CN115277069A - Application software network security detection platform and method - Google Patents
Application software network security detection platform and method Download PDFInfo
- Publication number
- CN115277069A CN115277069A CN202210687571.1A CN202210687571A CN115277069A CN 115277069 A CN115277069 A CN 115277069A CN 202210687571 A CN202210687571 A CN 202210687571A CN 115277069 A CN115277069 A CN 115277069A
- Authority
- CN
- China
- Prior art keywords
- application software
- components
- component
- test case
- vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000001514 detection method Methods 0.000 title claims description 8
- 238000012360 testing method Methods 0.000 claims abstract description 53
- 230000003068 static effect Effects 0.000 claims abstract description 18
- 244000035744 Hura crepitans Species 0.000 claims abstract description 8
- 238000004088 simulation Methods 0.000 claims abstract description 8
- 230000003993 interaction Effects 0.000 claims description 24
- 230000002452 interceptive effect Effects 0.000 claims description 13
- 238000012795 verification Methods 0.000 claims description 13
- 230000007123 defense Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The invention discloses a platform and a method for detecting the network security of application software.A static analysis engine in the platform is used for carrying out static analysis on the application software, analyzing each component of the application software, acquiring interfaces of the components and calling functions among the components, and determining the internal operation flow of the application software according to the calling functions among the components of the application software; querying components in which a suspected vulnerability exists; the simulation unit is used for compiling a test case for attacking the suspicious vulnerability of the corresponding component according to the type of the suspicious vulnerability of each component; and the dynamic sandbox is used for dynamically analyzing the corresponding components of the application software by using the test case, detecting the output of the components, judging whether the attack of the test case is effective or not according to the output content and the type of the bug, and if the attack is effective, determining that the suspicious bug of the components is an actual bug. By adopting the technical scheme, the components with the bugs and the types of the bugs in the application software can be quickly and effectively detected.
Description
Technical Field
The invention relates to the technical field of application software network security, in particular to a platform and a method for detecting the application software network security.
Background
Nowadays, mobile terminals such as mobile phones, tablet computers and even watches are all intelligent, and with the requirements of people on the convenience and functionality of the mobile terminals, application software supporting the mobile terminals is diversified and complicated, and many functions can be directly realized through the application software of the mobile terminals.
However, due to diversification and complication of application software of the mobile terminal, the number of components involved in the application software is large, and a data interaction path between each component becomes a new network attack channel. Traditional network attacks mostly focus on the process of data interaction between application software and the outside, while security defense inside the application software is ignored.
In the prior art, for internal security defense detection of application software, a scheme is generally adopted that a network attack for internal components of the application software is simulated, but the scheme lacks pertinence, and because a running path between the components of the application software is complex and some security protection measures (security protection wording may not be comprehensive) also exist between the components, the detection scheme in the prior art is difficult to quickly and effectively detect the components with the vulnerabilities and the types of the vulnerabilities.
Disclosure of Invention
The purpose of the invention is as follows: the invention provides a detection platform and a detection method for application software network security, aiming at quickly and effectively detecting components with bugs and types of the bugs in application software.
The technical scheme is as follows: the invention provides a method for detecting the network security of application software, which comprises the following steps: performing static analysis on the application software, analyzing each component of the application software, and acquiring interfaces of the components and calling functions among the components; determining an internal operation flow of the application software according to a calling function between the application software components; inquiring components through which key information passes in an internal operation flow, determining safety protection measures of interfaces of corresponding components, and inquiring the components with suspicious vulnerabilities according to the safety protection measures; writing a test case for attacking the suspicious vulnerability of the corresponding component according to the type of the suspicious vulnerability of each component; and dynamically analyzing the corresponding component of the application software by using the test case, detecting the output of the component, judging whether the attack of the test case is effective according to the output content and the type of the vulnerability, and if the attack is effective, determining that the suspicious vulnerability of the component is an actual vulnerability.
Specifically, an external interaction component where an interface for data interaction between the application software and the outside is located is determined, the called component, the called function and the interactive data type are queried according to a calling function of the external interaction component, the called function and the interactive data type are continuously queried according to the calling function of the component obtained through query, and therefore all components of the application software are traversed, and an internal operation flow of the application software is formed; the internal operation flow comprises functions called and data types interacted between the components.
Specifically, the key information includes: security verification information, identity information, and asset information.
Specifically, according to the internal operation flow of the application software, key components used for verifying, interacting with the outside, recording, storing and displaying the key information are determined.
Specifically, the safety protection measures of the interfaces of the corresponding components are determined, the components with suspicious vulnerabilities are inquired according to the safety protection measures, the safety protection measures in the paths of the application software components and the key component interface interaction data are inquired, if the safety protection measures are compared with the safety protection measure combination, one or more than one safety protection measures are lacked, or the safety protection measures are lower than the corresponding standard safety level, the components are determined to have suspicious vulnerabilities; the safety protection measures are combined as follows: information encryption, security verification, information integrity identification and malicious program identification.
Specifically, according to the lacking safety protection measures in the path of the data interaction between the application software component and the key component interface and the safety protection measures lower than the standard safety level, the type of the suspected bug is determined, and the test case for attacking the suspected bug of the corresponding component is compiled.
Specifically, in the running of a test case of the information encryption vulnerability, if the key information is stolen, the attack is determined to be effective; in the running of a test case of the security verification vulnerability, if the key information is tampered, the attack is determined to be effective; in the running of the test case with information integrity identification, if the key information is tampered, the attack is determined to be effective; and in the running of the test case identified by the malicious program, if the malicious program runs effectively, the attack is determined to be effective.
The invention provides a detection platform for application software network security, which comprises: static analysis engine, attack simulation unit and dynamic sandbox, wherein: the static analysis engine is used for carrying out static analysis on the application software, analyzing each component of the application software, and acquiring interfaces of the components and calling functions among the components; determining an internal operation flow of the application software according to a call function between the application software components; querying components through which key information passes in an internal operation flow, determining safety protection measures of interfaces of corresponding components, and querying the components with suspected vulnerabilities according to the safety protection measures; the simulation unit is used for compiling a test case for attacking the suspicious vulnerability of the corresponding component according to the type of the suspicious vulnerability of each component; and the dynamic sandbox is used for dynamically analyzing the corresponding components of the application software by using the test case, detecting the output of the components, judging whether the attack of the test case is effective or not according to the output content and the type of the vulnerability, and if the attack is effective, determining that the suspected vulnerability of the components is an actual vulnerability.
Has the beneficial effects that: compared with the prior art, the invention has the following remarkable advantages: the method can quickly and effectively detect the components with the bugs and the types of the bugs in the application software.
Drawings
Fig. 1 is a schematic flow chart of a method for detecting network security of application software according to the present invention.
Detailed Description
The technical scheme of the invention is further explained by combining the attached drawings.
In daily life of mobile terminal application software, the use frequency is extremely high, and the network security of the corresponding application software is also extremely important, and the application software relates to important information of people, including identity information, asset information and the like. Therefore, the network security risk management and control of the application software is a very important research topic. The invention mainly focuses on network security for internal components of application software.
Fig. 1 is a schematic flow chart of the method for detecting the network security of the application software according to the present invention.
Step 1, performing static analysis on the application software, analyzing each component of the application software, and acquiring an interface of the component and a calling function between the components.
In a specific implementation, the application software may be analyzed by the static analysis engine, including analyzing the code of the application software, all components in the application software may be analyzed, an interface for data interaction between the components may be further determined according to the components, and a calling function for calling functions or data of other components in the components may be further determined, so that a running path between the components may be determined.
And 2, determining the internal operation flow of the application software according to the calling function between the application software components.
In a specific implementation, a calling function of a component refers to a function or data (including a called data type) of the component calling other components, and according to the calling function of one component in application software, a relationship between the component and the other components can be queried, so that an internal operation flow of the application software component can be determined.
In the embodiment of the invention, an external interaction component where an interface for data interaction between application software and the outside is located is determined, the called component, the called function and the interactive data type are inquired according to the calling function of the external interaction component, and the called component, the called function and the interactive data type are continuously inquired according to the calling function of the inquired component, so that all components of the application software are traversed, and the internal operation flow of the application software is formed.
In the embodiment of the invention, the internal operation flow comprises functions called among the components and data types of interaction.
In specific implementation, because the internal operation flow of the application software often starts from data interaction between the application software and the outside, an interface for data interaction between the application software and the outside can be firstly queried, an external interaction component where the interface is located is determined, a component (function, data and the like) called by the component can be known according to a calling function of the component, other called components are continuously queried according to the calling function of the called component, all components of the application software are traversed according to the flow, and the internal operation flow of the application software can be formed.
And 3, inquiring the components through which the key information passes in the internal operation flow, determining the safety protection measures of the interfaces of the corresponding components, and inquiring the components with suspicious vulnerabilities according to the safety protection measures.
In the embodiment of the present invention, the key information includes: security verification information, identity information, and asset information.
In the embodiment of the invention, the key components for verifying, interacting with the outside, recording, storing and displaying the key information are determined according to the internal operation flow of the application software.
In specific implementation, in the internal operation flow formed before, the operation sequence among the components, the functions called among the components and the data types of interaction are involved, according to the internal operation flow, which components call the key information and what uses the key information can be easily inquired, and the components calling the key information are key objects of the network attack.
In specific implementation, an important link for improving the network security of the application software is to avoid leakage of the key information, so that important attention needs to be paid to key components for verifying, externally interacting, recording, storing and displaying the key information.
In the embodiment of the invention, the safety protection measures in the path of the interactive data between the application software component and the key component interface are inquired, and if one or more safety protection measures are lacked or the safety protection measures are lower than the corresponding standard safety level compared with the safety protection measure combination, the existence of suspicious vulnerabilities in the component is determined.
In the embodiment of the invention, the safety protection measures are combined as follows: information encryption, security verification, information integrity identification and malicious program identification.
In specific implementation, the defense aspect of the safety protection measure combination is comprehensive, and the internal network safety of the application software component can be ensured.
In specific implementation, the path between the key component and the application software component is a key object of a network attack, and therefore security measures in the key component need to be focused on. For example, the security measures in the path include information encryption, security verification and information integrity identification, but lack of malicious program identification, and can determine that a key component has a suspicious vulnerability, and the vulnerability type is a malicious program identification vulnerability; various security measures can be set to corresponding levels, for example, the information encryption in the path adopts an asymmetric encryption method, the set security level is 3, but the standard security level is 5, the security level of the asymmetric encryption method is lower than the standard security level, the key component can be determined to have a suspected bug, the bug type is the information encryption bug, if the adopted information encryption is a hash algorithm, the set security level is 6, and the key component is determined not to have the suspected bug in terms of information encryption.
In particular implementations, a suspected vulnerability refers to a potential vulnerability of a component.
And 4, compiling a test case for attacking the suspicious vulnerability of the corresponding component according to the type of the suspicious vulnerability of each component.
In the embodiment of the invention, the type of the suspected bug is determined according to the security protection measures which are lacked in the path of the interactive data between the application software component and the key component interface and the security protection measures which are lower than the standard security level, and the test case for attacking the suspected bug of the corresponding component is compiled.
In a specific implementation, for example, if the missing security protection measure is information encryption, or the information encryption security protection wording is lower than the standard security level, a corresponding test case may be written for the information encryption. The vulnerability of the internal components of the application software can be quickly and accurately positioned, and timely modification and correction are facilitated.
And 5, dynamically analyzing the corresponding component of the application software by using the test case, detecting the output of the component, judging whether the attack of the test case is effective according to the output content and the type of the vulnerability, and if the attack is effective, determining that the suspicious vulnerability of the component is an actual vulnerability.
In specific implementation, when the test case is used for dynamically analyzing the components of the application software, the test case is directly used in an information interaction path between the key component and the application software, and the test can be accurately and effectively carried out.
In the embodiment of the invention, in the running of the test case of the information encryption vulnerability, if the key information is stolen, the attack is determined to be effective; in the running of the test case of the security verification vulnerability, if the key information is tampered, the attack is determined to be effective; in the running of the test case with information integrity identification, if the key information is tampered, the attack is determined to be effective; and in the running of the test case identified by the malicious program, if the malicious program runs effectively, the attack is determined to be effective.
In specific implementation, the key information is stolen, which means that the key information is sent out according to a mode set by a test case; the key information is tampered, and the key information is modified according to a mode set by a test case; the malicious program effectively runs, which means that a specific program in a test case can run smoothly.
In specific implementation, if the test case is valid, it may be determined that a suspected bug actually exists, which may cause the internal component of the application software to be attacked by the network, and the type of the bug is the same as the type of the used test case, for example, the bug existing in the corresponding component is an information encryption bug if the test case attacking the information encryption bug is valid.
In specific implementation, the method provided by the invention can be used for quickly and effectively detecting the components with the bugs and the types of the bugs in the application software.
The invention also provides a detection platform for the network security of the application software, which comprises the following steps: static analysis engine, attack simulation unit and dynamic sandbox, wherein: the static analysis engine is used for carrying out static analysis on the application software, analyzing each component of the application software, and acquiring interfaces of the components and calling functions among the components; determining an internal operation flow of the application software according to a call function between the application software components; inquiring components through which key information passes in an internal operation flow, determining safety protection measures of interfaces of corresponding components, and inquiring the components with suspicious vulnerabilities according to the safety protection measures; the simulation unit is used for compiling a test case for attacking the suspicious vulnerability of the corresponding component according to the type of the suspicious vulnerability of each component; and the dynamic sandbox is used for dynamically analyzing the corresponding components of the application software by using the test case, detecting the output of the components, judging whether the attack of the test case is effective or not according to the output content and the type of the bug, and if the attack is effective, determining that the suspicious bug of the components is an actual bug.
In the embodiment of the invention, the static analysis engine is used for determining an external interaction component where an interface for data interaction between the application software and the outside is located, querying the called component, the called function and the interactive data type according to the calling function of the external interaction component, and continuously querying the called component, the called function and the interactive data type according to the calling function of the component obtained by querying, so that all components of the application software are traversed to form an internal operation flow of the application software; the internal operation flow comprises functions called and data types interacted between the components.
In the embodiment of the present invention, the key information includes: security verification information, identity information, and asset information.
In the embodiment of the invention, the static analysis engine is used for determining the key components for verifying, externally interacting, recording, storing and displaying the key information according to the internal operation flow of the application software.
In the embodiment of the invention, the static analysis engine is used for inquiring the safety protection measures in the path of the interactive data between the application software component and the key component interface, if the safety protection measures are compared with the safety protection measure combination, one or more than one safety protection measures are lacked, or the safety protection measures are lower than the corresponding standard safety level, the component is determined to have suspicious vulnerabilities; the safety protection measures are combined as follows: information encryption, security verification, information integrity identification and malicious program identification.
In the embodiment of the invention, the attack simulation unit is used for determining the type of the suspected bug and writing the test case of the suspected bug for attacking the corresponding component according to the lacking safety protection measures in the path of the interactive data between the application software component and the key component interface and the safety protection measures lower than the standard safety level.
In the embodiment of the invention, the dynamic sandbox is used for identifying that the attack is effective if the key information is stolen during the running of the test case of the information encryption vulnerability; in the running of the test case of the security verification vulnerability, if the key information is tampered, the attack is determined to be effective; in the running of the test case with information integrity identification, if the key information is tampered, the attack is determined to be effective; and in the running of the test case identified by the malicious program, if the malicious program runs effectively, the attack is determined to be effective.
Claims (8)
1. A method for detecting the network security of application software is characterized by comprising the following steps:
performing static analysis on the application software, analyzing each component of the application software, and acquiring interfaces of the components and calling functions among the components;
determining an internal operation flow of the application software according to a call function between the application software components;
querying components through which key information passes in an internal operation flow, determining safety protection measures of interfaces of corresponding components, and querying the components with suspected vulnerabilities according to the safety protection measures;
writing a test case for attacking the suspicious vulnerabilities of the corresponding components according to the types of the suspicious vulnerabilities of each component;
and dynamically analyzing the corresponding component of the application software by using the test case, detecting the output of the component, judging whether the attack of the test case is effective according to the output content and the type of the vulnerability, and if the attack is effective, determining that the suspicious vulnerability of the component is an actual vulnerability.
2. The method for detecting the network security of the application software according to claim 1, wherein the determining the internal operation flow of the application software according to the call function between the application software components comprises:
determining an external interaction component where an interface for data interaction between the application software and the outside is located, querying the called component, the called function and the interactive data type according to a calling function of the external interaction component, and continuously querying the called component, the called function and the interactive data type according to the calling function of the component obtained by query, thereby traversing all components of the application software and forming an internal operation flow of the application software; the internal operation flow comprises functions called and data types interacted between the components.
3. The method for detecting the network security of the application software according to claim 2, wherein the key information comprises: security verification information, identity information, and asset information.
4. The method for detecting the network security of the application software according to claim 3, wherein the querying the components through which the key information passes in the internal operation flow comprises:
and determining key components for verifying, externally interacting, recording, storing and displaying the key information according to the internal operation flow of the application software.
5. The method for detecting the network security of the application software according to claim 4, wherein the determining the security measures of the interfaces of the corresponding components, and accordingly querying the components in which the suspected vulnerabilities exist comprises:
inquiring safety protection measures in a path of the application software component and key component interface interaction data, and if the safety protection measures are compared with the safety protection measure combination, one or more than one safety protection measures are lacked, or the safety protection measures are lower than the corresponding standard safety level, determining that the component has suspicious vulnerabilities; the safety protection measure combination comprises the following steps: information encryption, security verification, information integrity identification and malicious program identification.
6. The method for detecting the network security of the application software according to claim 5, wherein the writing of the test case for attacking the suspected bug of the corresponding component according to the type of the suspected bug of each component comprises:
determining the type of the suspicious vulnerability according to the lacking safety protection measures and the safety protection measures lower than the standard safety level in the path of the interactive data between the application software component and the key component interface, and writing a test case for attacking the suspicious vulnerability of the corresponding component.
7. The method for detecting the network security of the application software according to claim 6, wherein the step of judging whether the attack of the test case is effective according to the output content and the category of the vulnerability comprises the steps of:
in the running of the test case of the information encryption vulnerability, if the key information is stolen, the attack is determined to be effective; in the running of the test case of the security verification vulnerability, if the key information is tampered, the attack is determined to be effective; in the running of the test case with information integrity identification, if the key information is tampered, the attack is determined to be effective; and in the running of the test case identified by the malicious program, if the malicious program runs effectively, the attack is determined to be effective.
8. A detection platform for application software network security is characterized by comprising: static analysis engine, attack simulation unit and dynamic sandbox, wherein:
the static analysis engine is used for carrying out static analysis on the application software, analyzing each component of the application software, and acquiring interfaces of the components and calling functions among the components; determining an internal operation flow of the application software according to a calling function between the application software components; inquiring components through which key information passes in an internal operation flow, determining safety protection measures of interfaces of corresponding components, and inquiring the components with suspicious vulnerabilities according to the safety protection measures;
the simulation unit is used for compiling a test case for attacking the suspicious vulnerability of the corresponding component according to the type of the suspicious vulnerability of each component;
and the dynamic sandbox is used for dynamically analyzing the corresponding components of the application software by using the test case, detecting the output of the components, judging whether the attack of the test case is effective or not according to the output content and the type of the vulnerability, and if the attack is effective, determining that the suspected vulnerability of the components is an actual vulnerability.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210687571.1A CN115277069A (en) | 2022-06-17 | 2022-06-17 | Application software network security detection platform and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210687571.1A CN115277069A (en) | 2022-06-17 | 2022-06-17 | Application software network security detection platform and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115277069A true CN115277069A (en) | 2022-11-01 |
Family
ID=83761202
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210687571.1A Pending CN115277069A (en) | 2022-06-17 | 2022-06-17 | Application software network security detection platform and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277069A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103984900A (en) * | 2014-05-19 | 2014-08-13 | 南京赛宁信息技术有限公司 | Android application vulnerability detection method and Android application vulnerability detection system |
| CN104933362A (en) * | 2015-06-15 | 2015-09-23 | 福州大学 | Automatic detection method of API (Application Program Interface) misuse-type bug of Android application software |
| US10558809B1 (en) * | 2017-04-12 | 2020-02-11 | Architecture Technology Corporation | Software assurance system for runtime environments |
| CN110855642A (en) * | 2019-10-30 | 2020-02-28 | 腾讯科技(深圳)有限公司 | Application vulnerability detection method and device, electronic equipment and storage medium |
| CN111783096A (en) * | 2019-08-28 | 2020-10-16 | 北京京东尚科信息技术有限公司 | Method and device for detecting security vulnerability |
| CN111859380A (en) * | 2019-04-25 | 2020-10-30 | 北京九州正安科技有限公司 | Zero false alarm detection method for Android App vulnerability |
| CN112560045A (en) * | 2020-12-11 | 2021-03-26 | 腾讯科技(深圳)有限公司 | Application program vulnerability detection method and device, computer equipment and storage medium |
| CN113626823A (en) * | 2021-06-29 | 2021-11-09 | 中国科学院信息工程研究所 | Reachability analysis-based inter-component interaction threat detection method and device |
-
2022
- 2022-06-17 CN CN202210687571.1A patent/CN115277069A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103984900A (en) * | 2014-05-19 | 2014-08-13 | 南京赛宁信息技术有限公司 | Android application vulnerability detection method and Android application vulnerability detection system |
| CN104933362A (en) * | 2015-06-15 | 2015-09-23 | 福州大学 | Automatic detection method of API (Application Program Interface) misuse-type bug of Android application software |
| US10558809B1 (en) * | 2017-04-12 | 2020-02-11 | Architecture Technology Corporation | Software assurance system for runtime environments |
| CN111859380A (en) * | 2019-04-25 | 2020-10-30 | 北京九州正安科技有限公司 | Zero false alarm detection method for Android App vulnerability |
| CN111783096A (en) * | 2019-08-28 | 2020-10-16 | 北京京东尚科信息技术有限公司 | Method and device for detecting security vulnerability |
| CN110855642A (en) * | 2019-10-30 | 2020-02-28 | 腾讯科技(深圳)有限公司 | Application vulnerability detection method and device, electronic equipment and storage medium |
| CN112560045A (en) * | 2020-12-11 | 2021-03-26 | 腾讯科技(深圳)有限公司 | Application program vulnerability detection method and device, computer equipment and storage medium |
| CN113626823A (en) * | 2021-06-29 | 2021-11-09 | 中国科学院信息工程研究所 | Reachability analysis-based inter-component interaction threat detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106203113B (en) | The privacy leakage monitoring method of Android application file | |
| CN103699480B (en) | A kind of WEB dynamic security leak detection method based on JAVA | |
| CN111695119B (en) | Web vulnerability detection method based on fine-grained static stain analysis and symbol execution | |
| CN110417778B (en) | Access request processing method and device | |
| US10986103B2 (en) | Signal tokens indicative of malware | |
| CN109062667B (en) | Simulator identification method, simulator identification equipment and computer readable medium | |
| KR20140098025A (en) | System and Method For A SEcurity Assessment of an Application Uploaded to an AppStore | |
| CN107103240B (en) | Method and system for identifying privacy disclosure behaviors among Android components based on context information | |
| CN107145376A (en) | A kind of active defense method and device | |
| CN110096433B (en) | Method for acquiring encrypted data on iOS platform | |
| KR20110128632A (en) | Method and device for detecting malicious action of application program for smartphone | |
| CN105791261A (en) | Detection method and detection device for cross-site scripting attack | |
| Xu et al. | SoProtector: Safeguard privacy for native SO files in evolving mobile IoT applications | |
| CN111191243A (en) | Vulnerability detection method and device and storage medium | |
| CN116340943A (en) | Application program protection method, device, equipment, storage medium and program product | |
| CN109815702B (en) | Software behavior safety detection method, device and equipment | |
| CN103902906A (en) | Mobile terminal malicious code detecting method and system based on application icon | |
| CN112632547A (en) | Data processing method and related device | |
| CN112632538A (en) | Android malicious software detection method and system based on mixed features | |
| CN104426836A (en) | Invasion detection method and device | |
| CN111314370B (en) | Method and device for detecting service vulnerability attack behavior | |
| CN115795489B (en) | Software vulnerability static analysis method and device based on hardware-level process tracking | |
| CN116595523A (en) | Multi-engine file detection method, system, equipment and medium based on dynamic arrangement | |
| CN115277069A (en) | Application software network security detection platform and method | |
| Short et al. | Android smartphone third party advertising library data leak analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |