CN109977670A - Android application safety monitoring method, storage medium based on plug-in unit load - Google Patents

Android application safety monitoring method, storage medium based on plug-in unit load Download PDF

Info

Publication number
CN109977670A
CN109977670A CN201910183861.0A CN201910183861A CN109977670A CN 109977670 A CN109977670 A CN 109977670A CN 201910183861 A CN201910183861 A CN 201910183861A CN 109977670 A CN109977670 A CN 109977670A
Authority
CN
China
Prior art keywords
plug
information
unit
detection
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910183861.0A
Other languages
Chinese (zh)
Other versions
CN109977670B (en
Inventor
刘德建
周友禄
张晓威
黄文成
林琛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian TQ Digital Co Ltd
Original Assignee
Fujian TQ Digital Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian TQ Digital Co Ltd filed Critical Fujian TQ Digital Co Ltd
Priority to CN201910183861.0A priority Critical patent/CN109977670B/en
Publication of CN109977670A publication Critical patent/CN109977670A/en
Application granted granted Critical
Publication of CN109977670B publication Critical patent/CN109977670B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention provides Android application safety monitoring method, the storage medium loaded based on plug-in unit, and method includes: definition detection plug-in unit base class;By inheriting detection plug-in unit base class building detection plugin library, and store to local;The newest detection plug-in unit list obtained according to timing from cloud server is updated local detection plugin library;The related information parameters of the apk file of application to be detected are obtained, and are stored after being organized into dictionary of information format;Dynamically load detects all plug-in units in plugin library;The related information parameters of afferent message dictionary format;Successively execute each plug-in unit of loading.The present invention not only has detection plug-in unit automatically updating function, can ensure that and detects newest security breaches accurately and in time, improves recall rate;And the efficiency and collaborative of plug-in unit iterative development and maintenance can also be significantly improved by definition detection plug-in unit base class, comprehensive safety detection efficiently is carried out to Android application so as to realize.

Description

Android application safety monitoring method, storage medium based on plug-in unit load
Technical field
The present invention relates to information security fields, and in particular to based on plug-in unit load Android application safety monitoring method, deposit Storage media.
Background technique
Android APP is being designed, is developing, installing and running in use process, may all introduce or bring Safety issue, including APP installation kit safety, sensitive information leakage, data communications security, component safety, service end interface peace Entirely, service logic safety etc..
The existing safety detection for Android APP is mostly based on the method for decompiling.Such as utilize decompiling work Tool carries out decompiling to APK and handles to obtain code, then passes through the analysis and scanning technique of condition code combination static code To realize that security breaches detect.But the safety detection tool of coupling high in this way is difficult to quickly update and realize to newest loophole Discovery detectability, and tool maintenance and system iterative development collaborative are also poor.Therefore, a structuring is needed Ground, universally, lower coupling detection method realize the expansible of APP safety detecting system, High Availabitity, can cooperate.
Summary of the invention
The technical problems to be solved by the present invention are: providing a kind of Android application safety monitoring side based on plug-in unit load Method, storage medium have lower coupling, high availability, scalability and versatility.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention are as follows:
Android application safety monitoring method based on plug-in unit load, comprising:
Definition detection plug-in unit base class;
By inheriting the detection plugin library of the corresponding common Android application loophole of detection plug-in unit base class building, and store to It is local;
The newest detection plug-in unit list obtained according to timing from cloud server is updated local detection plugin library;
The related information parameters of the apk file of application to be detected are obtained, and are stored after being organized into dictionary of information format;
Dynamically load detects all plug-in units in plugin library;The related information parameters of afferent message dictionary format;
Successively execute each plug-in unit of loading.
Another technical solution provided by the invention are as follows:
A kind of computer readable storage medium is stored thereon with computer program, described program when being executed by processor, It is able to achieve the step of above-mentioned Android application safety monitoring method based on plug-in unit load is included.
The beneficial effects of the present invention are:
1, the present invention passes through definition detection plug-in unit base class, the complete class members's variable etc. for defining the good all detection plug-in units of specification Attribute, all detection plug-in units need to only carry out function expansion based on plug-in unit base class to be obtained, and all detection plug-in units will be in number It is unified according to holding in structure.The building that detection plug-in unit can be significantly improved as a result, obtains efficiency and operation convenience;Meanwhile also will The reusability of plug-in unit is improved, plug-in unit is also easier to safeguard;Further, moreover it is possible to substantially reduce detection plug-in unit and detection system Coupling, and improve the collaborative of system iterative development.
2, the present invention has automatic, the local detection that timely updates plugin library function, can ensure that in time, effectively detect Newest security breaches problem.
3, the specific detection content organization of unity of application to be detected is stored and is passed at dictionary of information format by the present invention Enter detection, the progress of detection work can not only be facilitated, while being avoided that again and computing repeatedly and obtain, is inserted to significantly improve detection Part exploitation and operational effect.
4, the present invention is able to achieve each detection plug-in unit of dynamically load, it is ensured that difference detection plug-in unit carries out detection work in an orderly manner Make.
Detailed description of the invention
Fig. 1 is the flow diagram for the Android application safety monitoring method that the embodiment of the present invention is loaded based on plug-in unit;
Fig. 2 is the composition and connection signal for the Android application safety monitoring system that the embodiment of the present invention three is loaded based on plug-in unit Figure.
Label declaration:
10, fundamental analysis module;20, card module;30, plug-in unit loading module;
40, plug-in component operation module;50, memory module;60, reporting modules;
70, it injects and updates upgraded module.
Specific embodiment
To explain the technical content, the achieved purpose and the effect of the present invention in detail, below in conjunction with embodiment and cooperate attached Figure is explained.
The most critical design of the present invention is: all detection plug-in units carry out function expansion based on the detection plug-in unit base class defined Fill, greatly improve plug-in unit reusability and can collaborative, while reducing and the coupling and maintenance cost of detection system;Cooperation Local detection pin function, dynamically load pin function and detection content dictionary of information are automatically updated, detection can be significantly improved The validity of efficiency and testing result.
Explanation of technical terms of the present invention:
Fig. 1 is please referred to, the present invention provides the Android application safety monitoring method loaded based on plug-in unit, comprising:
Definition detection plug-in unit base class;
By inheriting the detection plugin library of the corresponding common Android application loophole of detection plug-in unit base class building, and store to It is local;
The newest detection plug-in unit list obtained according to timing from cloud server is updated local detection plugin library;
The related information parameters of the apk file of application to be detected are obtained, and are stored after being organized into dictionary of information format;
Dynamically load detects all plug-in units in plugin library;The related information parameters of afferent message dictionary format;
Successively execute each plug-in unit of loading.
As can be seen from the above description, the beneficial effects of the present invention are: the present invention is by structuring, general, lower coupling Detection framework realize APP safety detection method, have the characteristics that expansible, High Availabitity and can cooperate.
Wherein, expansible aspect is shown using each detection plug-in unit of dynamically load.
In terms of High Availabitity, show that the update for capableing of timing obtains the newest security breaches detection of safe practice personnel research and development Plug-in unit can effectively improve the security breaches recall rate of Android APP, find the safety leakage of Android APP in time Hole.
Can cooperate aspect, just show and pre-defined detection plug-in unit base class, complete to define specification class members's variable Equal attributes.It is difficult to quickly update to solve the safety detection tool of other height couplings, and tool maintenance and system iteration Develop the problem of collaborative difference;And then the iterative development safety detection plug-in capabilities of the remote collaborations such as team, community are realized, really The timeliness and validity of the detection discovery of Android APP security breaches are protected.
Further, it is described detection plug-in unit base class in member variable attribute include plugin name, associated vulnerability number, Plug-in version, testing result, plug-in unit priority, discovery quantity and detecting state.
Seen from the above description, pass through plugin name, associated loophole used in the good all detection plug-in units of preparatory specification Number, plug-in version, testing result, plug-in unit priority, discovery quantity and detecting state, to ensure all detection plug-in units in data Being consistent property in structure.
Further, the related information parameters of the apk file for obtaining application to be detected, and it is organized into information word It is stored after allusion quotation format, specifically:
The apk file of application to be detected is parsed, obtains and applies essential information;
Obtain to be detected apply in the information installed and starting operational process is related to;
Obtain the file attributes information of the apk file;
Tissue includes that the related information parameters using essential information, the information and the file attributes information are letter It is stored after breath dictionary format.
Seen from the above description, pass through the apk file basis information and file attributes information of collection application to be detected, installation With all information for being related to of starting operational process, to ensure that content detected is more comprehensive and specific aim, to improve inspection Survey the accuracy of result.
Further, the apk file of the parsing application to be detected, obtains and applies essential information, specifically:
Extract the static information of the apk file of application to be detected;
File is described by the information of decompiling apk file acquisition application to be detected;
It describes file acquisition by parsing the static information and the information and includes application signature information, packet name, applies Title, permissions list information, the application essential information of module information and version information.
Seen from the above description, the essential information that application to be detected will be obtained by static analysis, improves content to be detected It is comprehensive.
It is further, described to obtain the information to be detected applied and be related in installation and starting operational process, specifically:
Initialize the installation and operation equipment of application to be detected;
The apk file of application to be detected is installed to the equipment, and starts operation;
It includes generating file that the apk file, which is collected, installing and starting information involved in operational process, the information Information, network request information, API Calls information and runnable interface screenshot.
Seen from the above description, it will be collected simultaneously to apply and installing and starting all information involved in operational process, Further increase the validity of the comprehensive and testing result of detection content.
Further, the file attributes information includes application file path, md5 and file size.
Seen from the above description, the file attributes information of application to be detected will also be detected together, it is ensured that detection is comprehensive With the reliability of testing result.
Further, all plug-in units in the dynamically load detection plugin library, specifically:
Being locally stored under catalogue in addition to _ _ init__.py and with .py being for the detection plugin library is obtained by search The file of suffix name;
Using Python _ _ import__ () dynamically load described in all classes and its function performance in file, obtain pair The each plug-in unit example answered;
Each plug-in unit example is stored to example list.
Seen from the above description, using the plug-in unit load mechanism based on directory search, by under search specific plug-in catalogue It is all except _ _ init__.py is using .py as suffix name file, using Python _ _ import__ () dynamic loading type with Function performance, to realize the dynamic importing to plug-in unit, so that the present invention has scalability.
Further, each plug-in unit for successively executing loading, specifically:
The plug-in unit example in example list is taken out one by one, and the vul_ for calling taken out plug-in unit example is executed after taking-up Check function;
The related information parameters of incoming dictionary of information format are carried out by the vul_check function currently called special Hole Detection simultaneously returns to corresponding testing result.
Seen from the above description, plug-in unit example is called by executing one by one, completes the corresponding peace of each plug-in unit example one by one The safety detection of full detection project, realizes the order of detection, avoids omitting.
Further, further includes:
Output test result report.
Seen from the above description, test results report, Neng Gouzhi are generated according to the corresponding testing result of every detection project The data safety situation seen ground, comprehensively show application to be detected for research staff, to carry out processing and perfect, raising in time The safety of product.
Another technical solution provided by the invention are as follows:
A kind of computer readable storage medium is stored thereon with computer program, described program when being executed by processor, It is able to achieve the step of above-mentioned Android application safety monitoring method based on plug-in unit load is included.
As can be seen from the above description, corresponding those of ordinary skill in the art will appreciate that realizing the whole in above-mentioned technical proposal Or part process, relevant hardware can be instructed to realize by computer program, the program can be stored in one In computer-readable storage medium, the program is when being executed, it may include such as the process of above-mentioned each method, passes through holding for process Row, can obtain following effect:
1, the present invention passes through definition detection plug-in unit base class, the complete class members's variable etc. for defining the good all detection plug-in units of specification Attribute, all detection plug-in units need to only carry out function expansion based on plug-in unit base class to be obtained, and all detection plug-in units will be in number It is unified according to holding in structure.The building that detection plug-in unit can be significantly improved as a result, obtains efficiency and operation convenience;Meanwhile also will The reusability of plug-in unit is improved, plug-in unit is also easier to safeguard;Further, moreover it is possible to substantially reduce detection plug-in unit and detection system Coupling, and improve the collaborative of system iterative development.
2, the present invention has automatic, the local detection that timely updates plugin library function, can ensure that in time, effectively detect Newest security breaches problem.
3, the specific detection content organization of unity of application to be detected is stored and is passed at dictionary of information format by the present invention Enter detection, the progress of detection work can not only be facilitated, while being avoided that again and computing repeatedly and obtain, is inserted to significantly improve detection Part exploitation and operational effect.
4, the present invention is able to achieve each detection plug-in unit of dynamically load, it is ensured that difference detection plug-in unit carries out detection work in an orderly manner Make.
Embodiment one
Please refer to Fig. 1, the present embodiment provides it is a kind of based on plug-in unit load Android application safety monitoring method, suitable for pair Android APP carries out fully and effectively security breaches and detects, and detection method has lower coupling, high availability and can expand Malleability.
The method of the present embodiment the following steps are included:
(1) plug-in unit preparation process is detected
S1: definition detection plug-in unit base class;
A Hole Detection plug-in unit base class is defined and arranges, defining in base class includes plugin name, associated vulnerability number, Plug-in version, testing result, plug-in unit priority find quantity, the member variables attribute such as detecting state.Utilize object-oriented program (inheritance is a most important concept of Object-oriented Programming Design to the characteristic of Similar integral, and inheritance allows in structure in design At utilizing already existing class in the hierarchical structure of software systems and expanding them, to support new function), it is detected by rewriteeing The member variable and method of plug-in unit base class obtain different detection plug-in units, to realize to different security risk Hole Detection projects Assessment detection;So that the basic function of the plug-in unit in the Hole Detection plugin library established in next step based on detection plug-in unit base class It is consistent with data structure, and then improves the reusability of plug-in unit, be more readily maintained simultaneously.
In a specific example, being defined as follows for detection plug-in unit base class is shown:
Wherein, the vul_check function is the safety detection function function of the plug-in unit, is inherited and is realized by specific plug-in unit. It is public APK file dictionary of information that the function, which defines parameter an apk_info_dict, the apk_info_dict, including Md5, sha256, signing messages, packet name, Apply Names, authority information, module information, version information of APK file etc., it is public APK file dictionary of information is that plug-in unit calls unified collect before operation to obtain, primarily to facilitating the use of detection plug-in unit, is kept away Exempt to compute repeatedly and obtain, improves developing plug and operational effect.
Wherein, it detects in base class and also defines the unified format of testing result, returning the result must be list form, list In be result_item_tpl object, the result_item_tpl is a dictionary template, use " testing result, loophole Position and loophole content " triple constraint, to ensure to detect the completeness and uniformity of the testing result of plug-in unit.
S2: building detection plugin library;
Specifically, constructing the detection plug-in unit of corresponding common Android application loophole by inheriting the detection plug-in unit base class Library, and store to local specific plug-in catalogue.That is, only comprising for common Android in the detection plugin library of initial construction The detection plug-in unit detected using loophole.
S3: the newest detection plug-in unit list obtained according to timing from cloud server carries out more local detection plugin library Newly;
Specifically, will to obtain newest Android application from cloud server automatically according to predetermined period safe for system Plug-in unit list is detected, it is then subjected to diversity ratio pair with local plug-in unit catalogue file (i.e. detection plugin library), carries out local insert The updating operations such as part update, newly-increased.Upgrade mechanism is automatically updated by establishing detection plugin library, it is ensured that system is able to detect newest Security breaches risk.
(2), security scan detection process is automated
S4: the related information parameters of the apk file of application to be detected are obtained, and are deposited after being organized into dictionary of information format Storage;
Specifically, the step can be realized by following sub-step:
Firstly, carrying out operation fundamental analysis:
S41: parsing the apk file of application to be detected, obtains and applies essential information;
The step specifically includes:
41.1 extract the static information of the apk file of application to be detected;
41.2 describe file (AndroidManifest.xml by the information of decompiling apk file acquisition application to be detected File);
41.3 by parse the static information and the information describe file acquisition include application signature information, packet name, The application essential information of Apply Names, permissions list information, module information and version information etc..
Then, dynamic operation environmental preparation is carried out:
S42: to be detected apply in the information installed and starting operational process is related to is obtained;
The step specifically includes:
42.1 are ensured by adb (Android Debug Bridge is a kind of Android device debugging tool) Installation and operation equipment (the Android simulator or prototype) initialization of Android application (application to be detected) is ready;
42.2 are automatically mounted into APP to be detected application in above equipment, and start operation;
42.3 collect APP application install and starting operational process involved in information, the information include generate the file information, Network request information, API Calls information, runnable interface screenshot etc..
Finally, further includes:
S43: the file attributes information of APP file path, md5, file size etc. is collected;
S44: by all of above information, i.e. related information parameters (the application essential information of S41 acquisition, S42 of apk file The information and S43 of acquisition obtain the file attributes information) it carries out tissue storage and is named as apk_info_dict (apk information Dictionary) dictionary format.
S5: dynamically load detects all plug-in units in plugin library;
Specifically, can be realized by the plug-in unit load mechanism based on directory search, the specific steps are as follows:
S51: obtaining being locally stored under catalogue in addition to _ _ init__.py of the detection plugin library by search, and with It .py is the file of suffix name;
S52: using Python _ _ import__ () dynamically load previous step obtain file in all classes and its Function performance is obtained corresponding each plug-in unit example, the dynamic importing of plug-in unit is realized with this, like this successively will be qualified Plug-in unit loaded;
S53: each plug-in unit example is stored to example list, and the example list can be preset, by uniformly depositing example It stores up in example list and stores, facilitate calling and management.
S6: detection plug-in unit is called to be detected;
Specifically, the step can be realized by following sub-step:
Take out plug-in unit example one by one from example list;After taking out a plug-in unit example, afferent message dictionary format Related information parameters, i.e. the apk_info_dict parameter of S44;Then it executes in this plug-in unit example called and currently taken out Vul_check function completes the safety inspection when the corresponding safety detection project of anterior plug-in example when function is finished It surveys.After detection is finished, correlated results and the storage of execution will be extracted from when the member variable of anterior plug-in.
S7: output test result report.
Specifically, specified format is generated after effective weave connection being carried out to the corresponding testing result of each detection plug-in unit The Android application safety detection report of (such as word, pdf, html format) is shown.
It can be seen from the above, Android application safety monitoring method provided in this embodiment, defines a template plug-in unit first and comes Provide the function and format of all detection plug-in units;Then all detection plug-in units must be realized by inheriting template plug-in unit to difference The detection plug-in unit of APP security risk loophole is write and is uniformly placed under specific plug-in catalogue;And then it loads under plug-in unit catalogue All available plug-in units;Then be passed to the parameter of unified standard and successively execute the safety detection function function of each plug-in unit of calling into Row detection;The storage of related test results data loading is extracted after being finished;It is shown finally by necessary data organization form The safety detection of Android APP is reported.
Embodiment two
The present embodiment corresponding embodiment one provides a kind of computer readable storage medium, is stored thereon with computer program, Described program is able to achieve the Android application safety monitoring side based on plug-in unit load described in embodiment one when being executed by processor The step of method is included.Specific step content without repeating, please participate in the record of embodiment one herein in detail.
Wherein, the storage medium can be disk, optical disc, read-only memory (Read-Only Memory, ) or random access memory (Random Access Memory, RAM) etc. ROM.
Embodiment three
The present embodiment corresponding embodiment one provides a kind of Android application safety monitoring system based on plug-in unit load, passes through Specific functional modules realize method described in embodiment one.
Specifically, the system of the present embodiment includes fundamental analysis module 10, card module 20, plug-in unit loading module 30, inserts Part runs module 40, memory module 50, reporting modules 60 and injects update upgraded module 70, and the connection relationship of modules please join Read Fig. 2.
Wherein, the fundamental analysis module 10, for the apk_info_dict parameter that is prepared in advance before plug-in component operation, tool The implementation procedure of body referring to the S4 of embodiment one content.
Wherein, the card module 10, by all safety detections under template plug-in unit, plug-in unit catalogue and plug-in unit catalogue Plug-in unit composition.Wherein template plug-in unit is the base class of plug-in unit, and all safety detection plug-in units are all placed under specified plug-in unit catalogue, and And template plug-in unit class is inherited, and by rewriteeing template plug-in unit class members variable and method, to realize different security risk loopholes Assessment detection, while can ensure that the consistency of data structure.
Defined in template plug-in unit class members's variable plugin name, associated vulnerability number, plug-in version, testing result, Plug-in unit priority, find quantity, detecting state } etc. attributes.The detection that more contents of template plug-in unit see embodiment one is inserted Part base class.
Wherein, the plug-in unit loading module 20, using the plug-in unit load mechanism based on directory search, by searching for specified insert It is all except _ _ init__.py is using .py as suffix name file under part catalogue, using Python _ _ import__ () dynamically The example for recording the plug-in unit finished to realize the dynamic importing to plug-in unit, and is stored in a column by loading classes and function performance In table.
Wherein, then the plug-in component operation module 30 transports plug-in unit for the circulation taking-up plug-in unit example from example list Preprepared apk_info_dict parameter is incoming before row, and executes the vul_check function for calling plug-in unit.When having executed Bi Hou completes the safety detection to some safety detection project.After detection is finished, extracted from plug-in unit member variable The correlated results of execution.
Wherein, the memory module 40 is mainly used for storing security risk vulnerability database and safety detection result.For reporting It accuses module 50 and extracts related data, organize the formation of safety detection report.
Wherein, the update of plug-in upgraded module 60 is also ten since the timing for safety detection plug-in unit updates upgrading Point important, with the security risk continuous evolution of Android APP, the security breaches of android system are constantly disclosed, The recall rate of security breaches can effectively be ensured by updating the existing detection plug-in unit of upgrading.Therefore, by the module from cloud service Newest Android application safety detection plug-in unit list is obtained on device, is carried out diversity ratio pair with local plug-in unit catalogue file, is carried out Local plug-in unit such as is updated, increases newly at the updating operations, it is ensured that system is able to detect newest security breaches risk.
The present embodiment is the APP safety detecting system that a kind of structuring, general, lower coupling detection framework are realized, Have the characteristics that expansible, High Availabitity, can cooperate.
Specifically, expansible aspect, shows and proposes plug-in unit loading module in scheme using inserting based on directory search Part load mechanism, by all except _ _ init__.py is using .py as suffix name file under search specific plug-in catalogue, utilization Python _ _ import__ () dynamic loading type and function performance, to realize the dynamic importing to plug-in unit.
In terms of High Availabitity, show that update of plug-in upgraded module is capable of the update acquisition safe practice personnel research and development of timing Newest security breaches detect plug-in unit, can effectively ensure timely to find the security breaches recall rate of Android APP The security breaches of Android APP.
Can cooperate aspect, propose and define template plug-in unit class in scheme, complete to define specification class members's variable etc. Attribute.The safety detection tool for solving other height couplings is difficult to quickly update, and tool maintenance and system iterative development association The problem of the property made difference.Scheme realizes the iterative development safety detection plug-in capabilities of the remote collaborations such as team, community, it is ensured that Timeliness, the validity of Android APP security breaches detection discovery.
Example IV
The present embodiment corresponds to the above embodiments one to embodiment three, provides one specifically with scene:
Based on the android application safety detecting system and method for plug-in unit load, can provide to enterprise development Android APP carry out security scan detection, output Android APP safety detection report, allow Corporation R & D personnel and When the security breaches risk of APP is timely repaired, it is ensured that the safety of Android application product.
This programme can carry out security scan to the Android in the stages such as research and development, test, publication application, specifically answer It is as follows with process:
1, the APK installation package file for applying Android to be detected is passed in the detection system of this programme, is entered The security scan process of Android application;
2, detection system carries out APK file information extraction, dynamic operation environmental preparation etc. by fundamental analysis module, receives Collect necessary application foundation information, organizes the formation of Parameter Dictionary apk_info_dict;
3, detection system runs plug-in unit loading module, newest Android Hole Detection plug-in unit is loaded, one by one to each inspection It surveys plug-in unit and carries out example initialization, and in a list by example storage;
4, circulation takes out detection plug-in unit example list, calls the vul_check function instantiated in plug-in unit one by one, and pass Enter ready Parameter Dictionary apk_info_dict, the vul_check function in the plug-in unit is responsible for carrying out this loophole risk item Security breaches detection;
5, the testing result of return is saved by memory module and is put in storage;
6, the Android APP safety detection by the output of reporting modules tissue for this APK file is reported;
Wherein, the description sample of each detection project of Android APP safety detection report is as follows:
7, Corporation R & D personnel can compare the loophole risk prompted in safety detection report and repair and suggest carrying out safety It repairs, it is ensured that the safety of product.
In conclusion the Android application safety monitoring method provided by the invention based on plug-in unit load, storage medium, not only Have detection plug-in unit automatically updating function, can ensure that and detect newest security breaches accurately and in time, improves recall rate;And And the efficiency and collaborative of plug-in unit iterative development and maintenance can also be significantly improved by definition detection plug-in unit base class, so as to reality Comprehensive safety detection efficiently now is carried out to Android application.
The above description is only an embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalents made by bright specification and accompanying drawing content are applied directly or indirectly in relevant technical field, similarly include In scope of patent protection of the invention.

Claims (10)

1. based on the Android application safety monitoring method of plug-in unit load, characteristic is, comprising:
Definition detection plug-in unit base class;
By inheriting the detection plugin library of the corresponding common Android application loophole of detection plug-in unit base class building, and store to this Ground;
The newest detection plug-in unit list obtained according to timing from cloud server is updated local detection plugin library;
The related information parameters of the apk file of application to be detected are obtained, and are stored after being organized into dictionary of information format;
Dynamically load detects all plug-in units in plugin library;The related information parameters of afferent message dictionary format;
Successively execute each plug-in unit of loading.
2. the Android application safety monitoring method as described in claim 1 based on plug-in unit load, characteristic are, the detection Member variable attribute in plug-in unit base class includes that plugin name, associated vulnerability number, plug-in version, testing result, plug-in unit are excellent First grade, discovery quantity and detecting state.
3. the Android application safety monitoring method as described in claim 1 based on plug-in unit load, characteristic are, the acquisition The related information parameters of the apk file of application to be detected, and stored after being organized into dictionary of information format, specifically:
The apk file of application to be detected is parsed, obtains and applies essential information;
Obtain to be detected apply in the information installed and starting operational process is related to;
Obtain the file attributes information of the apk file;
Tissue includes that the related information parameters using essential information, the information and the file attributes information are information word It is stored after allusion quotation format.
4. the Android application safety monitoring method as claimed in claim 3 based on plug-in unit load, characteristic are, the parsing The apk file of application to be detected obtains and applies essential information, specifically:
Extract the static information of the apk file of application to be detected;
File is described by the information of decompiling apk file acquisition application to be detected;
By parse the static information and the information describe file acquisition include application signature information, packet name, Apply Names, The application essential information of permissions list information, module information and version information.
5. the Android application safety monitoring method as claimed in claim 3 based on plug-in unit load, characteristic are, the acquisition It is to be detected to apply in the information installed and starting operational process is related to, specifically:
Initialize the installation and operation equipment of application to be detected;
The apk file of application to be detected is installed to the equipment, and starts operation;
Collect the apk file install and start operational process involved in information, the information include generate the file information, Network request information, API Calls information and runnable interface screenshot.
6. the Android application safety monitoring method as claimed in claim 3 based on plug-in unit load, characteristic are, the file Characteristic information includes application file path, md5 and file size.
7. the Android application safety monitoring method as described in claim 1 based on plug-in unit load, characteristic are, the dynamic All plug-in units in load detection plugin library, specifically:
Being locally stored under catalogue in addition to _ _ init__.py and using .py as suffix of the detection plugin library is obtained by search The file of name;
Using Python _ _ import__ () dynamically load described in all classes and its function performance in file, obtain corresponding Each plug-in unit example;
Each plug-in unit example is stored to example list.
8. the Android application safety monitoring method as claimed in claim 7 based on plug-in unit load, characteristic is, it is described successively The each plug-in unit being loaded into is executed, specifically:
The plug-in unit example in example list is taken out one by one, and the vul_ for calling taken out plug-in unit example is executed after taking-up Check function;
Special loophole is carried out to the related information parameters of incoming dictionary of information format by the vul_check function currently called It detects and returns to corresponding testing result.
9. the Android application safety monitoring method as described in claim 1 based on plug-in unit load, characteristic are, further includes:
Output test result report.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that described program is being located When managing device execution, it is able to achieve the Android application safety monitoring based on plug-in unit load described in the claims 1-9 any one The step of method is included.
CN201910183861.0A 2019-03-12 2019-03-12 Android application security monitoring method based on plug-in loading and storage medium Active CN109977670B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910183861.0A CN109977670B (en) 2019-03-12 2019-03-12 Android application security monitoring method based on plug-in loading and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910183861.0A CN109977670B (en) 2019-03-12 2019-03-12 Android application security monitoring method based on plug-in loading and storage medium

Publications (2)

Publication Number Publication Date
CN109977670A true CN109977670A (en) 2019-07-05
CN109977670B CN109977670B (en) 2021-06-29

Family

ID=67078515

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910183861.0A Active CN109977670B (en) 2019-03-12 2019-03-12 Android application security monitoring method based on plug-in loading and storage medium

Country Status (1)

Country Link
CN (1) CN109977670B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110704035A (en) * 2019-10-17 2020-01-17 北京首贝科技发展有限公司 Plug-in type software architecture system and implementation method thereof
CN111079150A (en) * 2019-11-25 2020-04-28 哈尔滨安天科技集团股份有限公司 Patch vulnerability risk assessment method and device, electronic equipment and storage medium
CN111552524A (en) * 2020-05-06 2020-08-18 Oppo(重庆)智能科技有限公司 Plug-in loading method and device and computer readable storage medium
CN112100620A (en) * 2020-09-04 2020-12-18 百度在线网络技术(北京)有限公司 Code security detection method, device, equipment and readable storage medium
CN112559083A (en) * 2020-12-24 2021-03-26 成都新希望金融信息有限公司 Function plug-in execution method and device, electronic equipment and storage medium
CN113821797A (en) * 2020-06-18 2021-12-21 中国电信股份有限公司 Security detection method and device for software development kit and storage medium
CN114217873A (en) * 2021-12-14 2022-03-22 北京鲸鲮信息系统技术有限公司 Plug-in determining method and device, electronic equipment and storage medium
CN115333939A (en) * 2022-07-27 2022-11-11 青岛海尔空调电子有限公司 Operation control method, device and medium of internet of things gateway supporting edge computing

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7788602B2 (en) * 2000-06-06 2010-08-31 Microsoft Corporation Method and system for providing restricted actions for recognized semantic categories
CN102902908A (en) * 2012-10-08 2013-01-30 北京奇虎科技有限公司 Device and method for detecting security of free-of-installation Active X plug-in
CN103106368A (en) * 2013-02-26 2013-05-15 南京理工大学常熟研究院有限公司 Vulnerability scanning method for grade protection
CN103268444A (en) * 2012-12-28 2013-08-28 武汉安天信息技术有限责任公司 Android malicious code detection system and method based on plugin loading
CN103377041A (en) * 2012-04-24 2013-10-30 腾讯科技(深圳)有限公司 Function bar achievement method and device
CN104536733A (en) * 2014-12-10 2015-04-22 广东欧珀移动通信有限公司 Method for describing plug-in android package and mobile terminal
CN104717301A (en) * 2015-03-27 2015-06-17 北京奇虎科技有限公司 Plug-in download method and device
CN105095348A (en) * 2015-06-09 2015-11-25 北京织星科技有限公司 Method for dynamically configuring website through XML (Extensive Markup Language)
CN105610776A (en) * 2015-09-24 2016-05-25 中科信息安全共性技术国家工程研究中心有限公司 Cloud calculating IaaS layer high risk safety loophole detection method and system thereof
CN106020840A (en) * 2016-05-31 2016-10-12 浪潮软件股份有限公司 Device, system and method for constructing hybrid apk

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7788602B2 (en) * 2000-06-06 2010-08-31 Microsoft Corporation Method and system for providing restricted actions for recognized semantic categories
CN103377041A (en) * 2012-04-24 2013-10-30 腾讯科技(深圳)有限公司 Function bar achievement method and device
CN102902908A (en) * 2012-10-08 2013-01-30 北京奇虎科技有限公司 Device and method for detecting security of free-of-installation Active X plug-in
CN103268444A (en) * 2012-12-28 2013-08-28 武汉安天信息技术有限责任公司 Android malicious code detection system and method based on plugin loading
CN103106368A (en) * 2013-02-26 2013-05-15 南京理工大学常熟研究院有限公司 Vulnerability scanning method for grade protection
CN104536733A (en) * 2014-12-10 2015-04-22 广东欧珀移动通信有限公司 Method for describing plug-in android package and mobile terminal
CN104717301A (en) * 2015-03-27 2015-06-17 北京奇虎科技有限公司 Plug-in download method and device
CN105095348A (en) * 2015-06-09 2015-11-25 北京织星科技有限公司 Method for dynamically configuring website through XML (Extensive Markup Language)
CN105610776A (en) * 2015-09-24 2016-05-25 中科信息安全共性技术国家工程研究中心有限公司 Cloud calculating IaaS layer high risk safety loophole detection method and system thereof
CN106020840A (en) * 2016-05-31 2016-10-12 浪潮软件股份有限公司 Device, system and method for constructing hybrid apk

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张卫丰等: "基于动态行为分析的网页木马检测方法", 《软件学报》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110704035A (en) * 2019-10-17 2020-01-17 北京首贝科技发展有限公司 Plug-in type software architecture system and implementation method thereof
CN111079150A (en) * 2019-11-25 2020-04-28 哈尔滨安天科技集团股份有限公司 Patch vulnerability risk assessment method and device, electronic equipment and storage medium
CN111079150B (en) * 2019-11-25 2023-09-05 安天科技集团股份有限公司 Vulnerability risk assessment method and device for patch, electronic equipment and storage medium
CN111552524A (en) * 2020-05-06 2020-08-18 Oppo(重庆)智能科技有限公司 Plug-in loading method and device and computer readable storage medium
CN111552524B (en) * 2020-05-06 2023-10-13 Oppo(重庆)智能科技有限公司 Plug-in loading method and device and computer readable storage medium
CN113821797A (en) * 2020-06-18 2021-12-21 中国电信股份有限公司 Security detection method and device for software development kit and storage medium
CN112100620A (en) * 2020-09-04 2020-12-18 百度在线网络技术(北京)有限公司 Code security detection method, device, equipment and readable storage medium
CN112100620B (en) * 2020-09-04 2024-02-06 百度在线网络技术(北京)有限公司 Code security detection method, apparatus, device and readable storage medium
CN112559083A (en) * 2020-12-24 2021-03-26 成都新希望金融信息有限公司 Function plug-in execution method and device, electronic equipment and storage medium
CN112559083B (en) * 2020-12-24 2023-08-04 成都新希望金融信息有限公司 Function plug-in execution method, device, electronic equipment and storage medium
CN114217873A (en) * 2021-12-14 2022-03-22 北京鲸鲮信息系统技术有限公司 Plug-in determining method and device, electronic equipment and storage medium
CN115333939A (en) * 2022-07-27 2022-11-11 青岛海尔空调电子有限公司 Operation control method, device and medium of internet of things gateway supporting edge computing

Also Published As

Publication number Publication date
CN109977670B (en) 2021-06-29

Similar Documents

Publication Publication Date Title
CN109977670A (en) Android application safety monitoring method, storage medium based on plug-in unit load
US9811668B2 (en) Multi-context exploit test management
US9792203B2 (en) Isolated testing of distributed development projects
CN111240994B (en) Vulnerability processing method and device, electronic equipment and readable storage medium
US8904353B1 (en) Highly reusable test frameworks and tests for web services
US20120192153A1 (en) Method and system for providing a testing framework
US20070266165A1 (en) Test automation method for software programs
CN107832207A (en) Interface performance test method, apparatus, storage medium and computer equipment
CN112650688B (en) Automated regression testing method, associated device and computer program product
CN112860556B (en) Coverage rate statistics method, coverage rate statistics device, computer system and readable storage medium
CN105704130A (en) Electricity safety system based on wireless communication devices
CN116880892A (en) Tobacco industry enterprise application system source code control method
CN109992496A (en) A kind of data processing method and device for automatic test
Devroey et al. JUGE: An infrastructure for benchmarking Java unit test generators
Hummer et al. Testing of data‐centric and event‐based dynamic service compositions
CN113535567B (en) Software testing method, device, equipment and medium
CN111125066B (en) Method and device for detecting functions of database auditing equipment
CN109471646A (en) A kind of upgrade method, device and the storage medium of the BMC version of server
CN116599881A (en) Cloud platform tenant modeling test method, device, equipment and storage medium
US20220337620A1 (en) System for collecting computer network entity information employing abstract models
CN117009972A (en) Vulnerability detection method, vulnerability detection device, computer equipment and storage medium
Di Ruscio et al. Simulating upgrades of complex systems: The case of Free and Open Source Software
Foganholi et al. Supporting Technical Debt Cataloging with TD‐Tracker Tool
Kolb et al. Nucleus-Unified Deployment and Management for Platform as a Service
Rôla Dynamic security testing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant