CN110162479B - Abnormal application detection method and device and terminal equipment - Google Patents
Abnormal application detection method and device and terminal equipment Download PDFInfo
- Publication number
- CN110162479B CN110162479B CN201910455132.6A CN201910455132A CN110162479B CN 110162479 B CN110162479 B CN 110162479B CN 201910455132 A CN201910455132 A CN 201910455132A CN 110162479 B CN110162479 B CN 110162479B
- Authority
- CN
- China
- Prior art keywords
- application
- abnormal
- information
- abnormal application
- detection method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/3628—Software debugging of optimised code
Abstract
The application is suitable for the technical field of software, and provides an abnormal application detection method, an abnormal application detection device and terminal equipment, wherein the method comprises the following steps: acquiring the number of the debugging information of the installed application; and if the number of the debugging information exceeds a preset number threshold, judging that the application is abnormal. By the method, abnormal application can be timely and effectively detected.
Description
Technical Field
The application belongs to the technical field of software, and particularly relates to an abnormal application detection method, an abnormal application detection device, terminal equipment and a computer readable storage medium.
Background
At present, applications that can be installed in terminal devices (such as mobile phones and tablet computers) are more and more types, but since the installed applications are also likely to be abnormal applications, for example, applications that are likely to be invaded by viruses, in order to ensure safe operation of legal applications of the terminal devices, abnormality detection is required for the applications.
Taking an application of detecting virus intrusion as an example, in the existing method, an application file is generally matched with a virus file in a virus database, and if the application file is matched with a certain virus file in the virus database, the application is judged to be the application of virus intrusion. However, since the virus files stored in the virus database are generally hysteresis, the existing method still has difficulty in effectively detecting abnormal applications.
Therefore, a new method is needed to solve the above technical problems.
Disclosure of Invention
In view of the above, the embodiment of the application provides an abnormal application detection method, so as to solve the problem that in the prior art, abnormal applications are difficult to be effectively detected.
A first aspect of an embodiment of the present application provides an abnormal application detection method, including:
acquiring the number of the debugging information of the installed application;
and if the number of the debugging information exceeds a preset number threshold, judging that the application is abnormal.
A second aspect of an embodiment of the present application provides an abnormal application detection apparatus, including:
the number acquisition unit of the debug information is used for acquiring the number of the debug information of the installed application;
and the abnormal application judging unit is used for judging the application as an abnormal application if the number of the debugging information exceeds a preset number threshold value.
A third aspect of an embodiment of the present application provides a terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method according to the first aspect when executing the computer program.
A fourth aspect of the embodiments of the present application provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the method according to the first aspect.
Compared with the prior art, the embodiment of the application has the beneficial effects that:
because whether the application is an abnormal application is judged according to the number of the debug information instead of matching the debug information with pre-stored information to judge whether the application is the abnormal application, whether each application is the abnormal application can be judged without storing the debug information corresponding to different applications in advance, and therefore the abnormal application can be timely and effectively detected.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments or the description of the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a first abnormal application detection method provided by an embodiment of the present application;
FIG. 2 is a flowchart of a second method for detecting abnormal applications according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an abnormal application detection apparatus according to an embodiment of the present application;
fig. 4 is a schematic diagram of a terminal device according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, techniques, etc., in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
In order to illustrate the technical scheme of the application, the following description is made by specific examples.
It should be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
In particular implementations, the terminal devices described in embodiments of the present application include, but are not limited to, other portable devices such as mobile phones, laptop computers, or tablet computers having a touch-sensitive surface (e.g., a touch screen display and/or a touch pad). It should also be appreciated that in some embodiments, the above-described devices are not portable communication devices, but rather desktop computers having touch-sensitive surfaces (e.g., touch screen displays and/or touch pads).
In the following discussion, a terminal device including a display and a touch-sensitive surface is described. However, it should be understood that the terminal device may include one or more other physical user interface devices such as a physical keyboard, mouse, and/or joystick.
The terminal device supports various applications, such as one or more of the following: drawing applications, presentation applications, word processing applications, website creation applications, disk burning applications, spreadsheet applications, gaming applications, telephony applications, video conferencing applications, email applications, instant messaging applications, workout support applications, photo management applications, digital camera applications, digital video camera applications, web browsing applications, digital music player applications, and/or digital video player applications.
Various applications that may be executed on the terminal device may use at least one common physical user interface device such as a touch sensitive surface. One or more functions of the touch-sensitive surface and corresponding information displayed on the terminal may be adjusted and/or changed between applications and/or within the corresponding applications. In this way, the common physical architecture (e.g., touch-sensitive surface) of the terminal may support various applications with user interfaces that are intuitive and transparent to the user.
Embodiment one:
fig. 1 shows a flowchart of a first abnormal application detection method according to an embodiment of the present application, in this embodiment, an abnormality is detected on an application installed in a terminal device by the number of pieces of debug information of the application, which is described in detail as follows:
step S11, obtaining the number of the debug information of the installed application;
specifically, when the application is installed in the terminal device, an executable file, for example, a binary file executable by the virtual machine, which is recorded with debug information (debuginfo) will be generated.
In this step, the debug information of the application may be obtained directly from the executable binary file, thereby obtaining the number of debug information.
In some embodiments, since the executable binary file includes other information in addition to the debug information of the application, in order to be able to quickly acquire the debug information of the application, before step S11, it includes:
extracting debugging information from an executable file of an installed application, and recording the debugging information in a corresponding debugging information table, wherein the executable file is a file generated when the application is installed in terminal equipment;
correspondingly, the step S11 specifically includes:
and acquiring the number of the debugging information of the installed application according to the debugging information table.
In this embodiment, since the debug information is recorded in the debug information table in advance, it is not necessary to filter the information again, and thus the speed of acquiring the number of pieces of debug information can be increased. In this embodiment, the debug information of each installed application may be recorded in the same debug information table, the debug information of different applications may be distinguished by the unique identifier of the application, or each installed application may be respectively corresponding to each debug information table, and one debug information table records the debug information of one installed application.
In some embodiments, the suffix name of the executable file of the installed application is a dex, and in this case, the executable file is a dex file.
And step S12, judging that the application is abnormal if the number of the debugging information exceeds a preset number threshold.
The preset number threshold is a numerical value determined empirically.
In the step, according to experience summary of the inventor, if the number of the debug information exceeds a preset threshold value, the application is abnormal.
In the embodiment of the application, the number of the debugging information of the installed application is obtained, and if the number of the debugging information exceeds a preset threshold value, the application is judged to be an abnormal application. Because whether the application is an abnormal application is judged according to the number of the debug information instead of matching the debug information with pre-stored information to judge whether the application is the abnormal application, whether each application is the abnormal application can be judged without storing the debug information corresponding to different applications in advance, and therefore the abnormal application can be timely and effectively detected.
Embodiment two:
fig. 2 shows a flowchart of a second abnormal application detection method according to an embodiment of the present application, in this embodiment, executable files corresponding to the number of pieces of debug information not exceeding a preset number threshold are optimized, where step S21 and step S22 are the same as step S11 and step S12 of the first embodiment, respectively, and are not described herein again.
Step S21, obtaining the number of the debug information of the installed application;
step S22, if the number of the debug information exceeds a preset number threshold, judging that the application is abnormal.
Step S23, if the number of the debug information does not exceed a preset number threshold, optimizing the executable file.
The optimizing the executable file specifically comprises the following steps: the order of the data of the executable file is adjusted, for example, the frequently accessed data are closely arranged together, so that the called data can be ensured to be the data to be used.
In some embodiments, to reduce interference to the user, the executable file is optimized in the background.
In some embodiments, if the number of pieces of debug information exceeds a preset threshold, the executable file corresponding to the debug information is not optimized.
In the embodiment of the application, because the executable file corresponding to the debug information of which the number does not exceed the preset number threshold is optimized, the excessive memory occupied by the optimizing application process (the optimizing application process is dex2oat if the executable file is a dex file) is avoided, and thus the use of the clamping phenomenon caused by the excessive memory occupied can be avoided.
In some embodiments, to further avoid the use of the stuck phenomenon due to the optimization process, the step S23 includes:
and if the terminal equipment where the application is located is in an idle state and the number of the debugging information does not exceed a preset number threshold, optimizing the executable file.
Wherein the idle state includes any of the following: the black screen duration of the terminal equipment exceeds a preset duration threshold; the terminal device is charging and the foreground has no running application.
In this embodiment, the executable file is optimized only in the idle state, and the terminal device is not used by the user in the idle state, so that the influence on the user caused by the occupied memory in the optimization process can be avoided.
In some embodiments, to facilitate the repair of the abnormal application by the designated party in time, after the step S22 (or step S12), it includes:
and not optimizing the executable file, and feeding back information comprising the application as an abnormal application to a designated party.
In this embodiment, since the number of debug information of the abnormal application is greater than the preset threshold, the executable file determined to be the abnormal application is not optimized, so that the excessive memory occupation during optimization can be avoided. In addition, since the information including the application as the abnormal application is fed back to the appointed party, the appointed party is convenient to detect the application in time and repair the vulnerability of the application.
Further, the appointed party is a third party application, and at this time, the step of feeding back information including that the application is an abnormal application to the appointed party specifically includes:
and extracting information of the suspicious problem from the executable file, and feeding back the information comprising the application as an abnormal application and the information of the suspicious problem to a third party application.
In this embodiment, in order to facilitate the third party application to quickly determine the location where the problem occurs, information of the suspicious problem is extracted from the executable file, where the information of the suspicious problem includes information such as description of the problem and location, and the extracted information of the suspicious problem and information that the application is an abnormal application are fed back to the third party application together.
Of course, if the store server corresponding to the terminal device mounts the application determined to be the abnormal application, information of the application being the abnormal application is also transmitted to the store server so that the store server selects whether to mount the abnormal application.
In some embodiments, if the designated party application determines that the number of debug information of the generated application does not exceed the preset number threshold, that is, the application installed by the terminal device is an illegal application, in order to reduce a loss caused by using the application, the terminal device receives and displays an application re-downloading request sent by the designated party application (such as a store server), and if receiving the re-downloading approval information sent by the user, uninstalls the application determined to be an abnormal application and re-downloads the legal application. Wherein the downloaded legal application has the same application name as the abnormal application.
In this embodiment, since the designator performs the re-judgment on the application, the accuracy of the judgment result can be ensured, and at this time, the designator instructs the user to re-download the legal application, and the abnormal application is unloaded, so that the loss caused by the use of the abnormal application by the user is avoided.
In some embodiments, if the designated party application determines that the generated application is an abnormal application, in order to ensure smoothness of using the abnormal application by the user, the terminal device receives and displays an application upgrading request sent by the designated party application (such as a store server), and if receiving approval upgrading information sent by the user, upgrades the application determined to be the abnormal application.
In this embodiment, by upgrading the abnormal application, the problem existing in the abnormal application is solved, so that the use experience of the user is improved.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present application.
Embodiment III:
corresponding to the first and second embodiments, fig. 3 shows a schematic structural diagram of an abnormal application detection apparatus according to an embodiment of the present application, where the abnormal application detection apparatus is applied to a terminal device, and for convenience of explanation, only relevant parts of the embodiment are shown.
The abnormal application detection apparatus 3 includes: a number of pieces of debug information acquisition unit 31 and an abnormal application determination unit 32. Wherein:
a debug information number acquisition unit 31 for acquiring the number of debug information of an installed application;
specifically, when the application is installed in the terminal device, an executable file, for example, a binary file executable by the virtual machine, which is recorded with debug information (debuginfo) will be generated.
In some embodiments, since the executable binary file includes other information in addition to the debug information of the application, in order to be able to quickly acquire the debug information of the application, the abnormal application detecting apparatus 3 further includes:
the system comprises a debugging information recording unit, a debugging information processing unit and a debugging information processing unit, wherein the debugging information recording unit is used for extracting debugging information from an executable file of an installed application and recording the debugging information in a corresponding debugging information table, and the executable file is a file generated when the application is installed in terminal equipment;
correspondingly, the number of debug information obtaining unit 31 specifically includes:
and acquiring the number of the debugging information of the installed application according to the debugging information table.
In this embodiment, since the debug information is recorded in the debug information table in advance, it is not necessary to filter the information again, and thus the speed of acquiring the number of pieces of debug information can be increased. In this embodiment, the debug information of each installed application may be recorded in the same debug information table, the debug information of different applications may be distinguished by the unique identifier of the application, or each installed application may be respectively corresponding to each debug information table, and one debug information table records the debug information of one installed application.
In some embodiments, the suffix name of the executable file of the installed application is a dex, and in this case, the executable file is a dex file.
An abnormal application determining unit 32, configured to determine that the application is an abnormal application if the number of debug information exceeds a preset number threshold.
The preset number threshold is a numerical value determined empirically.
In the embodiment of the application, whether the application is an abnormal application is judged according to the number of the debug information instead of matching the debug information with the pre-stored information to judge whether the application is the abnormal application, so that whether each application is the abnormal application can be judged without storing the debug information corresponding to different applications in advance, and the abnormal application can be timely and effectively detected.
In some embodiments, the abnormal application detecting apparatus 3 further includes:
and the optimizing unit is used for optimizing the executable file if the number of the debugging information does not exceed a preset number threshold.
The optimizing the executable file specifically comprises the following steps: the order of the data of the executable file is adjusted, for example, the frequently accessed data are closely arranged together, so that the called data can be ensured to be the data to be used.
In some embodiments, to reduce interference to the user, the executable file is optimized in the background.
In some embodiments, the optimization unit further comprises: if the number of the debug information exceeds a preset number threshold, the executable file corresponding to the debug information is not optimized.
In this embodiment, since only executable files corresponding to debug information whose number does not exceed a preset number threshold are optimized, an excessive memory occupied by an optimization application process (if the executable files are dex files, the optimization application process is dex2 oat) is avoided, so that a use-stuck phenomenon caused by the excessive memory occupied can be avoided.
In some embodiments, to further avoid the use of a stuck phenomenon due to an optimization procedure, the optimization unit comprises:
and if the terminal equipment where the application is located is in an idle state and the number of the debugging information does not exceed a preset number threshold, optimizing the executable file.
Wherein the idle state includes any of the following: the black screen duration of the terminal equipment exceeds a preset duration threshold; the terminal device is charging and the foreground has no running application.
In some embodiments, in order to facilitate the repair of the abnormal application by the designated party in time, the abnormal application detection apparatus 3 further includes:
and the information feedback unit is used for not optimizing the executable file and feeding back the information comprising the abnormal application to a designated party.
In this embodiment, since the number of debug information of the abnormal application is greater than the preset threshold, the executable file determined to be the abnormal application is not optimized, so that the excessive memory occupation during optimization can be avoided. In addition, since the information including the application as the abnormal application is fed back to the appointed party, the appointed party is convenient to detect the application in time and repair the vulnerability of the application.
Further, the designating party is a third party application, and at this time, the information feedback unit feeds back information including that the application is an abnormal application to the designating party specifically includes:
and extracting information of the suspicious problem from the executable file, and feeding back the information comprising the application as an abnormal application and the information of the suspicious problem to a third party application.
In this embodiment, in order to facilitate the third party application to quickly determine the location where the problem occurs, information of the suspicious problem is extracted from the executable file, where the information of the suspicious problem includes information such as description of the problem and location, and the extracted information of the suspicious problem and information that the application is an abnormal application are fed back to the third party application together.
Of course, if the store server corresponding to the terminal device mounts the application determined to be the abnormal application, information of the application being the abnormal application is also transmitted to the store server so that the store server selects whether to mount the abnormal application.
In some embodiments, if the designated party application determines that the number of debug information of the generated application does not exceed the preset number threshold, that is, the application installed by the terminal device is an illegal application, in this case, in order to reduce a loss caused by using the application by a user, the abnormal application detection apparatus 3 further includes:
and the re-downloading unit is used for receiving and displaying an application re-downloading request sent by the application of the appointed party (such as a store server), and if receiving the re-downloading information sent by the user, unloading the application judged to be the abnormal application and re-downloading the legal application. Wherein the downloaded legal application has the same application name as the abnormal application.
In this embodiment, since the designator performs the re-judgment on the application, the accuracy of the judgment result can be ensured, and at this time, the designator instructs the user to re-download the legal application, and the abnormal application is unloaded, so that the loss caused by the use of the abnormal application by the user is avoided.
In some embodiments, if the designated party application determines that the generated application is an abnormal application, in order to ensure smoothness of using the abnormal application by the user, the abnormal application detection apparatus 3 further includes:
and the upgrading unit is used for receiving and displaying an application upgrading request sent by the application of the appointed party (such as a store server), and upgrading the application judged to be the abnormal application if upgrading agreement information sent by the user is received.
In this embodiment, by upgrading the abnormal application, the problem existing in the abnormal application is solved, so that the use experience of the user is improved.
Embodiment four:
fig. 4 is a schematic diagram of a terminal device according to an embodiment of the present application. As shown in fig. 4, the terminal device 4 of this embodiment includes: a processor 40, a memory 41 and a computer program 42 stored in the memory 41 and executable on the processor 40. The steps of the various method embodiments described above, such as steps S11 to S12 shown in fig. 1, are implemented when the processor 40 executes the computer program 42. Alternatively, the processor 40 may perform the functions of the modules/units of the apparatus embodiments described above, such as the functions of the modules 41 to 42 shown in fig. 4, when executing the computer program 42.
Illustratively, the computer program 42 may be partitioned into one or more modules/units that are stored in the memory 41 and executed by the processor 40 to complete the present application. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions for describing the execution of the computer program 42 in the terminal device 4. For example, the computer program 42 may be divided into a number of pieces of debug information acquisition unit and an abnormal application determination unit, each unit functioning specifically as follows:
the number acquisition unit of the debug information is used for acquiring the number of the debug information of the installed application;
and the abnormal application judging unit is used for judging the application as an abnormal application if the number of the debugging information exceeds a preset number threshold value.
The terminal device 4 may be a computing device such as a desktop computer, a notebook computer, a palm computer, a cloud server, etc. The terminal device may include, but is not limited to, a processor 40, a memory 41. It will be appreciated by those skilled in the art that fig. 4 is merely an example of the terminal device 4 and does not constitute a limitation of the terminal device 4, and may include more or less components than illustrated, or may combine certain components, or different components, e.g., the terminal device may further include an input-output device, a network access device, a bus, etc.
The processor 40 may be a central processing unit (Central Processing Unit, CPU), other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field-programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 41 may be an internal storage unit of the terminal device 4, such as a hard disk or a memory of the terminal device 4. The memory 41 may be an external storage device of the terminal device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the terminal device 4. Further, the memory 41 may also include both an internal storage unit and an external storage device of the terminal device 4. The memory 41 is used for storing the computer program as well as other programs and data required by the terminal device. The memory 41 may also be used for temporarily storing data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other manners. For example, the apparatus/terminal device embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical function division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated modules/units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (10)
1. An abnormal application detection method, comprising:
acquiring the number of the debugging information of the installed application;
if the number of the debug information exceeds a preset number threshold, judging that the application is abnormal; the abnormal application is an application invaded by viruses;
when the application is installed in the terminal device, an executable binary file is generated, and the executable binary file records debug information.
2. The abnormal application detection method according to claim 1, wherein the abnormal application detection method further comprises:
and if the number of the debug information does not exceed a preset number threshold, optimizing the executable file.
3. The abnormal application detection method of claim 2, wherein optimizing the executable file if the number of debug messages does not exceed a preset number threshold comprises:
and if the terminal equipment where the application is located is in an idle state and the number of the debugging information does not exceed a preset number threshold, optimizing the executable file.
4. The abnormal application detection method according to claim 1, comprising, after the determination that the application is an abnormal application:
and (3) not optimizing the executable file and feeding back information comprising the application as an abnormal application to a designated party.
5. The abnormal application detection method of claim 4, wherein the prescribing party is a third party application, and wherein the feeding back the information including the application as the abnormal application to the prescribing party specifically comprises:
and extracting information of the suspicious problem from the executable file, and feeding back the information comprising the application as an abnormal application and the information of the suspicious problem to a third party application.
6. The abnormal application detection method according to claim 1, comprising, before the acquiring the number of pieces of debug information of the installed application:
extracting debugging information from an executable file of an installed application, and recording the debugging information in a corresponding debugging information table, wherein the executable file is a file generated when the application is installed in terminal equipment;
correspondingly, the obtaining the number of the debug information of the installed application specifically comprises:
and acquiring the number of the debugging information of the installed application according to the debugging information table.
7. The abnormal application detection method according to any one of claims 1 to 6, wherein a suffix name of an executable file of the installed application is. Dex.
8. An abnormal application detection apparatus, characterized by comprising:
the number acquisition unit of the debug information is used for acquiring the number of the debug information of the installed application;
an abnormal application judging unit, configured to judge that the application is an abnormal application if the number of the debug information exceeds a preset number threshold; the abnormal application is an application invaded by viruses;
when the application is installed in the terminal device, an executable binary file is generated, and the executable binary file records debug information.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910455132.6A CN110162479B (en) | 2019-05-29 | 2019-05-29 | Abnormal application detection method and device and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910455132.6A CN110162479B (en) | 2019-05-29 | 2019-05-29 | Abnormal application detection method and device and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110162479A CN110162479A (en) | 2019-08-23 |
| CN110162479B true CN110162479B (en) | 2023-09-29 |
Family
ID=67629567
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910455132.6A Active CN110162479B (en) | 2019-05-29 | 2019-05-29 | Abnormal application detection method and device and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110162479B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014030035A1 (en) * | 2012-08-22 | 2014-02-27 | Freescale Semiconductor, Inc. | Method and system for obtaining run-time information associated with executing an executable |
| CN103902900A (en) * | 2013-05-03 | 2014-07-02 | 哈尔滨安天科技股份有限公司 | External extraction type detecting device and method for mobile terminal malicious code |
| WO2016054957A1 (en) * | 2014-10-10 | 2016-04-14 | 北京金山安全软件有限公司 | Application exception detection method, device and mobile terminal |
| CN109800159A (en) * | 2018-12-27 | 2019-05-24 | 百富计算机技术(深圳)有限公司 | Program debugging method, program debugging device, terminal device and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009205488A (en) * | 2008-02-28 | 2009-09-10 | Mitsubishi Electric Corp | Logging device and recording medium |
| CN102622297A (en) * | 2012-02-23 | 2012-08-01 | 北京航空航天大学 | Method for generating test cases for fuzz tool aiming at com component derivative function parameter space and binary data |
| CN105959462B (en) * | 2016-04-20 | 2019-09-17 | 深圳市万普拉斯科技有限公司 | Extremely the control method and system started |
| CN105959156A (en) * | 2016-06-29 | 2016-09-21 | 深圳市智汇十方科技有限公司 | Mobile terminal application exception processing method and system |
| CN109284217B (en) * | 2018-09-28 | 2023-01-10 | 平安科技(深圳)有限公司 | Application program exception handling method and device, electronic equipment and storage medium |
-
2019
- 2019-05-29 CN CN201910455132.6A patent/CN110162479B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014030035A1 (en) * | 2012-08-22 | 2014-02-27 | Freescale Semiconductor, Inc. | Method and system for obtaining run-time information associated with executing an executable |
| CN103902900A (en) * | 2013-05-03 | 2014-07-02 | 哈尔滨安天科技股份有限公司 | External extraction type detecting device and method for mobile terminal malicious code |
| WO2016054957A1 (en) * | 2014-10-10 | 2016-04-14 | 北京金山安全软件有限公司 | Application exception detection method, device and mobile terminal |
| CN109800159A (en) * | 2018-12-27 | 2019-05-24 | 百富计算机技术(深圳)有限公司 | Program debugging method, program debugging device, terminal device and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| Android手机安全检测与取证分析系统;孙润康;展娴;邵玉如;秦城;;信息网络安全(03);全文 * |
| The Oracle Problem in Software Testing: A Survey;Earl T. Barr等;《IEEE TRANSACTIONS ON SOFTWARE ENGINEERING》;第41卷(第5期);507-525 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110162479A (en) | 2019-08-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110225104B (en) | Data acquisition method and device and terminal equipment | |
| KR101928908B1 (en) | Systems and Methods for Using a Reputation Indicator to Facilitate Malware Scanning | |
| CN108427649B (en) | Access management method, terminal device, system and storage medium of USB interface | |
| CN110244963B (en) | Data updating method and device and terminal equipment | |
| CN108038112B (en) | File processing method, mobile terminal and computer readable storage medium | |
| CN108400868B (en) | Seed key storage method and device and mobile terminal | |
| CN107451244B (en) | Folder naming method, mobile terminal and computer readable storage medium | |
| CN110410353B (en) | Fan control method and device and terminal equipment | |
| CN107317928B (en) | Information processing method, mobile terminal and computer readable storage medium | |
| CN112612853A (en) | Data processing method and device based on database cluster and electronic equipment | |
| CN112506798A (en) | Performance test method, device, terminal and storage medium of block chain platform | |
| CN107368735B (en) | Application installation method, mobile terminal and computer readable storage medium | |
| CN107679222B (en) | Picture processing method, mobile terminal and computer readable storage medium | |
| CN109271266B (en) | File transmission method and device and terminal equipment | |
| CN109104481B (en) | File integrity detection method, file integrity detection device and terminal equipment | |
| CN110874729B (en) | Switching method and switching device for electronic red packet identification strategy and mobile terminal | |
| CN109492249B (en) | Rapid generation method and device of design drawing and terminal equipment | |
| CN110162479B (en) | Abnormal application detection method and device and terminal equipment | |
| CN108536512B (en) | Interface switching method and device and terminal equipment | |
| CN108520063B (en) | Event log processing method and device and terminal equipment | |
| CN108521460B (en) | Information pushing method and device, mobile terminal and computer readable storage medium | |
| CN107316197B (en) | Payment protection method, mobile terminal and computer readable storage medium | |
| CN108632366B (en) | File downloading method and device and terminal equipment | |
| CN110245016B (en) | Data processing method, system, device and terminal equipment | |
| CN108509111B (en) | Application notification method and device and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |