering;Wherein, the objective function includes: the life of target element and associated component
Order the function inside periodic function, the target element and the associated component;The target element is user behavior work
Component;The associated component is component associated with the target element.
4th related network obtains submodule 6042, the association between component for triggering the user behavior
The 4th between component that the call relation of relationship and the function of user behavior triggering is triggered as the user behavior is closed
Networking network.
As seen from the above, in scheme provided in this embodiment, by being pointedly inserted into detection function in objective function
Obtain the 4th related network.The result of detection function can clearly show that the calling of the component triggered by user behavior and function is closed
System, the 4th obtained related network can comprehensively, specifically reflect that user uses the use habit of application program.
The embodiment of the invention also provides a kind of electronic equipment, as shown in Figure 10, including processor 701, communication interface
702, memory 703 and communication bus 704, wherein processor 701, communication interface 702, memory 703 pass through communication bus
704 complete mutual communication,
Memory 703, for storing computer program;
Processor 701 when for executing the program stored on memory 703, realizes following steps:
The Android installation kit APK file for obtaining destination application carries out decompiling to the APK file and obtains target text
Part;
Static analysis is carried out to the file destination, generates the first related network, first related network includes described
The incidence relation between each component that file destination is included;
According to the call relation of the function in the file destination, the second related network is determined, in conjunction with first association
Network and second related network obtain third related network, and the third related network includes that the file destination is included
Each component between incidence relation and the function in the file destination call relation;
During running the destination application, dynamic is carried out to user behavior based on the third related network
Monitoring obtains the 4th related network between the component of the user behavior triggering.
The communication bus that above-mentioned electronic equipment is mentioned can be Peripheral Component Interconnect standard (Peripheral Component
Interconnect, abbreviation PCI) bus or expanding the industrial standard structure (Extended Industry Standard
Architecture, abbreviation EISA) bus etc..The communication bus can be divided into address bus, data/address bus, control bus etc..
Only to be indicated with a thick line in figure, it is not intended that an only bus or a type of bus convenient for indicating.
Communication interface is for the communication between above-mentioned electronic equipment and other equipment.
Memory may include random access memory (Random Access Memory, abbreviation RAM), also may include
Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.Optionally, memory may be used also
To be storage device that at least one is located remotely from aforementioned processor.
Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit,
Abbreviation CPU), network processing unit (Network Processor, abbreviation NP) etc.;It can also be digital signal processor
(Digital Signal Processing, abbreviation DSP), specific integrated circuit (Application Specific
Integrated Circuit, abbreviation ASIC), field programmable gate array (Field-Programmable Gate Array,
Abbreviation FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device/
For electronic equipment embodiment, since it is substantially similar to the method embodiment, so be described relatively simple, related place referring to
The part of embodiment of the method illustrates.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention
It is interior.
Claims (9)
1. a kind of component liaison analysis method, which is characterized in that the described method includes:
The Android installation kit APK file for obtaining destination application carries out decompiling to the APK file and obtains file destination;
Static analysis is carried out to the file destination, generates the first related network, first related network includes the target
The incidence relation between each component that file is included;
According to the call relation of the function in the file destination, the second related network is determined, in conjunction with first related network
With second related network obtain third related network, the third related network include the file destination included it is each
The call relation of incidence relation between component and the function in the file destination;
During running the destination application, dynamic prison is carried out to user behavior based on the third related network
Control obtains the 4th related network between the component of the user behavior triggering.
2. the method according to claim 1, wherein the Android installation kit APK for obtaining destination application
File includes:
Obtain all system applications in terminal to be analyzed APK file and all mounted third party applications
APK file.
3. according to the method described in claim 2, it is characterized in that, described close according to the calling of the function in the file destination
System, determines the second related network, comprising:
The corresponding file destination of APK file for parsing each third party application, obtains the function in the file destination;
For each function of acquisition, the calling of its cofunction in file destination belonging to the function and the function is determined
Relationship;
Using the call relation of the function in each file destination determined as the second related network.
4. the method according to claim 1, wherein it is described based on the third related network to user behavior into
Mobile state monitoring obtains the 4th related network between the component of the user behavior triggering, comprising:
It is inserted into detection function in the objective function in the third related network, it is true according to the output result of the detection function
The call relation of the function of incidence relation and user behavior triggering between the component of the fixed user behavior triggering;Its
In, the objective function includes: the life cycle function, the target element and the associated group of target element and associated component
Function inside part;The target element is the component of user behavior effect;The associated component be and the target group
The associated component of part;
The call relation of the incidence relation between component that the user behavior is triggered and the function of user behavior triggering
As the 4th related network between the component of user behavior triggering.
5. a kind of component liaison analytical equipment, which is characterized in that described device includes:
File destination obtain module, for obtaining the Android installation kit APK file of destination application, to the APK file into
Row decompiling obtains file destination;
First related network generation module, for carrying out static analysis to the file destination, the first related network of generation is described
First related network includes the incidence relation between each component that the file destination is included;
Third related network obtains module and determines the second association for the call relation according to the function in the file destination
Network obtains third related network, the third related network in conjunction with first related network and second related network
The call relation for the function in the incidence relation and the file destination between each component for being included including the file destination;
4th related network obtains module, for being associated with during running the destination application based on the third
Network carries out dynamic monitoring to user behavior, obtains the 4th related network between the component of the user behavior triggering.
6. device according to claim 5, which is characterized in that it includes: that APK obtains submodule that the file destination, which obtains module,
Block and file destination obtain submodule;
The APK acquisition submodule, for obtain all system applications in terminal to be analyzed APK file and it is all
The APK file of the third party application of installation;
The file destination obtains submodule, obtains file destination for carrying out decompiling to the APK file.
7. device according to claim 6, which is characterized in that it includes: that function obtains that the third related network, which obtains module,
Obtain submodule, call relation determines that submodule, the second related network determine that submodule and third related network obtain submodule;
The function obtains submodule, for parsing the corresponding file destination of APK file of each third party application,
Obtain the function in the file destination;
The call relation determines submodule, for determining belonging to the function and the function for each function obtained
File destination in its cofunction call relation;
Second related network determines submodule, for using the call relation of the function in each file destination determined as
Second related network;
The third related network obtains submodule, for obtaining in conjunction with first related network and second related network
Third related network, the third related network include the incidence relation and institute between each component that the file destination is included
State the call relation of the function in file destination.
8. device according to claim 5, which is characterized in that it includes: that relationship is true that the 4th related network, which obtains module,
Stator modules and the 4th related network obtain submodule;
The relationship determines submodule, for being inserted into detection function in the objective function in the third related network, according to
The output result of the detection function determines the incidence relation and the user behavior between the component of the user behavior triggering
The call relation of the function of triggering;Wherein, the objective function include: target element and associated component life cycle function,
Function inside the target element and the associated component;The target element is the component of user behavior effect;Institute
Stating associated component is component associated with the target element;
4th related network obtains submodule, incidence relation between component and institute for triggering the user behavior
State the 4th related network between the component that triggers as the user behavior of call relation of the function of user behavior triggering.
9. a kind of electronic equipment, which is characterized in that including processor, communication interface, memory and communication bus, wherein processing
Device, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any method and step of claim 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710892309.XA CN109558304B (en) | 2017-09-27 | 2017-09-27 | Component association analysis method and device and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710892309.XA CN109558304B (en) | 2017-09-27 | 2017-09-27 | Component association analysis method and device and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109558304A true CN109558304A (en) | 2019-04-02 |
CN109558304B CN109558304B (en) | 2020-10-30 |
Family
ID=65864000
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710892309.XA Active CN109558304B (en) | 2017-09-27 | 2017-09-27 | Component association analysis method and device and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109558304B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110378126A (en) * | 2019-07-26 | 2019-10-25 | 北京中科微澜科技有限公司 | A kind of leak detection method and system |
CN111400197A (en) * | 2020-05-29 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Application package analysis method and device and computer readable storage medium |
CN111966421A (en) * | 2020-06-29 | 2020-11-20 | 北京百度网讯科技有限公司 | Page component operation monitoring method, device, equipment and storage medium |
CN112068871A (en) * | 2020-08-12 | 2020-12-11 | 海信集团有限公司 | Electronic device and application management method |
CN112560035A (en) * | 2020-12-15 | 2021-03-26 | 深圳市和讯华谷信息技术有限公司 | Application detection method, device, equipment and storage medium |
CN113051954A (en) * | 2021-04-19 | 2021-06-29 | 杭州拼便宜网络科技有限公司 | Code scanning login method and device, electronic equipment and storage medium |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104217164B (en) * | 2014-09-11 | 2018-02-02 | 工业和信息化部电子第五研究所 | The detection method and device of intelligent mobile terminal Malware |
CN104598809B (en) * | 2015-02-13 | 2017-04-19 | 北京奇虎科技有限公司 | Program monitoring method and defending method thereof, as well as relevant device |
CN105335655A (en) * | 2015-09-22 | 2016-02-17 | 南京大学 | Android application safety analysis method based on sensitive behavior identification |
CN106845234A (en) * | 2017-01-05 | 2017-06-13 | 中国电子科技网络信息安全有限公司 | A kind of Android malware detection method based on the monitoring of function flow key point |
CN107180192B (en) * | 2017-05-09 | 2020-05-29 | 北京理工大学 | Android malicious application detection method and system based on multi-feature fusion |
-
2017
- 2017-09-27 CN CN201710892309.XA patent/CN109558304B/en active Active
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110378126A (en) * | 2019-07-26 | 2019-10-25 | 北京中科微澜科技有限公司 | A kind of leak detection method and system |
CN111400197A (en) * | 2020-05-29 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Application package analysis method and device and computer readable storage medium |
CN111966421A (en) * | 2020-06-29 | 2020-11-20 | 北京百度网讯科技有限公司 | Page component operation monitoring method, device, equipment and storage medium |
CN111966421B (en) * | 2020-06-29 | 2024-01-09 | 北京百度网讯科技有限公司 | Page component operation monitoring method, device, equipment and storage medium |
CN112068871A (en) * | 2020-08-12 | 2020-12-11 | 海信集团有限公司 | Electronic device and application management method |
CN112560035A (en) * | 2020-12-15 | 2021-03-26 | 深圳市和讯华谷信息技术有限公司 | Application detection method, device, equipment and storage medium |
CN112560035B (en) * | 2020-12-15 | 2024-04-02 | 深圳市和讯华谷信息技术有限公司 | Application detection method, device, equipment and storage medium |
CN113051954A (en) * | 2021-04-19 | 2021-06-29 | 杭州拼便宜网络科技有限公司 | Code scanning login method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN109558304B (en) | 2020-10-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109558304A (en) | A kind of component liaison analysis method, device and electronic equipment | |
Zaeem et al. | Automated generation of oracles for testing user-interaction features of mobile apps | |
CN107870933B (en) | Method, device and system for counting android application page browsing behaviors | |
US9503505B2 (en) | Monadic evaluation of injected query compositions | |
CN106203113A (en) | The privacy leakage monitoring method of Android application file | |
CN107133174A (en) | Test case code automatically generating device and method | |
CN108108288A (en) | A kind of daily record data analytic method, device and equipment | |
US20170124325A1 (en) | Decision forest compilation | |
CN110007920A (en) | A kind of method, apparatus and electronic equipment obtaining code dependence | |
CN101185116A (en) | Using strong data types to express speech recognition grammars in software programs | |
CN110069259A (en) | Analytic method, device, electronic equipment and storage medium based on idl file | |
CN110084042A (en) | A kind of application heap Static Analysis Method and system | |
Miculan et al. | GSOS for non-deterministic processes with quantitative aspects | |
CN109902487A (en) | Android based on application behavior applies malicious detection method | |
van Glabbeek | Justness: A completeness criterion for capturing liveness properties | |
CN106649110A (en) | Software test method and system | |
Ciancia et al. | Families of symmetries as efficient models of resource binding | |
CN105893462A (en) | User network behavior analysis method and device | |
CN106383869A (en) | User behavior information acquisition method and device | |
CN116069324A (en) | Dynamic form construction method and device based on Vue | |
Ameur-Boulifa et al. | Behavioural models for group communications | |
CN103399752A (en) | Mobile phone application chain reaction system and method based on Internet service | |
Woodside et al. | Capabilities of the uml profile for schedulability performance and time (spt) | |
Weijie et al. | A context-aware services development model | |
Bhattacharjee et al. | An efficient data compression hardware based on cellular automata |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |