CN110311972B - Detection method, device, equipment and medium for application software distribution - Google Patents

Detection method, device, equipment and medium for application software distribution Download PDF

Info

Publication number
CN110311972B
CN110311972B CN201910570551.4A CN201910570551A CN110311972B CN 110311972 B CN110311972 B CN 110311972B CN 201910570551 A CN201910570551 A CN 201910570551A CN 110311972 B CN110311972 B CN 110311972B
Authority
CN
China
Prior art keywords
application software
attribute information
url
file
party server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910570551.4A
Other languages
Chinese (zh)
Other versions
CN110311972A (en
Inventor
刘海涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baidu Online Network Technology Beijing Co Ltd
Original Assignee
Baidu Online Network Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baidu Online Network Technology Beijing Co Ltd filed Critical Baidu Online Network Technology Beijing Co Ltd
Priority to CN201910570551.4A priority Critical patent/CN110311972B/en
Publication of CN110311972A publication Critical patent/CN110311972A/en
Application granted granted Critical
Publication of CN110311972B publication Critical patent/CN110311972B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Abstract

The embodiment of the invention discloses a detection method, a detection device, detection equipment and a detection medium for application software distribution. The method comprises the following steps: acquiring a URL of target application software from a target application software downloading request, wherein the URL carries a file downloading address and attribute information of the target application software; sending a target request to a third-party server of target application software according to the file download address, wherein the target request is used for indicating the third-party server to return the attribute information of the application software stored in the file download address; and comparing the attribute information carried in the URL with the attribute information returned by the third-party server, and judging whether the URL is tampered according to the comparison result. According to the embodiment of the invention, before the installation file package of the application software is downloaded to the terminal, the URL of the application software is subjected to security verification, and whether the URL is tampered or not is accurately and timely judged through the comparison of the attribute information of the application software, so that the application software is safely distributed.

Description

Detection method, device, equipment and medium for application software distribution
Technical Field
The embodiment of the invention relates to the technical field of information security, in particular to a detection method, a detection device, detection equipment and a detection medium for application software distribution.
Background
At present, various application software can be installed in the terminal to meet various requirements of users. There are many types of application software, and each type will correspond to many different application software, and the functional service requirements and functional details related to different application software will be different. When a user downloads, installs and uses application software with various functions, various pirate installation, advertisement disturbance or virus intrusion and other problems often occur after a plurality of software are installed.
At present, the problems are usually solved by manual database matching, namely, various high-quality third-party software versions are manually recorded into a database in advance, and whether the third-party software version to be downloaded is a high-quality version or not and whether advertisement harassment exists or not are identified by a method matched with the database. The method wastes human resources, is low in implementation efficiency, cannot perform security detection on the application software version if the database is not updated timely, and is low in accuracy and real-time performance of the security detection on the application software.
Disclosure of Invention
The embodiment of the invention provides a detection method, a detection device, detection equipment and a detection medium for application software distribution, so that the safety and the accuracy of application software can be accurately and efficiently detected in real time.
In a first aspect, an embodiment of the present invention provides a detection method for application software distribution, where the method includes:
acquiring a URL of target application software from a target application software downloading request, wherein the URL carries a file downloading address and attribute information of the target application software;
sending a target request to a third-party server according to the file download address, wherein the target request is used for indicating the third-party server to return attribute information of the application software stored in the file download address;
and comparing the attribute information carried in the URL with the attribute information returned by the third-party server, and judging whether the URL is tampered according to a comparison result.
In a second aspect, an embodiment of the present invention provides a detection apparatus for application software distribution, where the apparatus includes:
the URL acquisition module is used for acquiring the URL of the target application software from the target application software downloading request, wherein the URL carries the file downloading address and the attribute information of the target application software;
the target request sending module is used for sending a target request to a third-party server according to the file downloading address, wherein the target request is used for indicating the third-party server to return the attribute information of the application software stored in the file downloading address;
and the attribute information comparison module is used for comparing the attribute information carried in the URL with the attribute information returned by the third-party server and judging whether the URL is tampered according to a comparison result.
In a third aspect, an embodiment of the present invention further provides an apparatus, where the apparatus includes:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a detection method for application software distribution as described in any of the embodiments of the present invention.
In a fourth aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements the detection method for application software distribution according to any one of the embodiments of the present invention.
In the embodiment of the invention, the URL of the application software is obtained from the downloading request of the target application software, the URL comprises the file downloading address and the attribute information of the target application software, the attribute information of the application software stored under the downloading address is requested to return to the third-party server according to the file downloading address, and the attribute information contained in the URL is compared with the attribute information returned by the third-party server to determine whether the URL is falsified, so that the URL is detected safely before a terminal downloads and obtains the file package of the target application software, the phenomenon that the file package obtained according to the file downloading address in the URL is an error file package due to the fact that the URL is falsified is prevented, the downloading of pirated software and harassing advertisements is prevented, early warning reminding of risk advertisements is realized, and the influence on the normal downloading of the application software required by a user is avoided.
Drawings
FIG. 1 is a flowchart of a detection method for application software distribution according to a first embodiment of the present invention;
FIG. 2 is a flowchart of a detection method for application software distribution according to a second embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a detection apparatus for application software distribution according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an apparatus in the fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures associated with the present invention are shown in the drawings, not all of them.
Example one
Fig. 1 is a flowchart of a detection method for application software distribution in one embodiment of the present invention. The detection method for application software distribution provided in this embodiment may be applicable to a case where application software is detected when a terminal downloads the application software, and the method may be specifically executed by a detection apparatus for application software distribution, where the apparatus may be implemented by software and/or hardware, the apparatus may be integrated in a device, and the device may be a terminal or a server, with reference to fig. 1, and the method according to the embodiment of the present invention specifically includes:
s110, obtaining the URL of the target application software from the target application software downloading request, wherein the URL carries the file downloading address and the attribute information of the target application software.
The target application software is selected by a user for selecting operation on a terminal display interface, or the target application software is input by the user through a search box. For example, a name list, icons, function profiles, and the like of each application software are displayed on a display interface of the terminal, and the user selects the application software that the user needs to download by touch operation or click operation to determine the target application software. Alternatively, the user inputs the application software that he or she needs to download through a search box displayed on the terminal to determine the target application software.
A URL (Uniform Resource Locator) is an address of a standard Resource on the internet. Each file on the internet has a unique URL that contains information indicating the location of the file and how the browser should handle it. And when the terminal responds to the operation of the user, determining the target application software required to be downloaded by the user and generating an application software downloading request, and the terminal acquires the URL of the target application software according to the request so as to download the target application software. In another embodiment, after the terminal generates a target application software downloading request, the terminal sends the request to the server, and the server executes the method of the embodiment of the present invention to obtain the URL of the target application software and execute the subsequent operations. In this embodiment, the file package of the target application software is also finally issued to the terminal via the server to complete the download request of the terminal.
The URL carries the file downloading address and the attribute information of the target application software, and the target application software can be downloaded through the file downloading address. Wherein the attribute information includes at least one of a file type, a file name, and a file size, and is used for reflecting information of the target application software. Optionally, the attribute information in the URL may be configured by a technician in a customized manner, for example, the attribute information in the URL may further include information such as a version, an icon, a game category, update time, and a type of an applicable system of the target application software, which is not limited in this embodiment of the present invention.
And S120, sending a target request to a third-party server according to the file download address, wherein the target request is used for indicating the third-party server to return the attribute information of the application software stored in the file download address.
The third-party server is a server for providing the application software stored under the file downloading address. After receiving the target application software downloading request, the terminal or the server according to the embodiment of the present invention may determine, according to the file downloading address, a third-party server corresponding to the file downloading address, so as to send the target request to the third-party server, and request the third-party server to return information of the application software stored in the file downloading address. If the URL is tampered, the file download address is likely to be an incorrect file download address, the application software data downloaded through the file download address is not the data of the target application software, however, the attribute information in the URL may not be changed and still is the attribute information of the target application software, and if the file package of the application software is directly returned through the third-party server according to the file download address in the URL, the user may misunderstand that the file package is the file package of the target application software and install the file package on the terminal, which results in an incorrect installation of the application software.
Therefore, in the embodiment of the present invention, the file package of the application software is not directly returned according to the file download address request in the URL, but a pre-request is first performed, that is, the third-party server is requested to return the attribute information of the application software stored in the file download address through the file download address, and the security of the information contained in the URL is determined according to the attribute information returned by the third-party server, so that the file package downloaded through the file download address is prevented from being an erroneous file package, the memory is occupied, the download efficiency of the target application software is prevented from being affected, and viruses exist in the erroneous file package, which threatens the security of the terminal.
S130, comparing the attribute information carried in the URL with the attribute information returned by the third-party server, and judging whether the URL is tampered according to a comparison result.
Specifically, if the URL is tampered with, the file download address may be tampered with as an incorrect file download address, instead of the file download address corresponding to the target application software, and the attribute information may still be the attribute information of the target application software, so that the user mistakenly recognizes that the attribute information of the application software stored under the file download address corresponds to the attribute information of the target application software in the URL, in the embodiment of the present invention, the terminal or the server receives the attribute information of the application software stored under the file download address returned by the third party server, compares the attribute information with the attribute information in the URL, and if the attribute information carried in the URL is consistent with the attribute information returned by the third party server, it is determined that the application software stored under the file download address in the URL is the target application software that the user needs to download, and the file downloading address in the URL is the correct file downloading address of the target application software. If the attribute information carried by the URL is inconsistent with the attribute information returned by the third-party server, the file downloading address in the URL is an erroneous file downloading address, the file downloading address is not the file downloading address of the target application software, and the URL is tampered. The terminal or the server determines whether the URL is falsified by judging the attribute information without downloading the file package and carrying out security detection through the file package, so that the security of the URL is detected before an error file package is downloaded to the terminal, the condition that the URL is falsified is timely judged, the problem that the downloading efficiency of target application software is influenced by the fact that the memory is occupied by error downloading caused by directly downloading the file package is prevented, and the problem that the terminal is invaded by viruses due to the existence of the viruses in the directly downloaded file package is prevented.
Optionally, the target application software downloading request further includes user feature information for initiating the target application software request and a search term for the target application software request; correspondingly, the method further comprises the following steps: and acquiring other recommended application software downloading links for the user based on a recommendation algorithm by combining the user characteristic information and the search terms.
Specifically, when a user searches for a target application software, the user may be interested in the same type of application software similar to the target application software, so that user characteristic information, such as personalized data of a user portrait and the like, can be acquired, and download links of other application software are acquired based on a recommendation algorithm in combination with search words input by the user, and relevant application software is recommended to the user for the user to select to download. Any recommendation algorithm available in the prior art may be used as the recommendation algorithm, which is not limited in this embodiment of the present invention. In another implementation, the server may obtain the other application software download links, issue them to the terminal, and display them by the terminal for selection by the user.
According to the technical scheme of the embodiment of the invention, the URL of the application software is obtained from the downloading request of the target application software, the URL comprises the file downloading address and the attribute information of the target application software, the attribute information of the application software stored under the downloading address is requested to return to the third-party server according to the file downloading address, and the attribute information contained in the URL is compared with the attribute information returned by the third-party server to determine whether the URL is falsified, so that the URL is detected in safety and accuracy before the terminal downloads and obtains the file package of the target application software, the file package obtained according to the file downloading address in the URL is prevented from being falsified into an error file package, pirated software and harassing advertisements are prevented from being downloaded, early warning and reminding of risk advertisements are realized, and normal downloading of the application software required by a user is prevented from being influenced.
Example two
Fig. 2 is a flowchart of a detection method for application software distribution in the second embodiment of the present invention. The present embodiment is optimized based on the above embodiments, and details not described in detail in the present embodiment are described in the above embodiments. Referring to fig. 2, the detection method for application software distribution provided by this embodiment may include:
s210, obtaining a URL of the target application software from the target application software downloading request, wherein the URL carries a file downloading address and attribute information of the target application software.
S220, sending a target request to a third-party server according to the file download address, and receiving attribute information, a header file and a file package of the application software stored under the file download address returned by the third-party server.
The target request is used for indicating the third-party server to return attribute information of the application software stored under the file download address, indicating the third-party server to return a header file of the application software stored under the file download address, and indicating the third-party server to return a file package of the application software stored under the file download address; and the header file comprises original attribute information of the application software stored under the file download address.
Specifically, after a target request is sent to a third-party server, the third-party server returns attribute information, a header file and a file package of application software stored under a file download address according to the target request, and the terminal or the server receives the attribute information, the header file and the file package returned by the third-party server, so that the safety and the accuracy of the URL can be detected according to the attribute information, the header file and the file package returned by the third-party server.
S230, comparing the attribute information carried in the URL with the attribute information returned by the third-party server, and judging whether the URL is tampered according to a comparison result; if yes, go to step S290, otherwise, go to step S240.
Specifically, when determining whether the URL is tampered with according to the attribute information returned by the third-party server, a situation may occur that the third-party server does not return the attribute information, or the returned attribute information is also tampered, or misjudged.
S240, analyzing the header file to obtain the original attribute information.
Specifically, after receiving the header file, the terminal or the server in the embodiment of the present invention analyzes the header file by an analysis method matched with the file format of the header file to obtain the original attribute information included in the header file, where the original attribute information is the original attribute information of the application software stored in the file download address.
S250, comparing the attribute information carried in the URL with the original attribute information, judging whether the URL is tampered according to a comparison result, if so, executing S290, and if not, executing S260.
Specifically, the original attribute information returned by the third-party server is compared with the attribute information carried in the URL, and if the original attribute information returned by the third-party server is consistent with the attribute information carried in the URL, it is indicated that the original attribute information returned by the third-party server is the attribute information of the target application software, so that it can be determined that the URL is not tampered, and the file download address in the URL is the download address of the target application software. If the original attribute information returned by the third-party server is inconsistent with the attribute information carried in the URL, the original attribute information returned by the third-party server is not the attribute information of the target application software, and the application software stored under the file download address is not the target application software, so that the URL is judged to be tampered.
And when the URL is judged not to be tampered, in order to further verify the authenticity and accuracy of the judgment, carrying out security and accuracy detection on the URL according to a file package returned by the third-party server.
And S260, analyzing the file package to acquire the real attribute information recorded in the file package.
The real attribute information is the real attribute information of the application software stored under the file download address, and the possibility that the real attribute information is tampered is almost zero. Specifically, the file package is analyzed according to the manifest software, real attribute information recorded in the file package is obtained, and the safety and accuracy of the URL are detected through the real attribute information.
S270, judging whether the URL is tampered or not by comparing the attribute information carried in the URL with the real attribute information; if so, go to S290, otherwise, go to S280.
Specifically, the real attribute information returned by the third-party server is compared with the attribute information carried in the URL, and if the real attribute information returned by the third-party server is consistent with the attribute information carried in the URL, it is indicated that the real attribute information returned by the third-party server is the attribute information of the target application software, so that it can be determined that the URL is not tampered, and the file download address in the URL is the download address of the target application software. If the real attribute information returned by the third-party server is inconsistent with the attribute information carried in the URL, the fact that the real attribute information returned by the third-party server is not the attribute information of the target application software is shown, the application software stored under the file download address is not the target application software, and the obtained file package is not the file package of the target application software, so that the URL is judged to be tampered.
S280, installing the target application software according to the file package of the application software stored under the file download address returned by the third-party server.
If the URL is judged not to be tampered, in one implementation mode, the terminal can directly install the target application software according to the file package of the application software stored under the file download address returned by the third-party equipment, and in another implementation mode, the server issues the file package to the terminal and the terminal installs the file package. Moreover, only if the URL is finally determined not to have been tampered with, the end user is allowed to download and use it.
And S290, acquiring an official download link or an authenticated download link of the target application software.
If the URL is judged to be tampered, in one implementation mode, the terminal acquires a correct official download link or an authenticated download link of the target application software, and in another implementation mode, the server acquires the download link and issues the download link to the terminal, so that the terminal downloads the target application software according to the correct link. The official download link and the authenticated download link can be a pre-stored correct download link corresponding to the target application software, and can also be acquired from an official website in real time.
It should be noted that, in the embodiment of the present invention, a detailed description is only given for a case where the URL is performed on the attribute information, the original attribute information, and the real attribute information returned by the third-party server, and in a specific implementation, the order of S230, S240-S250, and S260-S270 is not limited, that is, the order of three operations, i.e., comparing the attribute information returned by the third-party server with the attribute information carried by the URL to determine whether the URL is tampered, comparing the original attribute information returned by the third-party server with the attribute information carried by the URL to determine whether the URL is tampered, and comparing the real attribute information returned by the third-party server with the attribute information carried by the URL to determine whether the URL is tampered is not limited.
Optionally, the target request may also be for at least one of: and instructing the third-party server to return attribute information of the application software stored under the file download address, instructing the third-party server to return a header file of the application software stored under the file download address, instructing the third-party server to return a file package of the application software stored under the file download address, and verifying the safety and the accuracy of the URL according to the content returned by the third-party server.
Optionally, a target request for instructing the third-party server to return the attribute information of the application software stored in the file download address may be sent to the third-party server, the attribute information returned by the third-party server is compared with the attribute information carried by the URL to determine whether the URL is tampered, so that the security and accuracy of the URL are determined in the shortest time, the detection efficiency is improved, the waiting time of the user is reduced, when it is determined that the URL is not tampered, the target request for instructing the third-party server to return the header file of the application software stored in the file download address is sent to the third-party server, the original attribute information contained in the header file returned by the third-party server is compared with the attribute information carried by the URL to determine whether the URL is tampered, so as to further detect the security of the URL under the condition that the download time is saved, and when the URL is judged not to be tampered, sending a target request for indicating the third-party server to return the file package of the application software stored under the file download address to the third-party server, and comparing the real attribute information contained in the file package returned by the third-party server with the attribute information carried by the URL to judge whether the URL is tampered, so that the safety of the URL is detected more comprehensively to ensure the accuracy of detection. Because the time required for returning the attribute information is shortest through the third-party server, the time required for returning the header file is second, and the time required for returning the file packet is longest, the scheme of the sequence can be adopted, so that the safety and the accuracy of the URL can be detected by using the shortest time, and the waiting time of a user is reduced. It should be noted that, a technician may also adjust the request sending time sequence and the comparison and judgment sequence with different functions, and the embodiment of the present invention is not limited in particular.
According to the technical scheme of the embodiment of the invention, the request is sent to the third-party server, the attribute information, the original attribute information and the real attribute information returned by the third-party server are received, and the attribute information, the original attribute information and the real attribute information are compared, so that whether the URL is falsified is judged, the safety and the accuracy of the URL are detected more comprehensively, the application software downloaded from the terminal is ensured to be the target application software required by a user, and the condition of misjudgment is prevented.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a detection apparatus for distributing application software according to a third embodiment of the present invention. The device is suitable for detecting the application software when the terminal downloads the application software, can be realized in a software and/or hardware mode, can be integrated in equipment, and can be a terminal or a server. Referring to fig. 3, the apparatus specifically includes:
the URL obtaining module 310 is configured to obtain a URL of the target application software from the target application software downloading request, where the URL carries a file downloading address and attribute information of the target application software;
a target request sending module 320, configured to send a target request to a third-party server according to the file download address, where the target request is used to instruct the third-party server to return attribute information of the application software stored in the file download address;
and the attribute information comparison module 330 is configured to compare the attribute information carried in the URL with the attribute information returned by the third-party server, and determine whether the URL is tampered according to a comparison result.
Optionally, the attribute information includes at least one of a file type, a file name, and a file size.
Optionally, the target request is further configured to instruct the third-party server to return a header file of the application software stored in the file download address, where the header file includes original attribute information of the application software stored in the file download address;
correspondingly, the device further comprises:
the analysis module is used for analyzing the header file to acquire the original attribute information;
and the original attribute information comparison module is used for comparing the attribute information carried in the URL with the original attribute information and judging whether the URL is tampered according to a comparison result.
Optionally, the target request is further configured to instruct the third-party server to return a file package of the application software stored in the file download address;
correspondingly, the device further comprises:
the real attribute information acquisition module is used for analyzing the file package and acquiring real attribute information recorded in the file package;
and the real attribute information comparison module is used for judging whether the URL is tampered by comparing the attribute information carried in the URL with the real attribute information.
Optionally, the apparatus further comprises:
and the providing module is used for acquiring an official download link or an authenticated download link of the target application software if the URL is judged to be tampered.
Optionally, the target application software downloading request further includes user feature information for initiating the request and a search term for the request;
correspondingly, the device further comprises:
and the recommending module is used for combining the user characteristic information and the search words and acquiring downloading links of other application software recommended for the user based on a recommending algorithm.
According to the technical scheme of the embodiment of the invention, a URL acquisition module acquires the URL of target application software from a target application software downloading request, wherein the URL carries a file downloading address and attribute information of the target application software; the request sending module sends a target request to a third-party server according to the file downloading address, wherein the target request is used for indicating the third-party server to return the attribute information of the application software stored in the file downloading address; and the attribute information comparison module compares the attribute information carried in the URL with the attribute information returned by the third-party server, and judges whether the URL is tampered according to a comparison result. The method and the device have the advantages that the safety detection of the URL is realized before the terminal downloads and acquires the file package of the target application software, so that the file package acquired according to the file download address in the URL is prevented from being an error file package due to the fact that the URL is tampered, pirated software and harassing advertisement downloading are prevented, early warning reminding of risk advertisements is realized, and normal downloading of the application software required by a user is prevented from being influenced.
Example four
Fig. 4 is a schematic structural diagram of an apparatus according to a fourth embodiment of the present invention. FIG. 4 illustrates a block diagram of an exemplary device 412 suitable for use in implementing embodiments of the present invention. The device 412 shown in fig. 4 is only an example and should not impose any limitation on the functionality or scope of use of embodiments of the present invention.
As shown in FIG. 4, device 412 is in the form of a general purpose computing device. The components of device 412 may include, but are not limited to: one or more processors or processors 416, a system memory 428, and a bus 418 that couples the various system components (including the system memory 428 and the processors 416).
Bus 418 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Device 412 typically includes a variety of computer system readable storage media. These storage media may be any available storage media that can be accessed by device 412 and includes both volatile and nonvolatile storage media, removable and non-removable storage media.
The system memory 428 may include computer system readable storage media in the form of volatile memory, such as Random Access Memory (RAM)430 and/or cache memory 432. The device 412 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 434 may be used to read from and write to non-removable, nonvolatile magnetic storage media (not shown in FIG. 4, commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical storage medium) may be provided. In these cases, each drive may be connected to bus 418 by one or more data storage media interfaces. Memory 428 can include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 440 having a set (at least one) of program modules 442 may be stored, for instance, in memory 428, such program modules 462 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 462 generally perform the functions and/or methodologies of the described embodiments of the invention.
The device 412 may also communicate with one or more external devices 414 (e.g., keyboard, pointing device, display 426, etc.), with one or more devices that enable a user to interact with the device 412, and/or with any devices (e.g., network card, modem, etc.) that enable the device 412 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 422. Also, the device 412 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) through the network adapter 420. As shown, network adapter 420 communicates with the other modules of device 412 over bus 418. It should be appreciated that although not shown in FIG. 4, other hardware and/or software modules may be used in conjunction with device 412, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processor 416 executes various functional applications and data processing by executing at least one of other programs in the plurality of programs stored in the system memory 428, for example, to implement a detection method for application software distribution provided by the embodiment of the present invention, including:
acquiring a URL of target application software from a target application software downloading request, wherein the URL carries a file downloading address and attribute information of the target application software;
sending a target request to a third-party server according to the file download address, wherein the target request is used for indicating the third-party server to return attribute information of the application software stored in the file download address;
and comparing the attribute information carried in the URL with the attribute information returned by the third-party server, and judging whether the URL is tampered according to a comparison result.
EXAMPLE five
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a detection method for application software distribution, where the detection method includes:
acquiring a URL of target application software from a target application software downloading request, wherein the URL carries a file downloading address and attribute information of the target application software;
sending a target request to a third-party server according to the file download address, wherein the target request is used for indicating the third-party server to return attribute information of the application software stored in the file download address;
and comparing the attribute information carried in the URL with the attribute information returned by the third-party server, and judging whether the URL is tampered according to a comparison result.
Computer storage media for embodiments of the present invention can take the form of any combination of one or more computer-readable storage media. The computer readable storage medium may be a computer readable signal storage medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In embodiments of the invention, the computer readable storage medium may be any tangible storage medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal storage medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal storage medium may also be any computer readable storage medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable storage medium may be transmitted using any appropriate storage medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or device. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (8)

1. A detection method for application software distribution, the method comprising:
acquiring a URL of target application software from a target application software downloading request, wherein the URL carries a file downloading address and attribute information of the target application software;
sending a target request to a third-party server according to the file download address, wherein the target request is used for indicating the third-party server to return attribute information of the application software stored in the file download address;
comparing the attribute information carried in the URL with the attribute information returned by the third-party server, and judging whether the URL is tampered according to a comparison result;
the target request is also used for indicating the third-party server to return a header file of the application software stored under the file downloading address, wherein the header file contains original attribute information of the application software stored under the file downloading address;
correspondingly, after the target request is sent to the third-party server according to the file downloading address, the method further includes:
analyzing the header file to obtain the original attribute information;
and comparing the attribute information carried in the URL with the original attribute information, and judging whether the URL is tampered according to a comparison result.
2. The method of claim 1, wherein the attribute information comprises at least one of a file type, a file name, and a file size.
3. The method of claim 1, wherein the target request is further used to instruct the third-party server to return a package of files of application software stored under the file download address;
correspondingly, after the target request is sent to the third-party server according to the file downloading address, the method further includes:
analyzing the file package to acquire real attribute information recorded in the file package;
and judging whether the URL is tampered or not by comparing the attribute information carried in the URL with the real attribute information.
4. The method according to any one of claims 1-3, further comprising:
and if the URL is judged to be tampered, acquiring an official download link or an authenticated download link of the target application software.
5. The method according to any one of claims 1-3, wherein the target application software download request further comprises user characteristic information for initiating the target application software download request and a search word for the target application software download request;
correspondingly, the method further comprises the following steps:
and acquiring other recommended application software downloading links for the user based on a recommendation algorithm by combining the user characteristic information and the search terms.
6. A detection apparatus for application software distribution, the apparatus comprising:
the URL acquisition module is used for acquiring the URL of the target application software from the target application software downloading request, wherein the URL carries the file downloading address and the attribute information of the target application software;
the target request sending module is used for sending a target request to a third-party server according to the file downloading address, wherein the target request is used for indicating the third-party server to return the attribute information of the application software stored in the file downloading address;
the attribute information comparison module is used for comparing the attribute information carried in the URL with the attribute information returned by the third-party server and judging whether the URL is tampered according to a comparison result;
the target request is also used for indicating the third-party server to return a header file of the application software stored under the file downloading address, wherein the header file contains original attribute information of the application software stored under the file downloading address;
correspondingly, the device further comprises:
the analysis module is used for analyzing the header file to acquire the original attribute information;
and the original attribute information comparison module is used for comparing the attribute information carried in the URL with the original attribute information and judging whether the URL is tampered according to a comparison result.
7. An apparatus, characterized in that the apparatus comprises:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a detection method for application software distribution as claimed in any one of claims 1-5.
8. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out a detection method for application software distribution according to any one of claims 1 to 5.
CN201910570551.4A 2019-06-27 2019-06-27 Detection method, device, equipment and medium for application software distribution Active CN110311972B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910570551.4A CN110311972B (en) 2019-06-27 2019-06-27 Detection method, device, equipment and medium for application software distribution

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910570551.4A CN110311972B (en) 2019-06-27 2019-06-27 Detection method, device, equipment and medium for application software distribution

Publications (2)

Publication Number Publication Date
CN110311972A CN110311972A (en) 2019-10-08
CN110311972B true CN110311972B (en) 2022-02-22

Family

ID=68076839

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910570551.4A Active CN110311972B (en) 2019-06-27 2019-06-27 Detection method, device, equipment and medium for application software distribution

Country Status (1)

Country Link
CN (1) CN110311972B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111177566B (en) * 2020-01-02 2023-06-23 北京字节跳动网络技术有限公司 Information processing method, device, electronic equipment and storage medium
CN113535189A (en) * 2020-04-17 2021-10-22 深圳市帕尔卡科技有限公司 Application installation method for preventing network hijacking
CN114172689B (en) * 2021-11-11 2023-11-28 卓尔智联(武汉)研究院有限公司 Information processing method and equipment

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155117A (en) * 2006-09-15 2008-04-02 索尼株式会社 Information processing equipment, download method, download breaking method and download recovering method
CN102655512A (en) * 2011-03-01 2012-09-05 腾讯科技(深圳)有限公司 Mobile equipment-based downloading method and system
CN104079673A (en) * 2014-07-30 2014-10-01 北京奇虎科技有限公司 Method, device and system for preventing DNS hijack during application download
CN105589719A (en) * 2015-12-17 2016-05-18 广州汽车集团股份有限公司 System for remotely upgrading full vehicle-mounted controller softwares and upgrading method thereof
CN105700906A (en) * 2014-11-29 2016-06-22 海思光电子有限公司 Software upgrading method of optical module, and relevant equipment and system
CN105897911A (en) * 2016-05-20 2016-08-24 广州优视网络科技有限公司 File downloading method and device and user terminal
CN106101289A (en) * 2016-08-24 2016-11-09 珠海市魅族科技有限公司 A kind of document down loading method, terminal, server and system
CN106709323A (en) * 2015-11-12 2017-05-24 中兴通讯股份有限公司 Method and apparatus for identifying cloaked downloading link
CN106776663A (en) * 2015-11-25 2017-05-31 腾讯科技(深圳)有限公司 The compression method and device of audio file
CN106953898A (en) * 2017-02-28 2017-07-14 腾讯科技(深圳)有限公司 A kind of method and apparatus for obtaining software kit
CN108549826A (en) * 2018-03-30 2018-09-18 努比亚技术有限公司 Method of calibration, terminal, server and the readable storage medium storing program for executing of application program
CN108965486A (en) * 2018-10-08 2018-12-07 深圳市创维软件有限公司 A kind of document down loading method, system, server and storage medium

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155117A (en) * 2006-09-15 2008-04-02 索尼株式会社 Information processing equipment, download method, download breaking method and download recovering method
CN102655512A (en) * 2011-03-01 2012-09-05 腾讯科技(深圳)有限公司 Mobile equipment-based downloading method and system
CN104079673A (en) * 2014-07-30 2014-10-01 北京奇虎科技有限公司 Method, device and system for preventing DNS hijack during application download
CN105700906A (en) * 2014-11-29 2016-06-22 海思光电子有限公司 Software upgrading method of optical module, and relevant equipment and system
CN106709323A (en) * 2015-11-12 2017-05-24 中兴通讯股份有限公司 Method and apparatus for identifying cloaked downloading link
CN106776663A (en) * 2015-11-25 2017-05-31 腾讯科技(深圳)有限公司 The compression method and device of audio file
CN105589719A (en) * 2015-12-17 2016-05-18 广州汽车集团股份有限公司 System for remotely upgrading full vehicle-mounted controller softwares and upgrading method thereof
CN105897911A (en) * 2016-05-20 2016-08-24 广州优视网络科技有限公司 File downloading method and device and user terminal
CN106101289A (en) * 2016-08-24 2016-11-09 珠海市魅族科技有限公司 A kind of document down loading method, terminal, server and system
CN106953898A (en) * 2017-02-28 2017-07-14 腾讯科技(深圳)有限公司 A kind of method and apparatus for obtaining software kit
CN108549826A (en) * 2018-03-30 2018-09-18 努比亚技术有限公司 Method of calibration, terminal, server and the readable storage medium storing program for executing of application program
CN108965486A (en) * 2018-10-08 2018-12-07 深圳市创维软件有限公司 A kind of document down loading method, system, server and storage medium

Also Published As

Publication number Publication date
CN110311972A (en) 2019-10-08

Similar Documents

Publication Publication Date Title
CN110311972B (en) Detection method, device, equipment and medium for application software distribution
US10904286B1 (en) Detection of phishing attacks using similarity analysis
CN109376078B (en) Mobile application testing method, terminal equipment and medium
CN113489713B (en) Network attack detection method, device, equipment and storage medium
CN109359194B (en) Method and apparatus for predicting information categories
US20180082061A1 (en) Scanning device, cloud management device, method and system for checking and killing malicious programs
CN108920359B (en) Application program testing method and device, storage medium and electronic device
KR20120078018A (en) System and method for detecting malwares in a file based on genetic map of the file
JP2013545172A (en) Device and method for providing a software program adapted to a computer system downloaded by a user
CN110708335A (en) Access authentication method and device and terminal equipment
CN113114680B (en) Detection method and detection device for file uploading vulnerability
WO2014132145A1 (en) Web service black box testing
CN109902726B (en) Resume information processing method and device
CN109818972B (en) Information security management method and device for industrial control system and electronic equipment
CN106909486B (en) Method, device and system for processing business exception
CN110874475A (en) Vulnerability mining method, vulnerability mining platform and computer readable storage medium
CN109542743B (en) Log checking method and device, electronic equipment and computer readable storage medium
WO2023151397A1 (en) Application program deployment method and apparatus, device, and medium
CN109145591B (en) Plug-in loading method of application program
CN110427745B (en) Verification code obtaining method and device, electronic equipment and computer readable medium
CN114443721A (en) Data processing method and device, electronic equipment and storage medium
US9965744B1 (en) Automatic dynamic vetting of browser extensions and web applications
CN110858143A (en) Installation package generation method, device, equipment and storage medium
CN110069731B (en) Data processing method and device, electronic equipment and computer readable storage medium
CN114301713A (en) Risk access detection model training method, risk access detection method and risk access detection device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant