CN109977670A - Android application safety monitoring method, storage medium based on plug-in unit load - Google Patents
Android application safety monitoring method, storage medium based on plug-in unit load Download PDFInfo
- Publication number
- CN109977670A CN109977670A CN201910183861.0A CN201910183861A CN109977670A CN 109977670 A CN109977670 A CN 109977670A CN 201910183861 A CN201910183861 A CN 201910183861A CN 109977670 A CN109977670 A CN 109977670A
- Authority
- CN
- China
- Prior art keywords
- plug
- information
- unit
- detection
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
- G06F9/44526—Plug-ins; Add-ons
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The present invention provides Android application safety monitoring method, the storage medium loaded based on plug-in unit, and method includes: definition detection plug-in unit base class;By inheriting detection plug-in unit base class building detection plugin library, and store to local;The newest detection plug-in unit list obtained according to timing from cloud server is updated local detection plugin library;The related information parameters of the apk file of application to be detected are obtained, and are stored after being organized into dictionary of information format;Dynamically load detects all plug-in units in plugin library;The related information parameters of afferent message dictionary format;Successively execute each plug-in unit of loading.The present invention not only has detection plug-in unit automatically updating function, can ensure that and detects newest security breaches accurately and in time, improves recall rate;And the efficiency and collaborative of plug-in unit iterative development and maintenance can also be significantly improved by definition detection plug-in unit base class, comprehensive safety detection efficiently is carried out to Android application so as to realize.
Description
Technical field
The present invention relates to information security fields, and in particular to based on plug-in unit load Android application safety monitoring method, deposit
Storage media.
Background technique
Android APP is being designed, is developing, installing and running in use process, may all introduce or bring
Safety issue, including APP installation kit safety, sensitive information leakage, data communications security, component safety, service end interface peace
Entirely, service logic safety etc..
The existing safety detection for Android APP is mostly based on the method for decompiling.Such as utilize decompiling work
Tool carries out decompiling to APK and handles to obtain code, then passes through the analysis and scanning technique of condition code combination static code
To realize that security breaches detect.But the safety detection tool of coupling high in this way is difficult to quickly update and realize to newest loophole
Discovery detectability, and tool maintenance and system iterative development collaborative are also poor.Therefore, a structuring is needed
Ground, universally, lower coupling detection method realize the expansible of APP safety detecting system, High Availabitity, can cooperate.
Summary of the invention
The technical problems to be solved by the present invention are: providing a kind of Android application safety monitoring side based on plug-in unit load
Method, storage medium have lower coupling, high availability, scalability and versatility.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention are as follows:
Android application safety monitoring method based on plug-in unit load, comprising:
Definition detection plug-in unit base class;
By inheriting the detection plugin library of the corresponding common Android application loophole of detection plug-in unit base class building, and store to
It is local;
The newest detection plug-in unit list obtained according to timing from cloud server is updated local detection plugin library;
The related information parameters of the apk file of application to be detected are obtained, and are stored after being organized into dictionary of information format;
Dynamically load detects all plug-in units in plugin library;The related information parameters of afferent message dictionary format;
Successively execute each plug-in unit of loading.
Another technical solution provided by the invention are as follows:
A kind of computer readable storage medium is stored thereon with computer program, described program when being executed by processor,
It is able to achieve the step of above-mentioned Android application safety monitoring method based on plug-in unit load is included.
The beneficial effects of the present invention are:
1, the present invention passes through definition detection plug-in unit base class, the complete class members's variable etc. for defining the good all detection plug-in units of specification
Attribute, all detection plug-in units need to only carry out function expansion based on plug-in unit base class to be obtained, and all detection plug-in units will be in number
It is unified according to holding in structure.The building that detection plug-in unit can be significantly improved as a result, obtains efficiency and operation convenience;Meanwhile also will
The reusability of plug-in unit is improved, plug-in unit is also easier to safeguard;Further, moreover it is possible to substantially reduce detection plug-in unit and detection system
Coupling, and improve the collaborative of system iterative development.
2, the present invention has automatic, the local detection that timely updates plugin library function, can ensure that in time, effectively detect
Newest security breaches problem.
3, the specific detection content organization of unity of application to be detected is stored and is passed at dictionary of information format by the present invention
Enter detection, the progress of detection work can not only be facilitated, while being avoided that again and computing repeatedly and obtain, is inserted to significantly improve detection
Part exploitation and operational effect.
4, the present invention is able to achieve each detection plug-in unit of dynamically load, it is ensured that difference detection plug-in unit carries out detection work in an orderly manner
Make.
Detailed description of the invention
Fig. 1 is the flow diagram for the Android application safety monitoring method that the embodiment of the present invention is loaded based on plug-in unit;
Fig. 2 is the composition and connection signal for the Android application safety monitoring system that the embodiment of the present invention three is loaded based on plug-in unit
Figure.
Label declaration:
10, fundamental analysis module;20, card module;30, plug-in unit loading module;
40, plug-in component operation module;50, memory module;60, reporting modules;
70, it injects and updates upgraded module.
Specific embodiment
To explain the technical content, the achieved purpose and the effect of the present invention in detail, below in conjunction with embodiment and cooperate attached
Figure is explained.
The most critical design of the present invention is: all detection plug-in units carry out function expansion based on the detection plug-in unit base class defined
Fill, greatly improve plug-in unit reusability and can collaborative, while reducing and the coupling and maintenance cost of detection system;Cooperation
Local detection pin function, dynamically load pin function and detection content dictionary of information are automatically updated, detection can be significantly improved
The validity of efficiency and testing result.
Explanation of technical terms of the present invention:
Fig. 1 is please referred to, the present invention provides the Android application safety monitoring method loaded based on plug-in unit, comprising:
Definition detection plug-in unit base class;
By inheriting the detection plugin library of the corresponding common Android application loophole of detection plug-in unit base class building, and store to
It is local;
The newest detection plug-in unit list obtained according to timing from cloud server is updated local detection plugin library;
The related information parameters of the apk file of application to be detected are obtained, and are stored after being organized into dictionary of information format;
Dynamically load detects all plug-in units in plugin library;The related information parameters of afferent message dictionary format;
Successively execute each plug-in unit of loading.
As can be seen from the above description, the beneficial effects of the present invention are: the present invention is by structuring, general, lower coupling
Detection framework realize APP safety detection method, have the characteristics that expansible, High Availabitity and can cooperate.
Wherein, expansible aspect is shown using each detection plug-in unit of dynamically load.
In terms of High Availabitity, show that the update for capableing of timing obtains the newest security breaches detection of safe practice personnel research and development
Plug-in unit can effectively improve the security breaches recall rate of Android APP, find the safety leakage of Android APP in time
Hole.
Can cooperate aspect, just show and pre-defined detection plug-in unit base class, complete to define specification class members's variable
Equal attributes.It is difficult to quickly update to solve the safety detection tool of other height couplings, and tool maintenance and system iteration
Develop the problem of collaborative difference;And then the iterative development safety detection plug-in capabilities of the remote collaborations such as team, community are realized, really
The timeliness and validity of the detection discovery of Android APP security breaches are protected.
Further, it is described detection plug-in unit base class in member variable attribute include plugin name, associated vulnerability number,
Plug-in version, testing result, plug-in unit priority, discovery quantity and detecting state.
Seen from the above description, pass through plugin name, associated loophole used in the good all detection plug-in units of preparatory specification
Number, plug-in version, testing result, plug-in unit priority, discovery quantity and detecting state, to ensure all detection plug-in units in data
Being consistent property in structure.
Further, the related information parameters of the apk file for obtaining application to be detected, and it is organized into information word
It is stored after allusion quotation format, specifically:
The apk file of application to be detected is parsed, obtains and applies essential information;
Obtain to be detected apply in the information installed and starting operational process is related to;
Obtain the file attributes information of the apk file;
Tissue includes that the related information parameters using essential information, the information and the file attributes information are letter
It is stored after breath dictionary format.
Seen from the above description, pass through the apk file basis information and file attributes information of collection application to be detected, installation
With all information for being related to of starting operational process, to ensure that content detected is more comprehensive and specific aim, to improve inspection
Survey the accuracy of result.
Further, the apk file of the parsing application to be detected, obtains and applies essential information, specifically:
Extract the static information of the apk file of application to be detected;
File is described by the information of decompiling apk file acquisition application to be detected;
It describes file acquisition by parsing the static information and the information and includes application signature information, packet name, applies
Title, permissions list information, the application essential information of module information and version information.
Seen from the above description, the essential information that application to be detected will be obtained by static analysis, improves content to be detected
It is comprehensive.
It is further, described to obtain the information to be detected applied and be related in installation and starting operational process, specifically:
Initialize the installation and operation equipment of application to be detected;
The apk file of application to be detected is installed to the equipment, and starts operation;
It includes generating file that the apk file, which is collected, installing and starting information involved in operational process, the information
Information, network request information, API Calls information and runnable interface screenshot.
Seen from the above description, it will be collected simultaneously to apply and installing and starting all information involved in operational process,
Further increase the validity of the comprehensive and testing result of detection content.
Further, the file attributes information includes application file path, md5 and file size.
Seen from the above description, the file attributes information of application to be detected will also be detected together, it is ensured that detection is comprehensive
With the reliability of testing result.
Further, all plug-in units in the dynamically load detection plugin library, specifically:
Being locally stored under catalogue in addition to _ _ init__.py and with .py being for the detection plugin library is obtained by search
The file of suffix name;
Using Python _ _ import__ () dynamically load described in all classes and its function performance in file, obtain pair
The each plug-in unit example answered;
Each plug-in unit example is stored to example list.
Seen from the above description, using the plug-in unit load mechanism based on directory search, by under search specific plug-in catalogue
It is all except _ _ init__.py is using .py as suffix name file, using Python _ _ import__ () dynamic loading type with
Function performance, to realize the dynamic importing to plug-in unit, so that the present invention has scalability.
Further, each plug-in unit for successively executing loading, specifically:
The plug-in unit example in example list is taken out one by one, and the vul_ for calling taken out plug-in unit example is executed after taking-up
Check function;
The related information parameters of incoming dictionary of information format are carried out by the vul_check function currently called special
Hole Detection simultaneously returns to corresponding testing result.
Seen from the above description, plug-in unit example is called by executing one by one, completes the corresponding peace of each plug-in unit example one by one
The safety detection of full detection project, realizes the order of detection, avoids omitting.
Further, further includes:
Output test result report.
Seen from the above description, test results report, Neng Gouzhi are generated according to the corresponding testing result of every detection project
The data safety situation seen ground, comprehensively show application to be detected for research staff, to carry out processing and perfect, raising in time
The safety of product.
Another technical solution provided by the invention are as follows:
A kind of computer readable storage medium is stored thereon with computer program, described program when being executed by processor,
It is able to achieve the step of above-mentioned Android application safety monitoring method based on plug-in unit load is included.
As can be seen from the above description, corresponding those of ordinary skill in the art will appreciate that realizing the whole in above-mentioned technical proposal
Or part process, relevant hardware can be instructed to realize by computer program, the program can be stored in one
In computer-readable storage medium, the program is when being executed, it may include such as the process of above-mentioned each method, passes through holding for process
Row, can obtain following effect:
1, the present invention passes through definition detection plug-in unit base class, the complete class members's variable etc. for defining the good all detection plug-in units of specification
Attribute, all detection plug-in units need to only carry out function expansion based on plug-in unit base class to be obtained, and all detection plug-in units will be in number
It is unified according to holding in structure.The building that detection plug-in unit can be significantly improved as a result, obtains efficiency and operation convenience;Meanwhile also will
The reusability of plug-in unit is improved, plug-in unit is also easier to safeguard;Further, moreover it is possible to substantially reduce detection plug-in unit and detection system
Coupling, and improve the collaborative of system iterative development.
2, the present invention has automatic, the local detection that timely updates plugin library function, can ensure that in time, effectively detect
Newest security breaches problem.
3, the specific detection content organization of unity of application to be detected is stored and is passed at dictionary of information format by the present invention
Enter detection, the progress of detection work can not only be facilitated, while being avoided that again and computing repeatedly and obtain, is inserted to significantly improve detection
Part exploitation and operational effect.
4, the present invention is able to achieve each detection plug-in unit of dynamically load, it is ensured that difference detection plug-in unit carries out detection work in an orderly manner
Make.
Embodiment one
Please refer to Fig. 1, the present embodiment provides it is a kind of based on plug-in unit load Android application safety monitoring method, suitable for pair
Android APP carries out fully and effectively security breaches and detects, and detection method has lower coupling, high availability and can expand
Malleability.
The method of the present embodiment the following steps are included:
(1) plug-in unit preparation process is detected
S1: definition detection plug-in unit base class;
A Hole Detection plug-in unit base class is defined and arranges, defining in base class includes plugin name, associated vulnerability number,
Plug-in version, testing result, plug-in unit priority find quantity, the member variables attribute such as detecting state.Utilize object-oriented program
(inheritance is a most important concept of Object-oriented Programming Design to the characteristic of Similar integral, and inheritance allows in structure in design
At utilizing already existing class in the hierarchical structure of software systems and expanding them, to support new function), it is detected by rewriteeing
The member variable and method of plug-in unit base class obtain different detection plug-in units, to realize to different security risk Hole Detection projects
Assessment detection;So that the basic function of the plug-in unit in the Hole Detection plugin library established in next step based on detection plug-in unit base class
It is consistent with data structure, and then improves the reusability of plug-in unit, be more readily maintained simultaneously.
In a specific example, being defined as follows for detection plug-in unit base class is shown:
Wherein, the vul_check function is the safety detection function function of the plug-in unit, is inherited and is realized by specific plug-in unit.
It is public APK file dictionary of information that the function, which defines parameter an apk_info_dict, the apk_info_dict, including
Md5, sha256, signing messages, packet name, Apply Names, authority information, module information, version information of APK file etc., it is public
APK file dictionary of information is that plug-in unit calls unified collect before operation to obtain, primarily to facilitating the use of detection plug-in unit, is kept away
Exempt to compute repeatedly and obtain, improves developing plug and operational effect.
Wherein, it detects in base class and also defines the unified format of testing result, returning the result must be list form, list
In be result_item_tpl object, the result_item_tpl is a dictionary template, use " testing result, loophole
Position and loophole content " triple constraint, to ensure to detect the completeness and uniformity of the testing result of plug-in unit.
S2: building detection plugin library;
Specifically, constructing the detection plug-in unit of corresponding common Android application loophole by inheriting the detection plug-in unit base class
Library, and store to local specific plug-in catalogue.That is, only comprising for common Android in the detection plugin library of initial construction
The detection plug-in unit detected using loophole.
S3: the newest detection plug-in unit list obtained according to timing from cloud server carries out more local detection plugin library
Newly;
Specifically, will to obtain newest Android application from cloud server automatically according to predetermined period safe for system
Plug-in unit list is detected, it is then subjected to diversity ratio pair with local plug-in unit catalogue file (i.e. detection plugin library), carries out local insert
The updating operations such as part update, newly-increased.Upgrade mechanism is automatically updated by establishing detection plugin library, it is ensured that system is able to detect newest
Security breaches risk.
(2), security scan detection process is automated
S4: the related information parameters of the apk file of application to be detected are obtained, and are deposited after being organized into dictionary of information format
Storage;
Specifically, the step can be realized by following sub-step:
Firstly, carrying out operation fundamental analysis:
S41: parsing the apk file of application to be detected, obtains and applies essential information;
The step specifically includes:
41.1 extract the static information of the apk file of application to be detected;
41.2 describe file (AndroidManifest.xml by the information of decompiling apk file acquisition application to be detected
File);
41.3 by parse the static information and the information describe file acquisition include application signature information, packet name,
The application essential information of Apply Names, permissions list information, module information and version information etc..
Then, dynamic operation environmental preparation is carried out:
S42: to be detected apply in the information installed and starting operational process is related to is obtained;
The step specifically includes:
42.1 are ensured by adb (Android Debug Bridge is a kind of Android device debugging tool)
Installation and operation equipment (the Android simulator or prototype) initialization of Android application (application to be detected) is ready;
42.2 are automatically mounted into APP to be detected application in above equipment, and start operation;
42.3 collect APP application install and starting operational process involved in information, the information include generate the file information,
Network request information, API Calls information, runnable interface screenshot etc..
Finally, further includes:
S43: the file attributes information of APP file path, md5, file size etc. is collected;
S44: by all of above information, i.e. related information parameters (the application essential information of S41 acquisition, S42 of apk file
The information and S43 of acquisition obtain the file attributes information) it carries out tissue storage and is named as apk_info_dict (apk information
Dictionary) dictionary format.
S5: dynamically load detects all plug-in units in plugin library;
Specifically, can be realized by the plug-in unit load mechanism based on directory search, the specific steps are as follows:
S51: obtaining being locally stored under catalogue in addition to _ _ init__.py of the detection plugin library by search, and with
It .py is the file of suffix name;
S52: using Python _ _ import__ () dynamically load previous step obtain file in all classes and its
Function performance is obtained corresponding each plug-in unit example, the dynamic importing of plug-in unit is realized with this, like this successively will be qualified
Plug-in unit loaded;
S53: each plug-in unit example is stored to example list, and the example list can be preset, by uniformly depositing example
It stores up in example list and stores, facilitate calling and management.
S6: detection plug-in unit is called to be detected;
Specifically, the step can be realized by following sub-step:
Take out plug-in unit example one by one from example list;After taking out a plug-in unit example, afferent message dictionary format
Related information parameters, i.e. the apk_info_dict parameter of S44;Then it executes in this plug-in unit example called and currently taken out
Vul_check function completes the safety inspection when the corresponding safety detection project of anterior plug-in example when function is finished
It surveys.After detection is finished, correlated results and the storage of execution will be extracted from when the member variable of anterior plug-in.
S7: output test result report.
Specifically, specified format is generated after effective weave connection being carried out to the corresponding testing result of each detection plug-in unit
The Android application safety detection report of (such as word, pdf, html format) is shown.
It can be seen from the above, Android application safety monitoring method provided in this embodiment, defines a template plug-in unit first and comes
Provide the function and format of all detection plug-in units;Then all detection plug-in units must be realized by inheriting template plug-in unit to difference
The detection plug-in unit of APP security risk loophole is write and is uniformly placed under specific plug-in catalogue;And then it loads under plug-in unit catalogue
All available plug-in units;Then be passed to the parameter of unified standard and successively execute the safety detection function function of each plug-in unit of calling into
Row detection;The storage of related test results data loading is extracted after being finished;It is shown finally by necessary data organization form
The safety detection of Android APP is reported.
Embodiment two
The present embodiment corresponding embodiment one provides a kind of computer readable storage medium, is stored thereon with computer program,
Described program is able to achieve the Android application safety monitoring side based on plug-in unit load described in embodiment one when being executed by processor
The step of method is included.Specific step content without repeating, please participate in the record of embodiment one herein in detail.
Wherein, the storage medium can be disk, optical disc, read-only memory (Read-Only Memory,
) or random access memory (Random Access Memory, RAM) etc. ROM.
Embodiment three
The present embodiment corresponding embodiment one provides a kind of Android application safety monitoring system based on plug-in unit load, passes through
Specific functional modules realize method described in embodiment one.
Specifically, the system of the present embodiment includes fundamental analysis module 10, card module 20, plug-in unit loading module 30, inserts
Part runs module 40, memory module 50, reporting modules 60 and injects update upgraded module 70, and the connection relationship of modules please join
Read Fig. 2.
Wherein, the fundamental analysis module 10, for the apk_info_dict parameter that is prepared in advance before plug-in component operation, tool
The implementation procedure of body referring to the S4 of embodiment one content.
Wherein, the card module 10, by all safety detections under template plug-in unit, plug-in unit catalogue and plug-in unit catalogue
Plug-in unit composition.Wherein template plug-in unit is the base class of plug-in unit, and all safety detection plug-in units are all placed under specified plug-in unit catalogue, and
And template plug-in unit class is inherited, and by rewriteeing template plug-in unit class members variable and method, to realize different security risk loopholes
Assessment detection, while can ensure that the consistency of data structure.
Defined in template plug-in unit class members's variable plugin name, associated vulnerability number, plug-in version, testing result,
Plug-in unit priority, find quantity, detecting state } etc. attributes.The detection that more contents of template plug-in unit see embodiment one is inserted
Part base class.
Wherein, the plug-in unit loading module 20, using the plug-in unit load mechanism based on directory search, by searching for specified insert
It is all except _ _ init__.py is using .py as suffix name file under part catalogue, using Python _ _ import__ () dynamically
The example for recording the plug-in unit finished to realize the dynamic importing to plug-in unit, and is stored in a column by loading classes and function performance
In table.
Wherein, then the plug-in component operation module 30 transports plug-in unit for the circulation taking-up plug-in unit example from example list
Preprepared apk_info_dict parameter is incoming before row, and executes the vul_check function for calling plug-in unit.When having executed
Bi Hou completes the safety detection to some safety detection project.After detection is finished, extracted from plug-in unit member variable
The correlated results of execution.
Wherein, the memory module 40 is mainly used for storing security risk vulnerability database and safety detection result.For reporting
It accuses module 50 and extracts related data, organize the formation of safety detection report.
Wherein, the update of plug-in upgraded module 60 is also ten since the timing for safety detection plug-in unit updates upgrading
Point important, with the security risk continuous evolution of Android APP, the security breaches of android system are constantly disclosed,
The recall rate of security breaches can effectively be ensured by updating the existing detection plug-in unit of upgrading.Therefore, by the module from cloud service
Newest Android application safety detection plug-in unit list is obtained on device, is carried out diversity ratio pair with local plug-in unit catalogue file, is carried out
Local plug-in unit such as is updated, increases newly at the updating operations, it is ensured that system is able to detect newest security breaches risk.
The present embodiment is the APP safety detecting system that a kind of structuring, general, lower coupling detection framework are realized,
Have the characteristics that expansible, High Availabitity, can cooperate.
Specifically, expansible aspect, shows and proposes plug-in unit loading module in scheme using inserting based on directory search
Part load mechanism, by all except _ _ init__.py is using .py as suffix name file under search specific plug-in catalogue, utilization
Python _ _ import__ () dynamic loading type and function performance, to realize the dynamic importing to plug-in unit.
In terms of High Availabitity, show that update of plug-in upgraded module is capable of the update acquisition safe practice personnel research and development of timing
Newest security breaches detect plug-in unit, can effectively ensure timely to find the security breaches recall rate of Android APP
The security breaches of Android APP.
Can cooperate aspect, propose and define template plug-in unit class in scheme, complete to define specification class members's variable etc.
Attribute.The safety detection tool for solving other height couplings is difficult to quickly update, and tool maintenance and system iterative development association
The problem of the property made difference.Scheme realizes the iterative development safety detection plug-in capabilities of the remote collaborations such as team, community, it is ensured that
Timeliness, the validity of Android APP security breaches detection discovery.
Example IV
The present embodiment corresponds to the above embodiments one to embodiment three, provides one specifically with scene:
Based on the android application safety detecting system and method for plug-in unit load, can provide to enterprise development
Android APP carry out security scan detection, output Android APP safety detection report, allow Corporation R & D personnel and
When the security breaches risk of APP is timely repaired, it is ensured that the safety of Android application product.
This programme can carry out security scan to the Android in the stages such as research and development, test, publication application, specifically answer
It is as follows with process:
1, the APK installation package file for applying Android to be detected is passed in the detection system of this programme, is entered
The security scan process of Android application;
2, detection system carries out APK file information extraction, dynamic operation environmental preparation etc. by fundamental analysis module, receives
Collect necessary application foundation information, organizes the formation of Parameter Dictionary apk_info_dict;
3, detection system runs plug-in unit loading module, newest Android Hole Detection plug-in unit is loaded, one by one to each inspection
It surveys plug-in unit and carries out example initialization, and in a list by example storage;
4, circulation takes out detection plug-in unit example list, calls the vul_check function instantiated in plug-in unit one by one, and pass
Enter ready Parameter Dictionary apk_info_dict, the vul_check function in the plug-in unit is responsible for carrying out this loophole risk item
Security breaches detection;
5, the testing result of return is saved by memory module and is put in storage;
6, the Android APP safety detection by the output of reporting modules tissue for this APK file is reported;
Wherein, the description sample of each detection project of Android APP safety detection report is as follows:
7, Corporation R & D personnel can compare the loophole risk prompted in safety detection report and repair and suggest carrying out safety
It repairs, it is ensured that the safety of product.
In conclusion the Android application safety monitoring method provided by the invention based on plug-in unit load, storage medium, not only
Have detection plug-in unit automatically updating function, can ensure that and detect newest security breaches accurately and in time, improves recall rate;And
And the efficiency and collaborative of plug-in unit iterative development and maintenance can also be significantly improved by definition detection plug-in unit base class, so as to reality
Comprehensive safety detection efficiently now is carried out to Android application.
The above description is only an embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalents made by bright specification and accompanying drawing content are applied directly or indirectly in relevant technical field, similarly include
In scope of patent protection of the invention.
Claims (10)
1. based on the Android application safety monitoring method of plug-in unit load, characteristic is, comprising:
Definition detection plug-in unit base class;
By inheriting the detection plugin library of the corresponding common Android application loophole of detection plug-in unit base class building, and store to this
Ground;
The newest detection plug-in unit list obtained according to timing from cloud server is updated local detection plugin library;
The related information parameters of the apk file of application to be detected are obtained, and are stored after being organized into dictionary of information format;
Dynamically load detects all plug-in units in plugin library;The related information parameters of afferent message dictionary format;
Successively execute each plug-in unit of loading.
2. the Android application safety monitoring method as described in claim 1 based on plug-in unit load, characteristic are, the detection
Member variable attribute in plug-in unit base class includes that plugin name, associated vulnerability number, plug-in version, testing result, plug-in unit are excellent
First grade, discovery quantity and detecting state.
3. the Android application safety monitoring method as described in claim 1 based on plug-in unit load, characteristic are, the acquisition
The related information parameters of the apk file of application to be detected, and stored after being organized into dictionary of information format, specifically:
The apk file of application to be detected is parsed, obtains and applies essential information;
Obtain to be detected apply in the information installed and starting operational process is related to;
Obtain the file attributes information of the apk file;
Tissue includes that the related information parameters using essential information, the information and the file attributes information are information word
It is stored after allusion quotation format.
4. the Android application safety monitoring method as claimed in claim 3 based on plug-in unit load, characteristic are, the parsing
The apk file of application to be detected obtains and applies essential information, specifically:
Extract the static information of the apk file of application to be detected;
File is described by the information of decompiling apk file acquisition application to be detected;
By parse the static information and the information describe file acquisition include application signature information, packet name, Apply Names,
The application essential information of permissions list information, module information and version information.
5. the Android application safety monitoring method as claimed in claim 3 based on plug-in unit load, characteristic are, the acquisition
It is to be detected to apply in the information installed and starting operational process is related to, specifically:
Initialize the installation and operation equipment of application to be detected;
The apk file of application to be detected is installed to the equipment, and starts operation;
Collect the apk file install and start operational process involved in information, the information include generate the file information,
Network request information, API Calls information and runnable interface screenshot.
6. the Android application safety monitoring method as claimed in claim 3 based on plug-in unit load, characteristic are, the file
Characteristic information includes application file path, md5 and file size.
7. the Android application safety monitoring method as described in claim 1 based on plug-in unit load, characteristic are, the dynamic
All plug-in units in load detection plugin library, specifically:
Being locally stored under catalogue in addition to _ _ init__.py and using .py as suffix of the detection plugin library is obtained by search
The file of name;
Using Python _ _ import__ () dynamically load described in all classes and its function performance in file, obtain corresponding
Each plug-in unit example;
Each plug-in unit example is stored to example list.
8. the Android application safety monitoring method as claimed in claim 7 based on plug-in unit load, characteristic is, it is described successively
The each plug-in unit being loaded into is executed, specifically:
The plug-in unit example in example list is taken out one by one, and the vul_ for calling taken out plug-in unit example is executed after taking-up
Check function;
Special loophole is carried out to the related information parameters of incoming dictionary of information format by the vul_check function currently called
It detects and returns to corresponding testing result.
9. the Android application safety monitoring method as described in claim 1 based on plug-in unit load, characteristic are, further includes:
Output test result report.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that described program is being located
When managing device execution, it is able to achieve the Android application safety monitoring based on plug-in unit load described in the claims 1-9 any one
The step of method is included.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910183861.0A CN109977670B (en) | 2019-03-12 | 2019-03-12 | Android application security monitoring method based on plug-in loading and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910183861.0A CN109977670B (en) | 2019-03-12 | 2019-03-12 | Android application security monitoring method based on plug-in loading and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109977670A true CN109977670A (en) | 2019-07-05 |
CN109977670B CN109977670B (en) | 2021-06-29 |
Family
ID=67078515
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910183861.0A Active CN109977670B (en) | 2019-03-12 | 2019-03-12 | Android application security monitoring method based on plug-in loading and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109977670B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110704035A (en) * | 2019-10-17 | 2020-01-17 | 北京首贝科技发展有限公司 | Plug-in type software architecture system and implementation method thereof |
CN111079150A (en) * | 2019-11-25 | 2020-04-28 | 哈尔滨安天科技集团股份有限公司 | Patch vulnerability risk assessment method and device, electronic equipment and storage medium |
CN111552524A (en) * | 2020-05-06 | 2020-08-18 | Oppo(重庆)智能科技有限公司 | Plug-in loading method and device and computer readable storage medium |
CN112100620A (en) * | 2020-09-04 | 2020-12-18 | 百度在线网络技术(北京)有限公司 | Code security detection method, device, equipment and readable storage medium |
CN112559083A (en) * | 2020-12-24 | 2021-03-26 | 成都新希望金融信息有限公司 | Function plug-in execution method and device, electronic equipment and storage medium |
CN113821797A (en) * | 2020-06-18 | 2021-12-21 | 中国电信股份有限公司 | Security detection method and device for software development kit and storage medium |
CN114217873A (en) * | 2021-12-14 | 2022-03-22 | 北京鲸鲮信息系统技术有限公司 | Plug-in determining method and device, electronic equipment and storage medium |
CN115333939A (en) * | 2022-07-27 | 2022-11-11 | 青岛海尔空调电子有限公司 | Operation control method, device and medium of internet of things gateway supporting edge computing |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7788602B2 (en) * | 2000-06-06 | 2010-08-31 | Microsoft Corporation | Method and system for providing restricted actions for recognized semantic categories |
CN102902908A (en) * | 2012-10-08 | 2013-01-30 | 北京奇虎科技有限公司 | Device and method for detecting security of free-of-installation Active X plug-in |
CN103106368A (en) * | 2013-02-26 | 2013-05-15 | 南京理工大学常熟研究院有限公司 | Vulnerability scanning method for grade protection |
CN103268444A (en) * | 2012-12-28 | 2013-08-28 | 武汉安天信息技术有限责任公司 | Android malicious code detection system and method based on plugin loading |
CN103377041A (en) * | 2012-04-24 | 2013-10-30 | 腾讯科技(深圳)有限公司 | Function bar achievement method and device |
CN104536733A (en) * | 2014-12-10 | 2015-04-22 | 广东欧珀移动通信有限公司 | Method for describing plug-in android package and mobile terminal |
CN104717301A (en) * | 2015-03-27 | 2015-06-17 | 北京奇虎科技有限公司 | Plug-in download method and device |
CN105095348A (en) * | 2015-06-09 | 2015-11-25 | 北京织星科技有限公司 | Method for dynamically configuring website through XML (Extensive Markup Language) |
CN105610776A (en) * | 2015-09-24 | 2016-05-25 | 中科信息安全共性技术国家工程研究中心有限公司 | Cloud calculating IaaS layer high risk safety loophole detection method and system thereof |
CN106020840A (en) * | 2016-05-31 | 2016-10-12 | 浪潮软件股份有限公司 | Device, system and method for constructing hybrid apk |
-
2019
- 2019-03-12 CN CN201910183861.0A patent/CN109977670B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7788602B2 (en) * | 2000-06-06 | 2010-08-31 | Microsoft Corporation | Method and system for providing restricted actions for recognized semantic categories |
CN103377041A (en) * | 2012-04-24 | 2013-10-30 | 腾讯科技(深圳)有限公司 | Function bar achievement method and device |
CN102902908A (en) * | 2012-10-08 | 2013-01-30 | 北京奇虎科技有限公司 | Device and method for detecting security of free-of-installation Active X plug-in |
CN103268444A (en) * | 2012-12-28 | 2013-08-28 | 武汉安天信息技术有限责任公司 | Android malicious code detection system and method based on plugin loading |
CN103106368A (en) * | 2013-02-26 | 2013-05-15 | 南京理工大学常熟研究院有限公司 | Vulnerability scanning method for grade protection |
CN104536733A (en) * | 2014-12-10 | 2015-04-22 | 广东欧珀移动通信有限公司 | Method for describing plug-in android package and mobile terminal |
CN104717301A (en) * | 2015-03-27 | 2015-06-17 | 北京奇虎科技有限公司 | Plug-in download method and device |
CN105095348A (en) * | 2015-06-09 | 2015-11-25 | 北京织星科技有限公司 | Method for dynamically configuring website through XML (Extensive Markup Language) |
CN105610776A (en) * | 2015-09-24 | 2016-05-25 | 中科信息安全共性技术国家工程研究中心有限公司 | Cloud calculating IaaS layer high risk safety loophole detection method and system thereof |
CN106020840A (en) * | 2016-05-31 | 2016-10-12 | 浪潮软件股份有限公司 | Device, system and method for constructing hybrid apk |
Non-Patent Citations (1)
Title |
---|
张卫丰等: "基于动态行为分析的网页木马检测方法", 《软件学报》 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110704035A (en) * | 2019-10-17 | 2020-01-17 | 北京首贝科技发展有限公司 | Plug-in type software architecture system and implementation method thereof |
CN111079150A (en) * | 2019-11-25 | 2020-04-28 | 哈尔滨安天科技集团股份有限公司 | Patch vulnerability risk assessment method and device, electronic equipment and storage medium |
CN111079150B (en) * | 2019-11-25 | 2023-09-05 | 安天科技集团股份有限公司 | Vulnerability risk assessment method and device for patch, electronic equipment and storage medium |
CN111552524A (en) * | 2020-05-06 | 2020-08-18 | Oppo(重庆)智能科技有限公司 | Plug-in loading method and device and computer readable storage medium |
CN111552524B (en) * | 2020-05-06 | 2023-10-13 | Oppo(重庆)智能科技有限公司 | Plug-in loading method and device and computer readable storage medium |
CN113821797A (en) * | 2020-06-18 | 2021-12-21 | 中国电信股份有限公司 | Security detection method and device for software development kit and storage medium |
CN112100620A (en) * | 2020-09-04 | 2020-12-18 | 百度在线网络技术(北京)有限公司 | Code security detection method, device, equipment and readable storage medium |
CN112100620B (en) * | 2020-09-04 | 2024-02-06 | 百度在线网络技术(北京)有限公司 | Code security detection method, apparatus, device and readable storage medium |
CN112559083A (en) * | 2020-12-24 | 2021-03-26 | 成都新希望金融信息有限公司 | Function plug-in execution method and device, electronic equipment and storage medium |
CN112559083B (en) * | 2020-12-24 | 2023-08-04 | 成都新希望金融信息有限公司 | Function plug-in execution method, device, electronic equipment and storage medium |
CN114217873A (en) * | 2021-12-14 | 2022-03-22 | 北京鲸鲮信息系统技术有限公司 | Plug-in determining method and device, electronic equipment and storage medium |
CN115333939A (en) * | 2022-07-27 | 2022-11-11 | 青岛海尔空调电子有限公司 | Operation control method, device and medium of internet of things gateway supporting edge computing |
Also Published As
Publication number | Publication date |
---|---|
CN109977670B (en) | 2021-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109977670A (en) | Android application safety monitoring method, storage medium based on plug-in unit load | |
US9811668B2 (en) | Multi-context exploit test management | |
US9792203B2 (en) | Isolated testing of distributed development projects | |
CN111240994B (en) | Vulnerability processing method and device, electronic equipment and readable storage medium | |
US8904353B1 (en) | Highly reusable test frameworks and tests for web services | |
US20120192153A1 (en) | Method and system for providing a testing framework | |
US20070266165A1 (en) | Test automation method for software programs | |
CN112650688B (en) | Automated regression testing method, associated device and computer program product | |
CN105704130A (en) | Electricity safety system based on wireless communication devices | |
CN103186463B (en) | Determine the method and system of the test specification of software | |
CN109992496A (en) | A kind of data processing method and device for automatic test | |
CN116880892A (en) | Tobacco industry enterprise application system source code control method | |
Hummer et al. | Testing of data‐centric and event‐based dynamic service compositions | |
CN111125066B (en) | Method and device for detecting functions of database auditing equipment | |
CN113535567A (en) | Software testing method, device, equipment and medium | |
CN109471646A (en) | A kind of upgrade method, device and the storage medium of the BMC version of server | |
CN116599881A (en) | Cloud platform tenant modeling test method, device, equipment and storage medium | |
US20220337620A1 (en) | System for collecting computer network entity information employing abstract models | |
CN114840429A (en) | Method, apparatus, device, medium and program product for identifying version conflicts | |
CN117009972A (en) | Vulnerability detection method, vulnerability detection device, computer equipment and storage medium | |
CN114942887A (en) | Program safety testing method, device, equipment and medium | |
Di Ruscio et al. | Simulating upgrades of complex systems: The case of Free and Open Source Software | |
Foganholi et al. | Supporting Technical Debt Cataloging with TD‐Tracker Tool | |
Kolb et al. | Nucleus-Unified Deployment and Management for Platform as a Service | |
Rôla | Dynamic security testing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |