CN115618358A - Application file security detection method and device and server - Google Patents

Application file security detection method and device and server Download PDF

Info

Publication number
CN115618358A
CN115618358A CN202211315876.6A CN202211315876A CN115618358A CN 115618358 A CN115618358 A CN 115618358A CN 202211315876 A CN202211315876 A CN 202211315876A CN 115618358 A CN115618358 A CN 115618358A
Authority
CN
China
Prior art keywords
target
installation package
text
application
package file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211315876.6A
Other languages
Chinese (zh)
Inventor
马咪
朱珊珊
张伟龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202211315876.6A priority Critical patent/CN115618358A/en
Publication of CN115618358A publication Critical patent/CN115618358A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/166Editing, e.g. inserting or deleting
    • G06F40/186Templates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/194Calculation of difference between files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/30Semantic analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/53Decompilation; Disassembly

Abstract

The application provides a security detection method, a security detection device and a security detection server for application files, and is applied to the technical field of data security. Based on the method, after a target security detection request about a target application is obtained, a target installation package file and a target text attachment of the target application can be obtained at the same time according to a target identifier carried by the target security detection request; then, carrying out text recognition on the target text attachment to obtain effective information of the target text attachment; and comprehensively utilizing effective information of the target installation package file and the target text attachment, and simultaneously carrying out security detection on the target application based on two different dimensions. Therefore, the safety of the target application can be accurately and comprehensively automatically detected, the application with safety risk can be found in time, and the data safety of the user is protected; meanwhile, the detection process can be effectively simplified, the detection efficiency is improved, and the detection error is reduced.

Description

Application file security detection method and device and server
Technical Field
The present specification belongs to the technical field of data security, and in particular, to a method, an apparatus, and a server for detecting security of an application file.
Background
With the development of technology, more and more users are beginning to implement many business services and business functions through application programs (e.g., mobile phone apps, etc.). The application program provides convenience for work and life of people, and meanwhile, the problems of excessive use permission, user information leakage and the like existing in the application program are gradually concerned by people.
Based on the existing method, most of the application programs need to be manually subjected to safety compliance detection one by a technician according to a related inspection list so as to identify the application programs with safety risks. However, when the method is specifically implemented, the detection efficiency is low, the detection is not complete enough, and errors are easy to occur.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The specification provides a method, a device and a server for detecting the security of an application file, which can accurately and comprehensively realize the automatic detection of the security of a target application, find applications with security risks in time, avoid personal information data from being leaked when a user uses the application, and protect the data security of the user; meanwhile, the detection process can be effectively simplified, the detection efficiency is improved, and the detection error is reduced.
The present specification provides a method for detecting security of an application file, including:
acquiring a target security detection request about a target application; the target security detection request at least carries a target identifier associated with a target application;
responding to the target security detection request, and acquiring a target installation package file and a target text attachment of a target application according to a target identification;
performing text recognition on the target text attachment to acquire effective information of the target text attachment;
and carrying out security detection on the target application according to the effective information of the target installation package file and the target text attachment.
In one embodiment, the target text attachment includes at least one of: privacy protocol text, user protocol text, data security policy text.
In one embodiment, obtaining a target security detection request for a target application includes:
monitoring whether the target application is upgraded and updated;
and generating a target security detection request about the target application under the condition that the target application is monitored to be upgraded and updated.
In one embodiment, the obtaining of valid information of the target text attachment by text recognition of the target text attachment includes:
matching the target text attachment according to a preset text template so as to intercept a plurality of key texts from the target text attachment;
processing the plurality of key texts by using a preset text recognition model to obtain corresponding target text recognition results;
and acquiring effective information of the target text attachment according to the target text identification result.
In one embodiment, the security detection of the target application according to the valid information of the target installation package file and the target text attachment comprises:
performing decompiling processing on the target installation package file to obtain a source code of the target installation package file;
acquiring a protocol rule of the target installation package file according to a source code of the target installation package file;
and carrying out security detection on the target application according to the protocol rule of the target installation package file and the effective information of the target text attachment.
In one embodiment, the security detection of the target application according to the protocol rule of the target installation package file and the valid information of the target text attachment includes:
processing effective information of the target text attachment by using a preset semantic recognition model to acquire key semantic content;
according to the key semantic content, performing semantic matching on a protocol rule of the target installation package file to obtain a corresponding semantic matching degree;
and determining whether the target application passes the security detection or not according to the semantic matching degree.
In one embodiment, the predetermined semantic recognition model includes a neural network model based on natural language processing.
In one embodiment, determining whether the target application passes the security detection according to the semantic matching degree comprises:
detecting whether the semantic matching degree is greater than or equal to a preset matching degree safety threshold value or not;
and under the condition that the semantic matching degree is determined to be greater than or equal to a preset matching degree safety threshold, determining that the target application passes safety detection.
In one embodiment, in the case that it is determined that the semantic matching degree is greater than or equal to a preset matching degree safety threshold, the method further includes:
processing the key semantic content and a preset safety information reference template by using a preset similarity algorithm to obtain a similarity parameter between the key semantic content and a corresponding safety information item in the preset safety information reference template;
and determining whether the target application passes the safety detection or not according to the similarity parameter.
In one embodiment, after performing decompiling processing on the target installation package file and obtaining the source code of the target installation package file, the method further includes:
extracting key code statements from source codes of the target installation package file;
simulating and executing the key code statement and obtaining a corresponding simulation execution result;
and carrying out security detection on the target application according to the simulation execution result and the effective information of the target text attachment.
In one embodiment, after performing security detection on the target application according to the valid information of the target installation package file and the target text attachment, the method further comprises:
and under the condition that the target application security detection is determined to pass, externally publishing the target installation package file of the target application.
This specification also provides a security detection device for an application file, including:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a target security detection request about a target application; the target security detection request at least carries a target identifier associated with a target application;
the second acquisition module is used for responding to the target security detection request and acquiring a target installation package file and a target text attachment of a target application according to a target identifier;
the identification module is used for carrying out text identification on the target text attachment to acquire effective information of the target text attachment;
and the detection module is used for carrying out security detection on the target application according to the effective information of the target installation package file and the target text attachment.
The present specification also provides a server comprising a processor and a memory for storing processor-executable instructions, wherein the processor executes the instructions to implement the relevant steps of the method for detecting the security of the application file.
The present specification also provides a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, perform the steps of: acquiring a target security detection request about a target application; the target security detection request at least carries a target identifier associated with a target application; responding to the target security detection request, and acquiring a target installation package file and a target text attachment of a target application according to a target identification; performing text recognition on the target text attachment to acquire effective information of the target text attachment; and carrying out security detection on the target application according to the effective information of the target installation package file and the target text attachment.
The present specification also provides a computer program product comprising a computer program which, when executed by a processor, implements the relevant steps of the method for security detection of an application file.
Based on the application file security detection method, device and server provided by the specification, after a target security detection request related to a target application is obtained, a target installation package file and a target text attachment of the target application can be obtained at the same time according to a target identifier carried by the target security detection request; then, carrying out text recognition on the target text attachment to acquire effective information of the target text attachment; and comprehensively utilizing the effective information of the target installation package file and the target text attachment to carry out security detection on the target application. Therefore, the automatic detection of the safety of the target application can be accurately and comprehensively realized, the application with the safety risk can be found in time, the personal information data is prevented from being leaked when the user subsequently uses the application with the safety risk, and the data safety of the user is protected; meanwhile, the detection process can be effectively simplified, the detection efficiency is improved, and the detection error is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present description, the drawings needed for the embodiments will be briefly described below, the drawings in the following description are only some of the embodiments described in the present description, and other drawings may be obtained by those skilled in the art without inventive efforts.
Fig. 1 is a flowchart illustrating a security detection method for an application file according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram illustrating an embodiment of a security detection method for an application file according to an embodiment of the present specification, in an example scenario;
fig. 3 is a schematic diagram illustrating an embodiment of a security detection method for an application file according to an embodiment of the present disclosure in an example scenario;
fig. 4 is a schematic diagram illustrating an embodiment of a security detection method for an application file according to an embodiment of the present specification;
fig. 5 is a schematic diagram illustrating an embodiment of a security detection method for an application file according to an embodiment of the present specification;
fig. 6 is a schematic diagram illustrating an embodiment of a security detection method for an application file according to an embodiment of the present disclosure in an example scenario;
fig. 7 is a schematic structural component diagram of a server provided in an embodiment of the present specification;
fig. 8 is a schematic structural component diagram of an apparatus for detecting security of an application file according to an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
It should be noted that the information data related to the user referred to in the present specification is acquired and used by the user knowing and agreeing. Moreover, the acquisition, storage, use, processing and the like of the information data all conform to relevant regulations of national laws and regulations.
Referring to fig. 1, an embodiment of the present disclosure provides a method for detecting security of an application file. The method is particularly applied to the server side. In specific implementation, the method may include the following:
s101: acquiring a target security detection request about a target application; the target security detection request at least carries a target identifier associated with a target application;
s102: responding to the target security detection request, and acquiring a target installation package file and a target text attachment of a target application according to a target identifier;
s103: performing text recognition on the target text attachment to acquire effective information of the target text attachment;
s104: and carrying out security detection on the target application according to the effective information of the target installation package file and the target text attachment.
In some embodiments, referring to fig. 2, the method for detecting security of an application file may be specifically applied to a server side. The server may specifically include a server deployed on a side of a trading platform (e.g., XX internet banking) and responsible for performing security detection (or compliance detection) on an application program issued through the trading platform. The transaction platform may externally publish applications for different business services provided by the platform, for example, an XX electronic banking app, an XX payment app, or an XX bank communication app. In addition, the transaction platform can also externally release application programs provided by a third party with cooperation.
The server may specifically include a background server capable of implementing functions such as data transmission and data processing. Specifically, the server may be, for example, an electronic device having data operation, storage function and network interaction function. Alternatively, the server may be a software program running in the electronic device and providing support for data processing, storage and network interaction. In the present embodiment, the number of servers is not particularly limited. The server may specifically be one server, or may also be several servers, or a server cluster formed by several servers.
In specific implementation, when receiving an installation package file of an application to be published (for example, an installation package file of a new application or an updated installation package file of an old application), a transaction platform may obtain, according to a corresponding identifier, an installation package file and a text attachment of a relevant application (for example, a privacy protocol text, a user protocol text, a data usage description text, and the like) at the same time by using the security detection method for an application provided in this specification; then carrying out text recognition on the text attachment to acquire effective information; and further, effective information of the installation package file and the text attachment can be comprehensively utilized, and safety detection can be comprehensively and accurately carried out on the application program based on two dimensions of the installation package file and the text attachment.
And when the application program is determined to pass the security detection and not to have the security risk, the server publishes the application program on the trading platform and externally provides a download link of an installation package file of the application program on the trading platform.
At this time, if the user needs the service provided by the relevant application program, the user terminal can download and acquire the installation package file of the application program through the download link provided by the transaction platform; and the user can install and run the application program in the user terminal.
The user terminal may specifically include a front end that is applied to a user side and can implement functions such as data acquisition and data transmission. Specifically, the user terminal may be, for example, an electronic device such as a desktop computer, a tablet computer, a notebook computer, and a smart phone. Alternatively, the user terminal may be a software application capable of running in the electronic device.
In some embodiments, the target application may be specifically understood as an application program to be subjected to security detection. For example, an application program of an upgraded updated version of XX electronic banking, and the like.
The target identifier may be specifically understood as an identification information that can be used to indicate the target application. Specifically, for example, the combination of the name and the version number of the target application may be used, the application number of the target application may be used, the identification ID of the target application may be used, and the like. The present specification is not limited to these.
In some embodiments, the obtaining of the target security detection request for the target application may include the following steps: monitoring whether the target application is upgraded and updated; and under the condition that the target application is monitored to be upgraded and updated, generating a target security detection request related to the target application.
Accordingly, the target application updated by upgrading can be determined as the target application to be subjected to security detection.
In addition, when implemented, the method may further include: monitoring whether a new application appears on a trading platform; under the condition that a new application is monitored to appear on a trading platform, determining the new application as a target application to be subjected to security detection; and generating a target security detection request for the target application.
In some embodiments, after receiving a target security detection request, a server may obtain a target identifier by performing data analysis on the target security detection request; and then, inquiring a database of the application to be issued of the transaction platform according to the target identification so as to obtain a target installation package file and a target text attachment of the target application.
In some embodiments, the target text attachment may specifically include at least one of: privacy protocol text, user protocol text, data security policy text, and the like.
Of course, it should be noted that the above listed target text attachments are only illustrative. In particular implementation, the target text attachments may also include other types of text attachments, such as data usage description text, privacy security policy text, and the like, according to specific situations and processing requirements. The present specification is not limited to this.
In some embodiments, referring to fig. 3, the obtaining of the valid information of the target text attachment by performing text recognition on the target text attachment may include the following steps:
s1: matching the target text attachment according to a preset text template so as to intercept a plurality of key texts from the target text attachment;
s2: processing the plurality of key texts by using a preset text recognition model to obtain corresponding target text recognition results;
s3: and acquiring effective information of the target text attachment according to the target text identification result.
The preset text template may be obtained by summarizing and sorting text formats of file attachments applied to a large number of samples in advance. The effective information may be specifically understood as information related to data security of a user.
When the method is specifically implemented, firstly, the text position of the key text containing the effective information can be positioned in the target text attachment on the basis of a preset text template; and further, required key texts can be intercepted from the target text attachments according to the text positions. Therefore, the subsequent processing is carried out only on the key text with less data quantity, and the subsequent processing is not required to be carried out on all the texts contained in the target text attachment, so that the data processing can be effectively reduced, the data processing is improved, and the overall processing efficiency is improved.
Then, further text recognition can be carried out on the extracted multiple key texts by utilizing a preset text recognition model so as to obtain corresponding target text recognition results; and further, according to the target text recognition result, the required effective information of the target text attachment can be obtained.
The preset text Recognition model may be an algorithm model that combines OCR (Optical Character Recognition) Recognition and crnn (convolutional recurrent neural network).
In some embodiments, referring to fig. 4, when the security detection is performed on the target application according to the valid information of the target installation package file and the target text attachment, the security detection may be implemented as follows:
s1: performing decompiling processing on the target installation package file to obtain a source code of the target installation package file;
s2: acquiring a protocol rule of the target installation package file according to a source code of the target installation package file;
s3: and carrying out security detection on the target application according to the protocol rule of the target installation package file and the effective information of the target text attachment.
In some embodiments, in specific implementation, the suffix name of the target installation package file may be modified first, and then decompiling processing is performed, and for some installation package files with higher security and complexity, shelling processing is further performed to finally obtain the source code of the target installation package file. Further, the source code may be retrieved to extract a definition description of the protocol rules, such as user protocol, privacy protocol, operation protocol, etc., in the source code as the protocol rules of the target installation package file. And then the protocol rule of the target installation package file and the effective information of the target text attachment can be simultaneously utilized, and the target application is comprehensively and accurately detected by combining two different dimensions of the installation package file and the text attachment.
In some embodiments, referring to fig. 5, when the security detection is performed on the target application according to the protocol rule of the target installation package file and the valid information of the target text attachment, the following steps may be included:
s1: processing effective information of the target text attachment by using a preset semantic recognition model to acquire key semantic content;
s2: according to the key semantic content, performing semantic matching on a protocol rule of the target installation package file to obtain a corresponding semantic matching degree;
s3: and determining whether the target application passes the security detection or not according to the semantic matching degree.
In some embodiments, the predetermined semantic recognition model includes a natural language processing (nlp) based neural network model.
Before specific implementation, a preset semantic recognition model can be obtained by training in the following way: obtaining effective information of sample application as sample data; marking key semantic content in the sample data to obtain marked sample data; constructing an initial model based on nlp; and training the initial model by using the labeled sample data to obtain a preset semantic recognition model meeting the precision requirement.
In some embodiments, the processing of the valid information of the target text attachment by using the preset semantic recognition model to obtain the key semantic content may include the following steps:
s1: processing effective information of the target text attachment and context associated text of the effective information in the target text attachment by using a preset semantic recognition model to obtain a semantic recognition result of the effective information and a semantic recognition result of the context associated text;
s2: determining a comprehensive semantic recognition result according to the semantic recognition result of the effective information and the semantic recognition result of the context associated text;
s3: and extracting semantic contents related to the operating environment and/or the user information from the comprehensive semantic recognition result to be used as the key semantic contents.
In some embodiments, the performing semantic matching on the protocol rule of the target installation package file according to the key semantic content to obtain a corresponding semantic matching degree may include: according to the key semantic contents, performing semantic retrieval on the protocol rules of the target installation package file, and finding out the protocol contents with the strongest semantic relevance with each key semantic content in the protocol rules; and performing semantic matching on the protocol content and the key semantic content to obtain a corresponding semantic matching degree.
In some embodiments, the determining whether the target application passes the security detection according to the semantic matching degree may include the following steps: detecting whether the semantic matching degree is greater than or equal to a preset matching degree safety threshold value or not; and under the condition that the semantic matching degree is determined to be greater than or equal to a preset matching degree safety threshold, determining that the target application passes safety detection. Conversely, in the case that the semantic matching degree is determined to be less than the preset matching degree safety threshold, the target application is determined not to pass the safety detection.
The preset matching degree safety threshold may be determined in advance by clustering a large number of historical applications meeting the safety specification requirements.
Based on the embodiment, the security detection of the target application can be realized relatively quickly.
In some embodiments, when it is determined that the semantic matching degree is greater than or equal to the preset matching degree safety threshold, the method may further include the following steps:
s1: processing the key semantic content and a preset safety information reference template by using a preset similarity algorithm to obtain a similarity parameter between the key semantic content and a corresponding safety information item in the preset safety information reference template;
s2: and determining whether the target application passes the safety detection or not according to the similarity parameter.
The similarity parameter is used for representing semantic similarity between the key semantic content and corresponding security information items in a preset security information reference template. The preset similarity calculation method may specifically include a cosine algorithm or a simhash algorithm.
The preset security information reference template may be obtained by learning and sorting installation package files and text attachments applied to a large number of samples in advance. The preset safety information reference template at least comprises a plurality of preset safety information items. The preset safety information items comprise information items related to the operating environment and the user information.
In some embodiments, after performing decompiling processing on the target installation package file and obtaining the source code of the target installation package file, as shown in fig. 6, when the method is implemented, the following may be further included:
s1: extracting key code statements from source codes of the target installation package file;
s2: simulating and executing the key code statement and obtaining a corresponding simulation execution result;
s3: and carrying out security detection on the target application according to the simulation execution result and the effective information of the target text attachment.
In some embodiments, when the target installation package file is implemented, the required key code statement can be found and extracted by searching key characters related to the running environment and/or the user information in the source code of the target installation package file.
In some embodiments, the simulating and executing the key code statement and obtaining a corresponding simulation execution result may include, in specific implementation: and simulating and executing the key code statements in a virtual environment by combining the front and rear association code statements of the key code statements in the source code, and acquiring the change data of the operating environment and/or the processing data aiming at the user information as corresponding simulation execution results.
In some embodiments, the performing security detection on the target application according to the simulation execution result and the valid information of the target text attachment may include: processing effective information of the target text attachment by using a preset semantic recognition model to acquire key semantic content; performing semantic matching on the key semantic content and the simulation execution result to obtain a corresponding semantic matching degree; and detecting whether the semantic matching degree is greater than or equal to a preset matching degree safety threshold value.
Under the condition that the semantic matching degree is determined to be greater than or equal to the preset matching degree safety threshold, judging whether the simulation execution result meets the standard requirement or not according to a preset safety information reference template; in the event that compliance with the specification requirements is determined, it may be determined that the target application passes the security check.
In addition, behavior operation data when the key code statements are executed in a simulated mode in a virtual environment can be collected; and detecting whether the behavior operation meets the standard requirement according to a preset safety information reference template. In the event that a non-compliance with the specification requirement is detected, it is determined that the security detection of the target application fails.
Based on the embodiment, the security detection of the target application can be realized more finely and comprehensively.
In some embodiments, after simulating the execution of the key code statement and obtaining the corresponding simulation execution result, when the method is implemented, the following may be further included:
s1: detecting whether a simulation execution result meets the requirement of a safety specification or not according to a preset safety information reference template;
s2: and determining that the target application passes the safety detection under the condition that the simulation execution result is determined to meet the safety specification requirement.
Based on the embodiment, the security detection of the target application can be realized more accurately.
In some embodiments, after extracting the key code statement, when the method is implemented, the following may be further included:
s1: determining a corresponding key semantic instruction according to the key code statement;
s2: processing effective information of the target text attachment by using a preset semantic recognition model to acquire key semantic content;
s3: performing semantic matching on the key semantic instruction according to the key semantic content to obtain a corresponding semantic matching degree;
s4: and determining whether the target application passes the security detection or not according to the semantic matching degree.
Based on the embodiment, the security detection of the target application can be efficiently realized by performing semantic matching on the key code statement and the effective information.
It should be noted that, in this specification, various detection methods for performing security detection on a target application based on a target installation package file and a target text attachment at the same time are provided. In specific implementation, according to a specific application scenario and a detection accuracy requirement, any one of the above-listed multiple detection methods or a combination of any multiple of the multiple detection methods may be flexibly used to implement automatic detection of security of a target application.
In some embodiments, after performing security detection on the target application according to the valid information of the target installation package file and the target text attachment, when the method is implemented, the following may be further included: and under the condition that the target application security detection is determined to pass, externally publishing the target installation package file of the target application.
In some embodiments, after performing security detection on the target application according to the valid information of the target installation package file and the target text attachment, when the method is implemented, the following may be further included: under the condition that the target application security detection is determined not to pass, generating a security risk prompt tag; and setting a corresponding security risk prompt tag on the target application.
In addition, the server can refuse to externally release the target application carrying the security risk prompt tag so as to protect the data security of the user. Moreover, the server can trace the source of the target application carrying the security risk prompt label and track the risk of the provider of the target application; and performing relevant processing such as warning or canceling cooperative qualification on target application provision according to the risk tracking result.
As can be seen from the above, based on the method, the apparatus, and the server for detecting security of an application file provided in an embodiment of the present specification, after acquiring a target security detection request related to a target application, the server may first acquire a target installation package file and a target text attachment of the target application at the same time according to a target identifier carried in the target security detection request; then, carrying out text recognition on the target text attachment to obtain effective information of the target text attachment; and comprehensively utilizing the effective information of the target installation package file and the target text attachment to perform security detection on the target application. Therefore, the safety of the target application can be accurately and comprehensively automatically detected, the application with safety risk can be found in time, and the data safety of the user is protected; meanwhile, the detection process can be effectively simplified, the detection efficiency is improved, and the detection error is reduced.
Embodiments of the present specification further provide a server, including a processor and a memory for storing processor-executable instructions, where the processor, when implemented specifically, may perform the following steps according to the instructions: acquiring a target security detection request about a target application; the target security detection request at least carries a target identifier associated with a target application; responding to the target security detection request, and acquiring a target installation package file and a target text attachment of a target application according to a target identification; performing text recognition on the target text attachment to acquire effective information of the target text attachment; and carrying out security detection on the target application according to the effective information of the target installation package file and the target text attachment.
In order to complete the above instructions more accurately, referring to fig. 7, another specific server is provided in the embodiments of the present specification, where the server includes a network communication port 701, a processor 702, and a memory 703, and the above structures are connected by an internal cable, so that the structures may perform specific data interaction.
The network communication port 701 may be specifically configured to obtain a target security detection request for a target application; the target security detection request at least carries a target identifier associated with a target application.
The processor 702 may be specifically configured to respond to the target security detection request, and obtain a target installation package file and a target text attachment of a target application according to a target identifier; performing text recognition on the target text attachment to acquire effective information of the target text attachment; and carrying out security detection on the target application according to the effective information of the target installation package file and the target text attachment.
The memory 703 may be specifically configured to store a corresponding instruction program.
In this embodiment, the network communication port 701 may be a virtual port that is bound to different communication protocols, so that different data can be sent or received. For example, the network communication port may be a port responsible for web data communication, a port responsible for FTP data communication, or a port responsible for mail data communication. In addition, the network communication port can also be a communication interface or a communication chip of an entity. For example, it may be a wireless mobile network communication chip, such as GSM, CDMA, etc.; it can also be a Wifi chip; it may also be a bluetooth chip.
In this embodiment, the processor 702 may be implemented in any suitable manner. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. The description is not intended to be limiting.
In this embodiment, the memory 703 may include multiple layers, and in a digital system, the memory may be any memory as long as it can store binary data; in an integrated circuit, a circuit without a physical form and with a storage function is also called a memory, such as a RAM, a FIFO and the like; in the system, the storage device in physical form is also called a memory, such as a memory bank, a TF card and the like.
The embodiment of the present specification further provides a computer-readable storage medium based on the above method for detecting security of an application file, where the computer-readable storage medium stores computer program instructions, and when the computer program instructions are executed, the computer program instructions implement the following steps: acquiring a target security detection request about a target application; the target security detection request at least carries a target identifier associated with a target application; responding to the target security detection request, and acquiring a target installation package file and a target text attachment of a target application according to a target identification; performing text recognition on the target text attachment to acquire effective information of the target text attachment; and carrying out security detection on the target application according to the effective information of the target installation package file and the target text attachment.
In this embodiment, the storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk (HDD), or a Memory Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set in accordance with a standard prescribed by a communication protocol.
In this embodiment, functions and effects specifically realized by the program instructions stored in the computer-readable storage medium may be explained in comparison with other embodiments, and are not described herein again.
Embodiments of the present specification further provide a computer program product, which includes a computer program, and when executed by a processor, the computer program implements the following steps: acquiring a target security detection request about a target application; the target security detection request at least carries a target identifier associated with a target application; responding to the target security detection request, and acquiring a target installation package file and a target text attachment of a target application according to a target identifier; performing text recognition on the target text attachment to acquire effective information of the target text attachment; and carrying out security detection on the target application according to the effective information of the target installation package file and the target text attachment.
Referring to fig. 8, in a software level, an embodiment of the present specification further provides an apparatus for detecting security of an application file, where the apparatus may specifically include the following structural modules:
the first obtaining module 801 may be specifically configured to obtain a target security detection request for a target application; the target security detection request at least carries a target identifier associated with a target application;
the second obtaining module 802 may be specifically configured to respond to the target security detection request, and obtain a target installation package file and a target text attachment of a target application according to a target identifier;
the identification module 803 may be specifically configured to perform text identification on the target text attachment to obtain effective information of the target text attachment;
the detecting module 804 may be specifically configured to perform security detection on the target application according to the valid information of the target installation package file and the target text attachment.
In some embodiments, the target text attachment may specifically include at least one of: privacy protocol text, user protocol text, data security policy text, and the like.
In some embodiments, when the first obtaining module 801 is implemented, the target security detection request for the target application may be obtained as follows: monitoring whether the target application is updated or not; and generating a target security detection request about the target application under the condition that the target application is monitored to be upgraded and updated.
In some embodiments, when the recognition module 803 is implemented, the valid information of the target text attachment may be obtained by performing text recognition on the target text attachment according to the following manner: matching the target text attachment according to a preset text template to obtain a plurality of key texts from the target text attachment; processing the plurality of key texts by using a preset text recognition model to obtain corresponding target text recognition results; and acquiring effective information of the target text attachment according to the target text identification result.
In some embodiments, when the detecting module 804 is implemented specifically, security detection may be performed on the target application according to the valid information of the target installation package file and the target text attachment in the following manner: performing decompiling processing on the target installation package file to obtain a source code of the target installation package file; acquiring a protocol rule of the target installation package file according to a source code of the target installation package file; and carrying out security detection on the target application according to the protocol rule of the target installation package file and the effective information of the target text attachment.
In some embodiments, when the detecting module 804 is implemented, the security of the target application may be detected according to the protocol rule of the target installation package file and the valid information of the target text attachment in the following manner: processing effective information of the target text attachment by using a preset semantic recognition model to acquire key semantic content; according to the key semantic content, performing semantic matching on a protocol rule of the target installation package file to obtain a corresponding semantic matching degree; and determining whether the target application passes the security detection or not according to the semantic matching degree.
In some embodiments, the preset semantic recognition model may specifically include a neural network model based on natural language processing.
In some embodiments, when the detecting module 804 is implemented, it may determine whether the target application passes the security detection according to the semantic matching degree in the following manner: detecting whether the semantic matching degree is greater than or equal to a preset matching degree safety threshold value or not; and under the condition that the semantic matching degree is determined to be greater than or equal to a preset matching degree safety threshold, determining that the target application passes safety detection.
In some embodiments, when it is determined that the semantic matching degree is greater than or equal to the preset matching degree security threshold, the apparatus may be further configured to process the key semantic content and the preset security information reference template by using a preset similarity algorithm, so as to obtain a similarity parameter between the key semantic content and a corresponding security information item in the preset security information reference template; and determining whether the target application passes the safety detection or not according to the similarity parameter.
In some embodiments, after the target installation package file is decompiled and the source code of the target installation package file is obtained, the device may be further configured to extract a key code statement from the source code of the target installation package file when the device is implemented; simulating and executing the key code statement and obtaining a corresponding simulation execution result; and carrying out security detection on the target application according to the simulation execution result and the effective information of the target text attachment.
In some embodiments, after the security detection is performed on the target application according to the valid information of the target installation package file and the target text attachment, when the apparatus is implemented, the apparatus may be further configured to issue the target installation package file of the target application to the outside when it is determined that the security detection of the target application passes.
It should be noted that, the units, devices, modules, and the like described in the foregoing embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, which are described separately. It is to be understood that, in implementing the present specification, functions of each module may be implemented in one or more pieces of software and/or hardware, or a module that implements the same function may be implemented by a combination of a plurality of sub-modules or sub-units, or the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
As can be seen from the above, according to the security detection apparatus for an application file provided in the embodiments of the present specification, after a target security detection request related to a target application is obtained, a target installation package file and a target text attachment of the target application may be obtained at the same time according to a target identifier carried by the target security detection request; then, carrying out text recognition on the target text attachment to acquire effective information of the target text attachment; and comprehensively utilizing the effective information of the target installation package file and the target text attachment to perform security detection on the target application. Therefore, the automatic detection of the target application safety can be accurately and comprehensively realized, the application with safety risk can be found in time, and the data safety of the user can be protected; meanwhile, the detection process can be effectively simplified, the detection efficiency is improved, and the detection error is reduced.
Although the present specification provides method steps as described in the examples or flowcharts, additional or fewer steps may be included based on conventional or non-inventive approaches. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an apparatus or client product in practice executes, it may execute sequentially or in parallel (e.g., in a parallel processor or multithreaded processing environment, or even in a distributed data processing environment) according to the embodiments or methods shown in the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. The terms first, second, etc. are used to denote names, but not any particular order.
Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer-readable storage media including memory storage devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present specification can be implemented by software plus necessary general hardware platform. With this understanding, the technical solutions in the present specification may be essentially embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a mobile terminal, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments in the present specification.
The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The description is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
While the specification has been described with examples, those skilled in the art will appreciate that there are numerous variations and permutations of the specification that do not depart from the spirit of the specification, and it is intended that the appended claims include such variations and modifications that do not depart from the spirit of the specification.

Claims (15)

1. A method for detecting the security of an application file is characterized by comprising the following steps:
acquiring a target security detection request about a target application; the target security detection request at least carries a target identifier associated with a target application;
responding to the target security detection request, and acquiring a target installation package file and a target text attachment of a target application according to a target identifier;
performing text recognition on the target text attachment to acquire effective information of the target text attachment;
and carrying out security detection on the target application according to the effective information of the target installation package file and the target text attachment.
2. The method of claim 1, wherein the target text attachment comprises at least one of: privacy protocol text, user protocol text, data security policy text.
3. The method of claim 1, wherein obtaining a target security detection request for a target application comprises:
monitoring whether the target application is upgraded and updated;
and generating a target security detection request about the target application under the condition that the target application is monitored to be upgraded and updated.
4. The method of claim 1, wherein obtaining valid information of the target text attachment by text recognition of the target text attachment comprises:
matching the target text attachment according to a preset text template so as to intercept a plurality of key texts from the target text attachment;
processing the plurality of key texts by using a preset text recognition model to obtain corresponding target text recognition results;
and acquiring effective information of the target text attachment according to the target text identification result.
5. The method of claim 1, wherein performing security check on the target application according to the valid information of the target installation package file and the target text attachment comprises:
performing decompiling processing on the target installation package file to obtain a source code of the target installation package file;
acquiring a protocol rule of the target installation package file according to a source code of the target installation package file;
and carrying out security detection on the target application according to the protocol rule of the target installation package file and the effective information of the target text attachment.
6. The method of claim 5, wherein performing security check on the target application according to the protocol rule of the target installation package file and the valid information of the target text attachment comprises:
processing effective information of the target text attachment by using a preset semantic recognition model to acquire key semantic content;
according to the key semantic content, performing semantic matching on a protocol rule of the target installation package file to obtain a corresponding semantic matching degree;
and determining whether the target application passes the security detection or not according to the semantic matching degree.
7. The method of claim 6, wherein the predetermined semantic recognition model comprises a neural network model based on natural language processing.
8. The method of claim 6, wherein determining whether the target application passes the security check according to the semantic matching degree comprises:
detecting whether the semantic matching degree is greater than or equal to a preset matching degree safety threshold value or not;
and under the condition that the semantic matching degree is determined to be greater than or equal to a preset matching degree safety threshold, determining that the target application passes safety detection.
9. The method according to claim 8, wherein in case that the semantic matching degree is determined to be greater than or equal to a preset matching degree safety threshold, the method further comprises:
processing the key semantic content and a preset safety information reference template by using a preset similarity algorithm to obtain a similarity parameter between the key semantic content and a corresponding safety information item in the preset safety information reference template;
and determining whether the target application passes the safety detection or not according to the similarity parameter.
10. The method of claim 9, wherein after decompiling the target installation package file and obtaining the source code of the target installation package file, the method further comprises:
extracting key code statements from a source code of a target installation package file;
simulating and executing the key code statement, and obtaining a corresponding simulation execution result;
and carrying out security detection on the target application according to the simulation execution result and the effective information of the target text attachment.
11. The method of claim 1, wherein after performing security check on the target application according to the valid information of the target installation package file and the target text attachment, the method further comprises:
and under the condition that the target application security detection is passed, externally publishing the target installation package file of the target application.
12. An apparatus for detecting security of an application file, comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a target security detection request about a target application; the target security detection request at least carries a target identifier associated with a target application;
the second acquisition module is used for responding to the target security detection request and acquiring a target installation package file and a target text attachment of a target application according to a target identification;
the identification module is used for carrying out text identification on the target text attachment to acquire effective information of the target text attachment;
and the detection module is used for carrying out security detection on the target application according to the effective information of the target installation package file and the target text attachment.
13. A server comprising a processor and a memory for storing processor-executable instructions which, when executed by the processor, implement the steps of the method of any one of claims 1 to 11.
14. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method of any one of claims 1 to 11.
15. A computer program product comprising a computer program which, when executed by a processor, carries out the steps of the method according to any one of claims 1 to 11.
CN202211315876.6A 2022-10-26 2022-10-26 Application file security detection method and device and server Pending CN115618358A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211315876.6A CN115618358A (en) 2022-10-26 2022-10-26 Application file security detection method and device and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211315876.6A CN115618358A (en) 2022-10-26 2022-10-26 Application file security detection method and device and server

Publications (1)

Publication Number Publication Date
CN115618358A true CN115618358A (en) 2023-01-17

Family

ID=84865091

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211315876.6A Pending CN115618358A (en) 2022-10-26 2022-10-26 Application file security detection method and device and server

Country Status (1)

Country Link
CN (1) CN115618358A (en)

Similar Documents

Publication Publication Date Title
CN107341401B (en) A kind of malicious application monitoring method and equipment based on machine learning
CN1690957B (en) A method and system of enforcing a security policy via a security virtual machine
CN111401416B (en) Abnormal website identification method and device and abnormal countermeasure identification method
CN105229661B (en) Method, computing device and the storage medium for determining Malware are marked based on signal
CN103473506A (en) Method and device of recognizing malicious APK files
CN110866258B (en) Rapid vulnerability positioning method, electronic device and storage medium
CN112491602B (en) Behavior data monitoring method and device, computer equipment and medium
CN109241014B (en) Data processing method and device and server
CN112685771A (en) Log desensitization method, device, equipment and storage medium
CN115562992A (en) File detection method and device, electronic equipment and storage medium
CN112394908A (en) Method and device for automatically generating embedded point page, computer equipment and storage medium
CN112148305A (en) Application detection method and device, computer equipment and readable storage medium
CN110287700B (en) iOS application security analysis method and device
CN115329381A (en) Sensitive data-based analysis and early warning method and device, computer equipment and medium
CN113869789A (en) Risk monitoring method and device, computer equipment and storage medium
CN106598804A (en) Abnormality processing method and apparatus
CN111371581A (en) Method, device, equipment and medium for detecting business abnormity of Internet of things card
CN113568626A (en) Dynamic packaging method, application package starting method, device and electronic equipment
CN115879110B (en) System for identifying financial risk website based on fingerprint penetration technology
CN115618358A (en) Application file security detection method and device and server
CN115600199A (en) Security assessment method and device, electronic equipment and computer readable storage medium
CN115686495A (en) Application generation method and device and server
CN111489165B (en) Data processing method and device of target object and server
CN110674491B (en) Method and device for real-time evidence obtaining of android application and electronic equipment
CN114282940A (en) Method and apparatus for intention recognition, storage medium, and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination