CN109726551A - The methods of exhibiting and system of preceding bad behavior are installed in a kind of application - Google Patents

The methods of exhibiting and system of preceding bad behavior are installed in a kind of application Download PDF

Info

Publication number
CN109726551A
CN109726551A CN201711049770.5A CN201711049770A CN109726551A CN 109726551 A CN109726551 A CN 109726551A CN 201711049770 A CN201711049770 A CN 201711049770A CN 109726551 A CN109726551 A CN 109726551A
Authority
CN
China
Prior art keywords
application
behavior
bad
bad behavior
class
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711049770.5A
Other languages
Chinese (zh)
Inventor
马志远
张丽红
潘宣辰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Antian Information Technology Co Ltd
Original Assignee
Wuhan Antian Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Antian Information Technology Co Ltd filed Critical Wuhan Antian Information Technology Co Ltd
Priority to CN201711049770.5A priority Critical patent/CN109726551A/en
Publication of CN109726551A publication Critical patent/CN109726551A/en
Pending legal-status Critical Current

Links

Abstract

The present invention provides a kind of methods of exhibiting of preceding bad behavior of application installation, it includes: the acquisition of bad behavior: in terminal, by carrying out static analysis and Dynamic Simulation Analysis to application to be installed, the bad behavior of application is obtained, and evidence acquisition is carried out to bad behavior in a manner of screenshot;The classification of bad behavior: classify to the bad behavior of acquisition;The displaying of bad behavior: before the application described in user installation, acquired bad behavior and its evidence and classification are shown.The present invention passes through the bad behavior that will acquire and classifies, and using user it will be appreciated that by the way of be shown, in user installation using the preceding bad behavior that application is presented, help user is preferably judged, ensures the right to know of terminal user.

Description

The methods of exhibiting and system of preceding bad behavior are installed in a kind of application
Technical field
The present invention relates to mobile application security technical fields, and in particular to the displaying side of preceding bad behavior is installed in a kind of application Method and system.
Background technique
Mobile Internet mode causes application and development cost pressure, and the types of applications expedited the emergence of often has more quick change For ability and extremely short release cycle, there are a large amount of application products many kinds of, function is different, various informative daily, largely It is interacted by force using the movement for because of number one and market competition factor, utilizing more than terminal and user receives in range And harassing and wrecking, it propagates by various channels, is made a profit by the means of harm users.
Mobile application security is detected at present, is generally all taken and is killed the soft mode scan+manually rechecked and carry out safety Determining, application is scanned by way of killing soft progresss static scanning, main target is that detection is viral and malicious code, and It is not for bad behavior.Technically with it is not consistent with bad application review in purpose, final effect is unable to reach pre- Phase, meanwhile, artificial reinspection is to treat restocking application progress artificial detection using restocking requirement based on respective application market, still Tester, there is also different, causes finally still to have a large amount of lack of standardization to the understanding and manual operation of bad behavior specification Using slipping through the net, influence client secure perception, in addition persistently increase along with application amount to be detected, rely on pure manual analysis come into Row application detection lack of standardization seems more and more awkward.
Summary of the invention
The technical problem to be solved by the present invention is the methods of exhibiting and system of a kind of preceding bad behavior of application installation are provided, It helps user preferably to be judged, ensures the right to know of terminal user.
The technical solution taken by the invention to solve the above technical problem are as follows: the exhibition of preceding bad behavior is installed in a kind of application Show method, it is characterised in that: it includes:
The acquisition of bad behavior: in terminal, by answering application progress static analysis to be installed and Dynamic Simulation Analysis, acquisition Bad behavior, and evidence acquisition is carried out to bad behavior in a manner of screenshot;
The classification of bad behavior: classify to the bad behavior of acquisition;
The displaying of bad behavior: before the application described in user installation, acquired bad behavior and its evidence and classification are shown.
According to the above method, the acquisition of the bad behavior specifically:
Static state is extracted: being parsed to all kinds of resource files under Android environment, is extracted API sequence;
Dynamic analog: application to be installed is launched into dynamic sandbox, installs simultaneously actual motion, and monitor network row when operation For and network data, and carry out screenshot at regular intervals, carry out corresponding storage with corresponding behavior;
Analysis: to static state extract API, dynamic analog behavior and network data during dynamic analog is combined, By behavior of research environmental factor, the behavior for running environment is analyzed comprehensively, obtains bad behavior and corresponding screenshot.
According to the above method, the analysis specifically:
Operation behavior API is monitored;
Screenshot and socket information carry out full when to network data, short message data, intermediate file data, interface data, operation Face capture;
To detecting that network data analyzes, security privacy and application permission service condition are applied in identification;It is operated by identification Behavior, identification application is promoted there are third party and advertisement behavior;It is analyzed by content plane data, identification application is with the presence or absence of non- Method content and copyright infringement.
According to the above method, the bad behavior is specifically divided into function problem class, security privacy class, permission and crosses the border class, Tripartite promotes class, harassing of advertisement class, illegal contents class and copyright infringement class;Wherein function problem class is indicated through application function Setting reaches bad intention;Third party promotes class and indicates to realize Interdst goals by promoting other distribution channels.
According to the above method, the displaying of the bad behavior specifically:
If application to be installed carrys out self terminal official application shop, the application details described in terminal official application shop are shown In, it is presented in the way of schematic diagram by bad behavior generic, the schematic diagram is the corresponding screenshot of bad behavior;
If application to be installed comes from nonterminal official application shop, the screenshot of bad behavior and corresponding bad behavior are described Information is shown by way of schematic diagram, while providing the prompt from the downloading application of official's application shop;If without bad row Then to provide the prompt for not finding bad behavior.
The display systems of preceding bad behavior are installed in a kind of application, it is characterised in that: it includes:
The acquisition module of bad behavior is used in terminal, by carrying out static analysis and dynamic analog point to application to be installed Analysis, obtains the bad behavior of application, and carries out evidence acquisition to bad behavior in a manner of screenshot;
The categorization module of bad behavior, for classifying to the bad behavior of acquisition;
The display module of bad behavior shows acquired bad behavior and its card before the application described in user installation According to and classification.
By above system, the acquisition module of the bad behavior is specifically included:
Static extraction module extracts API sequence for parsing to all kinds of resource files under Android environment;
Dynamic analog module, for launching application to be installed into dynamic sandbox, when installing simultaneously actual motion, and monitoring operation Network behavior and network data, and carry out screenshot at regular intervals, carry out corresponding storage with corresponding behavior;
Analysis module, for the behavior of API, dynamic analog to static state extraction and to network data during dynamic analog It is combined, by behavior of research environmental factor, the behavior for running environment is analyzed comprehensively, obtains bad behavior and right The screenshot answered.
By above system, the analysis module is specifically used for:
Operation behavior API is monitored;
Screenshot and socket information carry out full when to network data, short message data, intermediate file data, interface data, operation Face capture;
To detecting that network data analyzes, security privacy and application permission service condition are applied in identification;It is operated by identification Behavior, identification application is promoted there are third party and advertisement behavior;It is analyzed by content plane data, identification application is with the presence or absence of non- Method content and copyright infringement.
By above system, the bad behavior is specifically divided into function problem class, security privacy class, permission and crosses the border class, Tripartite promotes class, harassing of advertisement class, illegal contents class and copyright infringement class;Wherein function problem class is indicated through application function Setting reaches bad intention;Third party promotes class and indicates to realize Interdst goals by promoting other distribution channels.
By above system, the display module of the bad behavior is specifically used for:
If application to be installed carrys out self terminal official application shop, the application details described in terminal official application shop are shown In, it is presented in the way of schematic diagram by bad behavior generic, the schematic diagram is the corresponding screenshot of bad behavior;
If application to be installed comes from nonterminal official application shop, the screenshot of bad behavior and corresponding bad behavior are described Information is shown by way of schematic diagram, while providing the prompt from the downloading application of official's application shop;If without bad row Then to provide the prompt for not finding bad behavior.
Classify the invention has the benefit that the present invention passes through the bad behavior that will acquire, and uses user's energy The mode enough understood is shown, and in user installation using the preceding bad behavior that application is presented, user is helped preferably to be sentenced It is disconnected, ensure the right to know of terminal user.
Detailed description of the invention
Fig. 1 is the method flow diagram of one embodiment of the invention.
Specific embodiment
Below with reference to specific example and attached drawing, the present invention will be further described.
The present invention provides a kind of methods of exhibiting of preceding bad behavior of application installation, as shown in Figure 1, it includes:
S01, bad behavior acquisition: in terminal, by carrying out static analysis and Dynamic Simulation Analysis to application to be installed, obtain The bad behavior of application is taken, and evidence acquisition is carried out to bad behavior in a manner of screenshot.
The acquisition of the bad behavior specifically:
Static state is extracted: being parsed to all kinds of resource files under Android environment, including OPCODE, extracts API sequence.
Except packet, resource file, intermediate symbols parsing in addition to, detection file extent includes applying package level (APK), using spreading out Raw data (AndroidManifest, Resource.arsc), executable code level (DEX, ODEX, ELF), dis-assembling level (Opcode).
By the instruction set and data set of analysis compilation, the API sequence of application lack of standardization can be extracted and be analyzed, With possible abnormal behaviour.
Dynamic analog: application to be installed is launched into dynamic sandbox, installs simultaneously actual motion, and monitor net when operation Network behavior and network data, and screenshot is carried out at regular intervals, corresponding storage is carried out with corresponding behavior.Have for movement Terminal applies analyze 15 kinds or more mobile terminal data information emulator abilities of environment, and 15 kinds or more mobile terminal system broadcast are imitative The environmental simulations such as true ability and UI triggering class.In order to emulate as far as possible to reality scene, the behavior behaviour of application is triggered Make, meeting analog phone incoming call, the UI for receiving short message, starting service, extreme saturation application, analog subscriber clicking operation, such as mould It is quasi- to click the operations such as button, input text box.
Analysis: to static state extract API, dynamic analog behavior and network data during dynamic analog is carried out Combination, by behavior of research environmental factor, the behavior for running environment is analyzed comprehensively, acquisition bad behavior and corresponding Screenshot.
Analysis specifically:
To more than 30 classes, totally 200 remainder basic operation behavior API are monitored;As interface, equipment manager, mail, encryption and decryption, Dynamically load, file, database, short message, network, system setting, geographical location, Thread process, reflection calling, HTTPS etc..
To network data (mailbox, URL, DNS, FTP, TCP, UDP etc.), short message data, intermediate file data (load, Delete, the files such as downloading), interface data (notification bar/suspended frame information etc.), operation when screenshot and socket information carry out it is comprehensive Capture;
To detecting that network data analyzes, security privacy and application permission service condition are applied in identification;It is operated by identification Behavior, identification application is promoted there are third party and advertisement behavior;It is analyzed by content plane data, identification application is with the presence or absence of non- Method content and copyright infringement.
S02, bad behavior classification: classify to the bad behavior of acquisition.
Bad behavior is specifically divided into cross the border class, third party of function problem class, security privacy class, permission and promotes class, advertisement and disturb Disturb class, illegal contents class and copyright infringement class.
Function problem: reaching bad intention by the setting of application function, such as prevents itself to be unloaded, silence is downloaded, certainly It is dynamic that more icons are installed, the setting of modification system default, are maliciously deducted fees.
Security privacy class: monitoring, password cracking, illegal monitoring, illegally obtain personal data, altered data, maliciously deduct fees, Sensitive behavior etc..
Permission is crossed the border class: the unrelated application of application needs ROOT permission, sensitive permission etc..
Tripartite promotes class: realizing Interdst goals by promoting other distribution channels, such as forces integral wall, can hold using embedded Style of writing part is linked comprising third party's distribution channel.
Harassing of advertisement class: interacting terminal user by advertisement behavior by force, such as super screen advertisement, high frequency advertisement, strong System clicks advertisement, notification bar or suspended window advertisement, table plague advertisement.
Illegal contents class: pornographic, gambling, illegal, violence, reaction, politics etc..
Copyright infringement class: counterfeit, pirate, crack, beat again packet, steal chain etc..
S03, bad behavior displaying: before the application described in user installation, show acquired bad behavior and its card According to and classification.The displaying of bad behavior specifically:
If application to be installed carrys out self terminal official application shop, the application details described in terminal official application shop are shown In, it is presented in the way of schematic diagram by bad behavior generic, the schematic diagram is the corresponding screenshot of bad behavior;Really The application is fully understanded before protecting user installation.
If application to be installed comes from nonterminal official application shop, by the screenshot of bad behavior and corresponding bad behavior Description information is shown by way of schematic diagram, while providing the prompt from the downloading application of official's application shop;If invariably Good behavior then provides the prompt for not finding bad behavior.
The display systems of preceding bad behavior are installed in a kind of application, comprising:
The acquisition module of bad behavior is used in terminal, by carrying out static analysis and dynamic analog point to application to be installed Analysis, obtains the bad behavior of application, and carries out evidence acquisition to bad behavior in a manner of screenshot.The acquisition module of bad behavior has Body includes:
Static extraction module extracts API sequence for being parsed to all kinds of resource files under Android environment, including OPCODE Column.Except packet, resource file, intermediate symbols parsing in addition to, detection file extent include apply package level (APK), using generaton number According to (AndroidManifest, Resource.arsc), executable code level (DEX, ODEX, ELF), dis-assembling level (Opcode).By the instruction set and data set of analysis compilation, the API sequence of application lack of standardization can be extracted and be analyzed, Match possible abnormal behaviour.
Dynamic analog module installs simultaneously actual motion, and monitor fortune for launching application to be installed into dynamic sandbox Network behavior and network data when row, and screenshot is carried out at regular intervals, corresponding storage is carried out with corresponding behavior.Have For 15 kinds or more mobile terminal data information emulator abilities of mobile terminal applied analysis environment, 15 kinds or more mobile terminal systems The environmental simulations such as system broadcast simulation capacity and UI triggering class.In order to emulate as far as possible to reality scene, application is triggered Behavior operation, meeting analog phone incoming call, the UI for receiving short message, starting service, extreme saturation application, analog subscriber clicking operation, For example the operations such as button, input text box are clicked in simulation.
Analysis module, for the behavior of API, dynamic analog to static state extraction and to network during dynamic analog Data are combined, and by behavior of research environmental factor, the behavior for running environment is analyzed comprehensively, obtain bad behavior And corresponding screenshot.
Analysis module is specifically used for:
To more than 30 classes, totally 200 remainder basic operation behavior API are monitored;As interface, equipment manager, mail, encryption and decryption, Dynamically load, file, database, short message, network, system setting, geographical location, Thread process, reflection calling, HTTPS etc..
To network data (mailbox, URL, DNS, FTP, TCP, UDP etc.), short message data, intermediate file data (load, Delete, the files such as downloading), interface data (notification bar/suspended frame information etc.), operation when screenshot and socket information carry out it is comprehensive Capture;
To detecting that network data analyzes, security privacy and application permission service condition are applied in identification;It is operated by identification Behavior, identification application is promoted there are third party and advertisement behavior;It is analyzed by content plane data, identification application is with the presence or absence of non- Method content and copyright infringement.
The categorization module of bad behavior, for classifying to the bad behavior of acquisition.Bad behavior is specifically divided into function Cross the border class, third party of problem class, security privacy class, permission promotes class, harassing of advertisement class, illegal contents class and copyright infringement class.
The display module of bad behavior, before the application described in user installation, show acquired bad behavior and Its evidence and classification.The display module of bad behavior is specifically used for:
If application to be installed carrys out self terminal official application shop, the application details described in terminal official application shop are shown In, it is presented in the way of schematic diagram by bad behavior generic, the schematic diagram is the corresponding screenshot of bad behavior;
If application to be installed comes from nonterminal official application shop, the screenshot of bad behavior and corresponding bad behavior are described Information is shown by way of schematic diagram, while providing the prompt from the downloading application of official's application shop;If without bad row Then to provide the prompt for not finding bad behavior.
The present invention also provides the displaying device that preceding bad behavior is installed in a kind of application, including memory, have in memory Computer program can be called by the processor in terminal to execute the methods of exhibiting of bad behavior before the application is installed.
The present invention can present before user installation application and apply bad behavior, select judgement convenient for user;To purify Mobile application market ecological environment, maintenance user is to the every behavior right to know of application, omnibearing protection end user privacy property Safety;Determined by Machine automated monitoring, solves the drawbacks of bad application detection strong man's work relies on.
It is appreciated that embodiment as described herein can be by hardware, software, firmware, middleware, microcode or any combination thereof To realize.For hardware implementation mode, processing unit can be at one or more specific integrated circuits (ASIC), digital signal Manage device (DSP), digital signal processing device (DSPD), programmable logic device (PLD), field programmable gate array (FPGA), Processor, microcontroller, is designed to execute other electronic units of function described herein or its group controller, microprocessor It is realized in closing.It, can be by it when with software, firmware, middleware or microcode, program code or code segment to realize embodiment Be stored in the machine readable media of such as storage assembly.
Above embodiments are merely to illustrate design philosophy and feature of the invention, and its object is to make technology in the art Personnel can understand the content of the present invention and implement it accordingly, and protection scope of the present invention is not limited to the above embodiments.So it is all according to It is within the scope of the present invention according to equivalent variations made by disclosed principle, mentality of designing or modification.

Claims (10)

  1. The methods of exhibiting of bad behavior before 1. a kind of application is installed, it is characterised in that: it includes:
    The acquisition of bad behavior: in terminal, by answering application progress static analysis to be installed and Dynamic Simulation Analysis, acquisition Bad behavior, and evidence acquisition is carried out to bad behavior in a manner of screenshot;
    The classification of bad behavior: classify to the bad behavior of acquisition;
    The displaying of bad behavior: before the application described in user installation, acquired bad behavior and its evidence and classification are shown.
  2. The methods of exhibiting of bad behavior before 2. application according to claim 1 is installed, it is characterised in that: the bad row For acquisition specifically:
    Static state is extracted: being parsed to all kinds of resource files under Android environment, is extracted API sequence;
    Dynamic analog: application to be installed is launched into dynamic sandbox, installs simultaneously actual motion, and monitor network row when operation For and network data, and carry out screenshot at regular intervals, carry out corresponding storage with corresponding behavior;
    Analysis: to static state extract API, dynamic analog behavior and network data during dynamic analog is combined, By behavior of research environmental factor, the behavior for running environment is analyzed comprehensively, obtains bad behavior and corresponding screenshot.
  3. The methods of exhibiting of bad behavior before 3. application according to claim 2 is installed, it is characterised in that: the analysis tool Body are as follows:
    Operation behavior API is monitored;
    Screenshot and socket information carry out full when to network data, short message data, intermediate file data, interface data, operation Face capture;
    To detecting that network data analyzes, security privacy and application permission service condition are applied in identification;It is operated by identification Behavior, identification application is promoted there are third party and advertisement behavior;It is analyzed by content plane data, identification application is with the presence or absence of non- Method content and copyright infringement.
  4. The methods of exhibiting of bad behavior before 4. application according to claim 1 is installed, it is characterised in that: the bad row For be specifically divided into function problem class, security privacy class, permission cross the border class, third party promote class, harassing of advertisement class, illegal contents class With copyright infringement class;Wherein function problem class indicates to reach bad intention by the setting of application function;Third party promotes class table Show and realizes Interdst goals by promoting other distribution channels.
  5. The methods of exhibiting of bad behavior before 5. application according to claim 1 is installed, it is characterised in that: the bad row For displaying specifically:
    If application to be installed carrys out self terminal official application shop, the application details described in terminal official application shop are shown In, it is presented in the way of schematic diagram by bad behavior generic, the schematic diagram is the corresponding screenshot of bad behavior;
    If application to be installed comes from nonterminal official application shop, the screenshot of bad behavior and corresponding bad behavior are described Information is shown by way of schematic diagram, while providing the prompt from the downloading application of official's application shop;If without bad row Then to provide the prompt for not finding bad behavior.
  6. The display systems of bad behavior before 6. a kind of application is installed, it is characterised in that: it includes:
    The acquisition module of bad behavior is used in terminal, by carrying out static analysis and dynamic analog point to application to be installed Analysis, obtains the bad behavior of application, and carries out evidence acquisition to bad behavior in a manner of screenshot;
    The categorization module of bad behavior, for classifying to the bad behavior of acquisition;
    The display module of bad behavior shows acquired bad behavior and its card before the application described in user installation According to and classification.
  7. The display systems of bad behavior before 7. application according to claim 6 is installed, it is characterised in that: the bad row For acquisition module specifically include:
    Static extraction module extracts API sequence for parsing to all kinds of resource files under Android environment;
    Dynamic analog module, for launching application to be installed into dynamic sandbox, when installing simultaneously actual motion, and monitoring operation Network behavior and network data, and carry out screenshot at regular intervals, carry out corresponding storage with corresponding behavior;
    Analysis module, for the behavior of API, dynamic analog to static state extraction and to network data during dynamic analog It is combined, by behavior of research environmental factor, the behavior for running environment is analyzed comprehensively, obtains bad behavior and right The screenshot answered.
  8. The display systems of bad behavior before 8. application according to claim 7 is installed, it is characterised in that: the analysis mould Block is specifically used for:
    Operation behavior API is monitored;
    Screenshot and socket information carry out full when to network data, short message data, intermediate file data, interface data, operation Face capture;
    To detecting that network data analyzes, security privacy and application permission service condition are applied in identification;It is operated by identification Behavior, identification application is promoted there are third party and advertisement behavior;It is analyzed by content plane data, identification application is with the presence or absence of non- Method content and copyright infringement.
  9. The display systems of bad behavior before 9. application according to claim 6 is installed, it is characterised in that: the bad row For be specifically divided into function problem class, security privacy class, permission cross the border class, third party promote class, harassing of advertisement class, illegal contents class With copyright infringement class;Wherein function problem class indicates to reach bad intention by the setting of application function;Third party promotes class table Show and realizes Interdst goals by promoting other distribution channels.
  10. The display systems of bad behavior before 10. application according to claim 6 is installed, it is characterised in that: described is bad The display module of behavior is specifically used for:
    If application to be installed carrys out self terminal official application shop, the application details described in terminal official application shop are shown In, it is presented in the way of schematic diagram by bad behavior generic, the schematic diagram is the corresponding screenshot of bad behavior;
    If application to be installed comes from nonterminal official application shop, the screenshot of bad behavior and corresponding bad behavior are described Information is shown by way of schematic diagram, while providing the prompt from the downloading application of official's application shop;If without bad row Then to provide the prompt for not finding bad behavior.
CN201711049770.5A 2017-10-31 2017-10-31 The methods of exhibiting and system of preceding bad behavior are installed in a kind of application Pending CN109726551A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711049770.5A CN109726551A (en) 2017-10-31 2017-10-31 The methods of exhibiting and system of preceding bad behavior are installed in a kind of application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711049770.5A CN109726551A (en) 2017-10-31 2017-10-31 The methods of exhibiting and system of preceding bad behavior are installed in a kind of application

Publications (1)

Publication Number Publication Date
CN109726551A true CN109726551A (en) 2019-05-07

Family

ID=66293577

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711049770.5A Pending CN109726551A (en) 2017-10-31 2017-10-31 The methods of exhibiting and system of preceding bad behavior are installed in a kind of application

Country Status (1)

Country Link
CN (1) CN109726551A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110457895A (en) * 2019-08-13 2019-11-15 国家计算机网络与信息安全管理中心 A kind of PC application program violation content monitoring method and device

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082802A (en) * 2011-03-01 2011-06-01 陈彪 Behavior-based mobile terminal security protection system and method
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program
CN103049692A (en) * 2012-11-19 2013-04-17 北京小米科技有限责任公司 Application installation method, device and facility
CN103310153A (en) * 2013-04-28 2013-09-18 中国人民解放军理工大学 Fine-grained authority control method based on Android platform
US20140208426A1 (en) * 2008-05-28 2014-07-24 Zscaler, Inc. Systems and methods for dynamic cloud-based malware behavior analysis
CN104392177A (en) * 2014-12-16 2015-03-04 武汉虹旭信息技术有限责任公司 Android platform based virus forensics system and method
CN105160251A (en) * 2015-07-06 2015-12-16 国家计算机网络与信息安全管理中心 Analysis method and device of APK (Android Packet) application software behavior
CN105468977A (en) * 2015-12-14 2016-04-06 厦门安胜网络科技有限公司 Method and device for Android malicious software classification based on Naive Bayes
CN105718792A (en) * 2015-08-13 2016-06-29 哈尔滨安天科技股份有限公司 Sandbox based two-dimensional code detection method and system
CN106156611A (en) * 2015-03-25 2016-11-23 北京奇虎科技有限公司 The dynamic analysing method of smart mobile phone application program and system
CN106203110A (en) * 2016-06-30 2016-12-07 中国地质大学(武汉) Android safety enhancing system based on resolving inversely mechanism
CN106341282A (en) * 2016-11-10 2017-01-18 广东电网有限责任公司电力科学研究院 Malicious code behavior analyzer
CN106548074A (en) * 2016-12-09 2017-03-29 江苏通付盾科技有限公司 Application program analyzing monitoring method and system
CN106709332A (en) * 2016-12-13 2017-05-24 江苏通付盾科技有限公司 Application detection method and device
CN106709290A (en) * 2016-12-16 2017-05-24 江苏通付盾科技有限公司 Application security analysis method and device
CN107180192A (en) * 2017-05-09 2017-09-19 北京理工大学 Android malicious application detection method and system based on multi-feature fusion

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140208426A1 (en) * 2008-05-28 2014-07-24 Zscaler, Inc. Systems and methods for dynamic cloud-based malware behavior analysis
CN102082802A (en) * 2011-03-01 2011-06-01 陈彪 Behavior-based mobile terminal security protection system and method
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program
CN103049692A (en) * 2012-11-19 2013-04-17 北京小米科技有限责任公司 Application installation method, device and facility
CN103310153A (en) * 2013-04-28 2013-09-18 中国人民解放军理工大学 Fine-grained authority control method based on Android platform
CN104392177A (en) * 2014-12-16 2015-03-04 武汉虹旭信息技术有限责任公司 Android platform based virus forensics system and method
CN106156611A (en) * 2015-03-25 2016-11-23 北京奇虎科技有限公司 The dynamic analysing method of smart mobile phone application program and system
CN105160251A (en) * 2015-07-06 2015-12-16 国家计算机网络与信息安全管理中心 Analysis method and device of APK (Android Packet) application software behavior
CN105718792A (en) * 2015-08-13 2016-06-29 哈尔滨安天科技股份有限公司 Sandbox based two-dimensional code detection method and system
CN105468977A (en) * 2015-12-14 2016-04-06 厦门安胜网络科技有限公司 Method and device for Android malicious software classification based on Naive Bayes
CN106203110A (en) * 2016-06-30 2016-12-07 中国地质大学(武汉) Android safety enhancing system based on resolving inversely mechanism
CN106341282A (en) * 2016-11-10 2017-01-18 广东电网有限责任公司电力科学研究院 Malicious code behavior analyzer
CN106548074A (en) * 2016-12-09 2017-03-29 江苏通付盾科技有限公司 Application program analyzing monitoring method and system
CN106709332A (en) * 2016-12-13 2017-05-24 江苏通付盾科技有限公司 Application detection method and device
CN106709290A (en) * 2016-12-16 2017-05-24 江苏通付盾科技有限公司 Application security analysis method and device
CN107180192A (en) * 2017-05-09 2017-09-19 北京理工大学 Android malicious application detection method and system based on multi-feature fusion

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110457895A (en) * 2019-08-13 2019-11-15 国家计算机网络与信息安全管理中心 A kind of PC application program violation content monitoring method and device

Similar Documents

Publication Publication Date Title
Chen et al. Finding unknown malice in 10 seconds: Mass vetting for new threats at the google-play scale
Xu et al. Iccdetector: Icc-based malware detection on android
US10075455B2 (en) Zero-day rotating guest image profile
KR101402057B1 (en) Analyzing system of repackage application through calculation of risk and method thereof
Weichselbaum et al. Andrubis: Android malware under the magnifying glass
CN104091125B (en) Handle the method and suspended window processing unit of suspended window
CN103279706B (en) Intercept the method and apparatus installing Android application program in the terminal
CN102810143B (en) Safety detecting system and method based on mobile phone application program of Android platform
WO2014012500A1 (en) Method and device for processing messages
CN104268475B (en) A kind of system for running application program
CN103839005A (en) Malware detection method and malware detection system of mobile operating system
CN103092653A (en) Method and device capable of providing official application program in application market
US10270805B2 (en) System and method thereof for identifying and responding to security incidents based on preemptive forensics
EP3144845A1 (en) Detection device, detection method, and detection program
CN104080058A (en) Information processing method and device
Liu et al. Maddroid: Characterizing and detecting devious ad contents for android apps
CN104217162A (en) Method and system for detecting malicious software in smart terminal
CN105653947B (en) The method and device of data safety risk is applied in a kind of assessment
KR20160090566A (en) Apparatus and method for detecting APK malware filter using valid market data
CN109726551A (en) The methods of exhibiting and system of preceding bad behavior are installed in a kind of application
CN106845223B (en) Method and apparatus for detecting malicious code
KR20160031590A (en) Malicious app categorization apparatus and malicious app categorization method
CN104640105A (en) Method and system for mobile phone virus analyzing and threat associating
Liu et al. What you see isn't always what you get: A measurement study of usage fraud on android apps
CN110502900A (en) A kind of detection method, terminal, server and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination