CN116611067A - IPv 6-based app detection and reinforcement method - Google Patents
IPv 6-based app detection and reinforcement method Download PDFInfo
- Publication number
- CN116611067A CN116611067A CN202310886757.4A CN202310886757A CN116611067A CN 116611067 A CN116611067 A CN 116611067A CN 202310886757 A CN202310886757 A CN 202310886757A CN 116611067 A CN116611067 A CN 116611067A
- Authority
- CN
- China
- Prior art keywords
- matrix
- file
- ipv6
- executable file
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 47
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000002787 reinforcement Effects 0.000 title claims abstract description 28
- 239000011159 matrix material Substances 0.000 claims abstract description 121
- 241000700605 Viruses Species 0.000 claims abstract description 28
- 230000002155 anti-virotic effect Effects 0.000 claims abstract description 20
- 230000002441 reversible effect Effects 0.000 claims abstract description 16
- 238000012545 processing Methods 0.000 claims abstract description 12
- 230000005540 biological transmission Effects 0.000 claims abstract description 11
- 230000000903 blocking effect Effects 0.000 claims abstract description 4
- 230000008569 process Effects 0.000 claims description 14
- 239000013598 vector Substances 0.000 claims description 9
- 230000003014 reinforcing effect Effects 0.000 claims description 8
- 230000011218 segmentation Effects 0.000 claims description 4
- 230000001960 triggered effect Effects 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 14
- 230000006870 function Effects 0.000 description 6
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000011900 installation process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 238000009517 secondary packaging Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The application provides an IPv 6-based app detection and reinforcement method, which comprises the following steps: detecting an executable file in the IPv6 transmission app; analyzing an executable file in an app to obtain a data segment in the executable file, detecting an anti-virus file according to the load content of the data segment in the executable file according to a preset first detection rule, and alarming or blocking the data segment in the executable file if the load content accords with the virus file characteristics; performing IPv6 encryption processing on data segments in the executable file which do not accord with the characteristics of the virus file to form a reinforcement application program; transmitting the reinforcement application program into the information transmitting end; each key corresponds to a reversible matrix for each communication transmission, random selection of the key matrix in each communication is realized by utilizing the characteristic of infinite space of the key matrix, the reinforcement volume is small, the instantaneity is strong, and the safety of communication data information is ensured.
Description
Technical Field
The application relates to the technical field of mobile application security, in particular to an IPv 6-based app detection and reinforcement method.
Background
Along with popularization of Android mobile terminal equipment, apps (application programs) applied to Android are also developed in large quantity, and daily life efficiency of people is effectively improved by various apps; however, various risks are brought, the app can acquire various rights from the Android mobile terminal device in the installation process, and once a malicious app acquires corresponding rights, the Android mobile terminal system protection can be disabled, so that various risks are caused; these problems seriously affect the security of the mobile terminal system, and easily cause various problems such as leakage of important information of users; in order to avoid the occurrence of decompilation, malicious secondary packaging and malicious code insertion of a normal app, the app is usually reinforced after development is completed;
the prior art CN107292134A discloses an application reinforcement method and system for preventing an Android application from being decompiled, the method comprises the following steps that S1, a source APK file of the Android application is encrypted into shell-opening data by adopting an encryption algorithm, the obtained shell-opening data is combined with a DEX file of a preset shell-opening program to obtain a DEX file of a new shell-opening program, and a field for representing the length of the shell-opening data is added at the tail of the DEX file of the new shell-opening program;
s2, after modifying the resource configuration file of the source APK file according to the DEX file of the new shell-opening program, replacing the resource configuration file of the new shell-opening program with the resource configuration file of the source APK file, and replacing the resource file corresponding to the new shell-opening program with the resource file of the source APK file;
s3, reading the tail field of the DEX file of the new shell-releasing file to obtain the shell-releasing data length, reading the shell-releasing data according to the shell-releasing data length, decrypting by a decryption algorithm corresponding to the encryption algorithm in S1 to obtain the shell-releasing data, storing the shell-releasing data in a memory, and dynamically loading the shell-releasing data in the memory to run the Android application;
there are the following problems:
the reinforcement volume is larger, the waiting time is long, a field representing the length of the shell-removing data is added at the tail of the DEX file of the new shell-removing program, and the field volume is increased;
the security is poor, the security evaluation is lacking, and the resource configuration file of the source APK file is directly modified according to the DEX file of the new shell-opening program.
Disclosure of Invention
In order to solve the above problems, the present application proposes an app detection and reinforcement method based on IPv6 to more exactly solve the above problems.
The application is realized by the following technical scheme:
the application provides an IPv 6-based app detection and reinforcement method, which comprises the following steps:
s1: detecting an executable file in the IPv6 transmission app;
s2: analyzing an executable file in an app to obtain a data segment in the executable file, detecting an anti-virus file according to a preset first detection rule, and alarming and/or blocking the data segment in the executable file if the load content accords with the virus file characteristics;
s3: performing IPv6 encryption processing on data segments in the executable file which do not accord with the characteristics of the virus file to form a reinforcement application program; transmitting the reinforcement application program into the information transmitting end;
the step of detecting the antivirus file for the payload content of the data segment in the executable file according to the preset first detection rule includes: the encryption matrix comprises an IPv6 encryption matrixAnd IPv6 decryption matrix->First of all according to IPv6 encryption matrix +.>Order of->Wherein->Will be executable in the fileIs converted into->Dimension vector->Then ∈>And->Multiplying to obtain ciphertext->I.e. +.>Then->Transmitting, information receiving end->After that, the IPv6 decryption matrix is used +.>Wherein->And->Is a reversible matrix and->Multiplication results in a data section +.>Namely>。
Further, in the method for detecting and reinforcing the app based on IPv6, the step of obtaining the data segment in the executable file includes:
disassembling the executable file; intercepting and/or filling the corresponding bytes file generated by disassembly processing according to a data segmentation threshold value, and converting each 16-system byte data in the bytes file into a form of 10-system integers to generate a binary file matrix; meanwhile, deleting nonsensical bytes in the bytes file, calculating word vectors of bytes in the rest samples, and generating a byte word vector matrix; and dividing the corresponding asm file generated by disassembly processing according to the function and the jump instruction, and removing fixed parameters in the asm file to obtain a data segment in the executable file.
Further, the method for detecting and reinforcing app based on IPv6, where the preset first detection rule includes: and taking the characteristic identifier of the load content as a detection means, wherein the characteristic identifier comprises a hash value and a characteristic code.
Further, the step of detecting the antivirus file for the load content of the data segment in the executable file according to the preset first detection rule includes: caching load content to detect an anti-virus file; detecting whether the occupied amount of the cache resources exceeds a cache threshold value; and if the buffer threshold is exceeded, releasing a part of data segments which are currently buffered and subjected to anti-virus file detection, and if the buffer resource occupation amount still exceeds the buffer threshold after releasing the storage resource occupied by a part of first files which are currently buffered, detecting the anti-virus file of the newly received data segments according to the first detection rule and releasing the load content.
Further, the method for detecting and reinforcing the app based on the IPv6 comprises the following steps: random key selector based on initial parameters,/>Middle->Wherein>Representing an encryption matrix->Representing a decryption matrix, randomly selecting a +.>If the order key matrix is selected successfully, ending the process to obtain +.>The first-order encryption matrix is triggered to generate a +.>Order key matrixAnd send it into the key matrix library; then select the generated key matrix +.>And parameters->Then the new parameter is generated by feeding the signal to a matrix multiplier>Wherein->,/>Finally, the parameter constructor is initialized according to +.>Constructing two new initialization parameters, performing the next operation, and repeating the steps until the initialization parameters are selected/>Order IPv6 encryption matrix->。
Further, in the IPv 6-based app detection and reinforcement method, the key matrix library stores key matrixes in pairs according to the order of the key matrixes.
Further, the method for detecting and reinforcing the app based on the IPv6 comprises the step that the random key selector is used for selecting the random key according to the initialization parametersMiddle->Is +.>A pair of key matrixes in the key matrix library is randomly selected and sent to a matrix multiplier.
Further, in the IPv 6-based app detection and reinforcement method, the algorithm for generating the reversible matrix by the first-class reversible matrix generator randomly generates one according to the initialization parameters of the userAn order key matrix.
The application has the beneficial effects that:
according to the method, the safety evaluation is carried out on the data segments in the executable file in the IPv6 transmission app, anti-virus file detection is carried out according to the load content of the data segments in the executable file according to a preset first detection rule, if the load content accords with the virus file characteristics, the data segments in the executable file are warned or blocked, and IPv6 encryption processing is carried out on the data segments in the executable file which do not accord with the virus file characteristics, so that a reinforcement application program is formed; the algorithm belongs to an asymmetric encryption algorithm, and the encryption matrix comprises an IPv6 encryption matrixAnd IPv6 decryption matrix->But the two keys for encryption and decryption are not externally published; the algorithm adopts a CIS mode to distribute and manage the keys, and each key corresponds to one reversible matrix, so that the key matrix has innumerable key matrixes; in each communication transmission, a pair of key matrix encryption and decryption information is randomly selected from the key matrix encryption and decryption information, and the matrixes corresponding to the pair of key matrixes are mutually reversible matrixes; since each reversible matrix has only one reversible matrix and is the inverse matrix of each reversible matrix, the probability of obtaining the decryption key matrix is 0 under the condition that the encryption key matrix is unknown; the encryption algorithm utilizes the characteristic of infinite space of the key matrix, randomly selects the key matrix in each communication, has small reinforcement volume and strong instantaneity, and ensures the safety of communication data information;
the application provides a method for obtaining a data segment in an executable file in an app to disassemble the executable file; intercepting or filling the corresponding bytes file generated by disassembly according to a data segmentation threshold value, and converting each 16-system byte data in the bytes file into a form of 10-system integers to generate a binary file matrix; meanwhile, deleting nonsensical bytes in the bytes file, calculating word vectors of various bytes in the residual samples, and generating a byte word vector matrix; dividing the corresponding asm file generated by disassembly processing according to a function and a jump instruction, removing fixed parameters in the asm file to obtain a data segment in an executable file, and converting the executable file into the corresponding bytes file and asm file, so as to successfully construct a balanced data segment containing the characteristics of a normal data segment and a virus file; the data segment after expansion can be used for more types of virus file feature detection and classification experiments, and the development of virus file feature detection technology is helped.
Drawings
Fig. 1 is a schematic flow chart of an app detection and reinforcement method based on IPv6 according to the present application;
fig. 2 is a schematic diagram of a generating process of an encryption matrix in an encryption algorithm according to the present application.
Detailed Description
In order to more clearly and completely describe the technical scheme of the application, the application is further described below with reference to the accompanying drawings.
Referring to fig. 1, the present application proposes an app detection and reinforcement method based on IPv 6;
s1: detecting an executable file in the IPv6 transmission app;
in the embodiment, the executable files in the app in the header in the IPv6 transmission process are detected, the IPv6 not only presents the increased number of IP addresses, but also has a safety mechanism based on the IPv6, the optional information of the IPv4 is replaced by the extension header, the header of the IPv6 is simplified, and the expansibility of the IPv6 is enhanced; the length of the route in the routing table is reduced, the speed of forwarding the data packet by the router is improved, so that the detection accuracy is higher according to the executable file in the app in the head part in the IPv6 transmission process, the link section of the dynamic link symbol is stored in the executable file, the starting position and the ending position of the system symbol data section table are determined from the link section, the encryption algorithm is adopted to encrypt all or part of the content of the system symbol data section table based on the starting position and the ending position of the system symbol data section table, and the extension names of the portable executable file include but are not limited to. Exe,. Dll,. Sys,. Doc and elf.
S2: analyzing an executable file in an app to obtain a data segment in the executable file, detecting an anti-virus file according to the load content of the data segment in the executable file according to a preset first detection rule, and alarming and/or blocking the data segment in the executable file if the load content accords with the virus file characteristics;
in this embodiment, the process of analyzing the executable file in the app to obtain the executable file data segment includes: disassembling the executable file; decompiling, namely decompiling and restoring the execution files into assembly language or other high-level languages, programming a program by using the high-level languages such as C, pascal and the like, and then generating files (machine language) which can be directly executed by a computer system through a compiler; however, the decompiled program is different from the original program in many ways, and although the execution effect is the same, the program code will change greatly, the corresponding bytes file generated by the disassembly processing is intercepted and/or filled according to the data segmentation threshold value, and then each 16-system byte data in the bytes file is converted into the form of 10-system integers to generate a binary file matrix; meanwhile, deleting nonsensical bytes in the bytes file, calculating word vectors of various bytes in the residual samples, and generating a byte word vector matrix; dividing the corresponding asm file generated by disassembly processing according to a function and a jump instruction, and removing fixed parameters in the asm file to obtain a data segment in an executable file; the method comprises the steps that the number of bytes of a specified executable file data segment is calculated, each asm file is divided into a plurality of 'sentences' according to a function in a word division mode in a natural language processing technology, each function is divided into a plurality of 'phrases' according to a jump instruction, finally, the data segment is standardized, elements of a matrix are converted into integers between [0 and 255], a first detection rule is preset as a detection means according to characteristic identifiers of load content, the characteristic identifiers comprise hash values and characteristic codes, the first detection rule comprises characteristic identifiers of virus file fragments, the characteristic identifiers are used as detection means, and hash values of different files are different even if the files have the same file names, so that the hash values are equivalent to 'identity cards' of data to be detected, and the characteristic codes are important codes for distinguishing whether the data to be detected are virus data or normal data; the hash value of the file header of the virus PE file can be obtained in advance as the virus characteristic according to the inherent header format of the PE file, the load content of the data packet is compared with the virus characteristic, and if the load content of the data packet is consistent with the virus characteristic, the load content of the data packet accords with the virus file characteristic. The hash value of the file header of the normal PE file can be obtained in advance as a non-virus characteristic, the load content of the data packet is compared with the non-virus characteristic, if the load content is consistent, the load content of the data packet accords with the characteristic of the normal file, when anti-virus detection is carried out in sequence packet by packet according to the characteristic identification, the detection performance is higher, the detection result indicates that the load content of the data packet accords with the characteristic of the virus file, the data packet to be detected is warned or blocked, the subsequent data packet of the data stream is blocked, the virus file is intervened before entering a protected network, the protected network is prevented from being affected by virus data, anti-virus file detection is carried out according to the load content of a data segment in an executable file, and anti-virus file detection is carried out on the cache load content; detecting whether the occupied amount of the cache resources exceeds a cache threshold value; if the buffer threshold is exceeded, the buffer threshold is set to 0.5, partial data segments which are currently buffered and subjected to anti-virus file detection are released, if the buffer resource occupation amount still exceeds the buffer threshold after the storage resource occupied by partial first files which are currently buffered are released, anti-virus file detection is performed on newly received data segments according to the first detection rule, the load content is released, if the load content accords with the characteristics of the virus file, the data segments in the executable file are warned or blocked, and the damage to viruses in the IPv6 transmission process is reduced.
S3: performing IPv6 encryption processing on data segments in the executable file which do not accord with the characteristics of the virus file to form a reinforcement application program; transmitting the reinforcement application program into the information transmitting end;
in this embodiment, an IPv6 encryption process is performed on a data segment in an executable file that does not conform to the characteristics of a virus file, so as to form a hardened application, and the encryption process is performed according to the data segment in the executable file, where the encryption matrix includes an IPv6 encryption matrixAnd IPv6 decryption matrix->First of all according to IPv6 encryption matrix +.>Order of->Wherein->Converting a data segment in an executable file to +.>Dimension vector->Then ∈>And->Multiplying to obtain ciphertext->I.e. +.>Then->Transmitting, information receiving end->After that, the IPv6 decryption matrix is used +.>Wherein->And =>Are mutually reversible matrixMultiplication results in a data section +.>I.e. +.>Encryption matrix generationThe method comprises the following steps: random key selector based on initialization parameter +.>,/>Middle->Wherein>Representing the encryption matrix and,representing a decryption matrix, randomly selecting a +.>The order key matrix, if the selection is successful, the encryption matrixEncryption matrix =>Ending the flow to obtain ∈ ->An encryption matrix of order, if the selection fails, the encryption matrix +.>Not equal to encryption matrix->That is, triggering the first-order invertible matrix generator to generate a +.>Order key matrix->And send it into the key matrix library; then the random key selector selects the generated key matrix +.>And parameters->Then the new parameter is generated by feeding the signal to a matrix multiplier>Wherein->,/>Finally, the parameter constructor is initialized according to +.>Two new initialization parameters are constructed, which are to be operated next, if +.>Then->Repeating the above steps until ++>Order IPv6 encryption matrix->;
Data encryption:
representing information representing time information->Representing the content of the representative information @, @>Representing the number of communications counter>Representing the communication destination, ++>Representing a key matrix queue address;
when the communication terminal has information data to be transmitted, data encryption is required; first, a communication information table (information、And->) And a data format table (+)>) Feeding a key matrix selector, the key matrix being first according to +.>Is to determine the key matrix queue address +.>Then according to->Randomly selecting a time encryption key matrix in a key matrix queue +.>Based on time information->Key matrix for randomly generating encrypted information content>Then, the (time +.>And key matrix)>And (info->And Key matrix->) Sending to encryptor, respectively for time information->And transmit information->Encryption, generating ciphertext->And->Then the encryption process is completed;
the algorithm belongs to an asymmetric encryption algorithm, and the encryption matrix comprises an IPv6 encryption matrixAnd IPv6 decryption matrix->But the two keys for encryption and decryption are not externally published; the algorithm adopts a CIS mode to distribute and manage the secret key, and the CIS system consists of three aspects of MI idea identification, BI behavior identification and VI visual identification; each key corresponds to a reversible matrix, so that the key matrix of the key is innumerable; in each communication transmission, a pair of key matrix encryption and decryption information is randomly selected from the key matrix encryption and decryption information, and the matrixes corresponding to the pair of key matrixes are mutually reversible matrixes; since each reversible matrix has only one reversible matrix and is the inverse matrix of each reversible matrix, the probability of obtaining the decryption key matrix is 0 under the condition that the encryption key matrix is unknown; the encryption algorithm uses the characteristic of infinite space of the key matrix, randomly selects the key matrix in each communication, has small reinforcement volume,the real-time performance is strong, and the safety of communication data information is ensured; the empty program file also comprises a decryption process, and the decryption process comprises the following steps: when the class needs to be loaded, a class constructor is called, and a bottom function is called through the class constructor so as to decrypt codes; first, the information corresponding to the key matrix is selected by the key matrix selector by using the information of the communication information table>Is>Then use +.>Time information of decrypting information->According to time information->Generating a key matrix>Is->Then use +.>Decryption out of information->;
In an embodiment, a key matrixAnother key->The information transmitting terminal wants to transmit the information ABC, firstly, the ABC is converted into a three-dimensional number vector according to an ASCII code table>Corresponding ciphertext,/>Ciphertext->Transmitting, when the information terminal receives the ciphertext +_>At the time, encryption matrix is encrypted according to decryption>According to the formula>,/>Then the ASCII code table can be utilized to analyze and send information ABC;
referring to fig. 2, the present application proposes a generation process of an encryption matrix in an encryption algorithm, which includes:
inputting initialization parameters,/>The random key selector is based on the initialization parametersMiddle->Wherein>Representing an encryption matrix->Representing a decryption matrix, randomly selecting a +.>An order key matrix, if the selection is successful, an encryption matrix +.>Encryption matrix =>Ending the flow to obtain ∈ ->An encryption matrix of order, if the selection fails, the encryption matrix +.>Not equal to encryption matrix->That is, triggering the first-order invertible matrix generator to generate a +.>Order key matrix->Storing the key matrix in a key matrix library; then the random key selector selects the generated key matrix +.>And parameters->Sending the signal to a matrix multiplier to obtain new parameters +.>Wherein, the method comprises the steps of, wherein,,/>finally, the parameter constructor is initialized according to +.>Two new initialization parameters are constructed, which are then calculated, and the cycle is repeated until +.>Order IPv6 encryption matrix。
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, apparatus, article or method that comprises the element.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the scope of the application, and all equivalent structures or equivalent processes using the descriptions and drawings of the present application or direct or indirect application in other related technical fields are included in the scope of the present application.
Although embodiments of the present application have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles of the present application, the scope of which is defined in the appended claims and their equivalents;
of course, the present application can be implemented in various other embodiments, and based on this embodiment, those skilled in the art can obtain other embodiments without any inventive effort, which fall within the scope of the present application.
Claims (8)
1. An IPv 6-based app detection and reinforcement method, comprising:
s1: detecting an executable file in the IPv6 transmission app;
s2: analyzing an executable file in an app to obtain a data segment in the executable file, detecting an anti-virus file according to a preset first detection rule, and alarming and/or blocking the data segment in the executable file if the load content accords with the virus file characteristics;
s3: performing IPv6 encryption processing on data segments in the executable file which do not accord with the characteristics of the virus file to form a reinforcement application program; transmitting the reinforcement application program into the information transmitting end;
the step of detecting the antivirus file for the payload content of the data segment in the executable file according to the preset first detection rule includes: the encryption matrix comprises an IPv6 encryption matrixAnd IPv6 decryption matrix->First of all according to IPv6 encryption matrix +.>Order of->Wherein->Converting a data segment in an executable file to +.>Dimension vector->Then ∈>And->Multiplying to obtain ciphertext->I.e. +.>Then->Transmitting, information receiving end->Then, the IPv6 decryption matrix is utilizedWherein->And->Is a reversible matrix and->Multiplication results in a data section +.>The method comprises the following steps:。
2. the method for detecting and reinforcing an IPv 6-based app according to claim 1, wherein the step of obtaining the data segment in the executable file includes:
disassembling the executable file; intercepting and/or filling the corresponding bytes file generated by disassembly processing according to a data segmentation threshold value, and converting each 16-system byte data in the bytes file into a form of 10-system integers to generate a binary file matrix; meanwhile, deleting nonsensical bytes in the bytes file, calculating word vectors of bytes in the rest samples, and generating a byte word vector matrix; and dividing the corresponding asm file generated by disassembly processing according to the function and the jump instruction, and removing fixed parameters in the asm file to obtain a data segment in the executable file.
3. The method for detecting and reinforcing an app based on IPv6 according to claim 1, wherein the preset first detection rule includes: and taking the characteristic identifier of the load content as a detection means, wherein the characteristic identifier comprises a hash value and a characteristic code.
4. The method for detecting and reinforcing an app based on IPv6 according to claim 1, wherein the step of detecting an anti-virus file for the payload content of a data segment in an executable file according to a preset first detection rule includes: caching load content to detect an anti-virus file; detecting whether the occupied amount of the cache resources exceeds a cache threshold value; and if the buffer threshold is exceeded, releasing a part of data segments which are currently buffered and subjected to anti-virus file detection, and if the buffer resource occupation amount still exceeds the buffer threshold after releasing the storage resource occupied by a part of first files which are currently buffered, detecting the anti-virus file of the newly received data segments according to the first detection rule and releasing the load content.
5. The method for detecting and reinforcing an app based on IPv6 according to claim 1, wherein the encryption matrix generation flow includes: random key selector based on initial parameters,/>Middle->Wherein>Representing an encryption matrix->Representing a decryption matrix, randomly selecting a +.>If the order key matrix is selected successfully, ending the process to obtain +.>The first-order encryption matrix is triggered to generate a +.>Order key matrix->And send it into the key matrix library; then select the generated key matrix +.>And parameters->Then the new parameter is generated by feeding the signal to a matrix multiplier>Wherein->,/>Finally, the parameter constructor is initialized according to +.>Constructing two new initialization parameters, performing the next operation, and repeating the steps until +.>Order IPv6 encryption matrix->。
6. An IPv6 based app detection and reinforcement method according to claim 5, wherein the key matrix library stores key matrices in pairs according to their orders.
7. An IPv6 based app detection and reinforcement method as defined in claim 5, wherein the random key selector is based on initialization parametersMiddle->Is +.>A pair of key matrixes in the key matrix library is randomly selected and sent to a matrix multiplier.
8. The IPv6 based app detection and reinforcement method of claim 5 wherein said first-order invertible matrix generator generates an invertible matrix algorithm and randomly generates a matrix according to user initialization parametersAn order key matrix.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310886757.4A CN116611067A (en) | 2023-07-19 | 2023-07-19 | IPv 6-based app detection and reinforcement method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310886757.4A CN116611067A (en) | 2023-07-19 | 2023-07-19 | IPv 6-based app detection and reinforcement method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116611067A true CN116611067A (en) | 2023-08-18 |
Family
ID=87678678
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310886757.4A Pending CN116611067A (en) | 2023-07-19 | 2023-07-19 | IPv 6-based app detection and reinforcement method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116611067A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007140095A (en) * | 2005-11-18 | 2007-06-07 | Murata Mach Ltd | Encryption communication device and program for the same |
CN104424438A (en) * | 2013-09-06 | 2015-03-18 | 华为技术有限公司 | Anti-virus file detection method, anti-virus file detection device and network equipment |
CN105205358A (en) * | 2015-09-21 | 2015-12-30 | 中科信息安全共性技术国家工程研究中心有限公司 | Method for identifying Android APP reinforcement and detection method |
CN112329016A (en) * | 2020-12-31 | 2021-02-05 | 四川大学 | Visual malicious software detection device and method based on deep neural network |
-
2023
- 2023-07-19 CN CN202310886757.4A patent/CN116611067A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007140095A (en) * | 2005-11-18 | 2007-06-07 | Murata Mach Ltd | Encryption communication device and program for the same |
CN104424438A (en) * | 2013-09-06 | 2015-03-18 | 华为技术有限公司 | Anti-virus file detection method, anti-virus file detection device and network equipment |
CN105205358A (en) * | 2015-09-21 | 2015-12-30 | 中科信息安全共性技术国家工程研究中心有限公司 | Method for identifying Android APP reinforcement and detection method |
CN112329016A (en) * | 2020-12-31 | 2021-02-05 | 四川大学 | Visual malicious software detection device and method based on deep neural network |
Non-Patent Citations (1)
Title |
---|
王龙 等: "可逆矩阵加密算法初步研究与应用设计", 《数字技术与应用》, no. 9, pages 111 - 112 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9560059B1 (en) | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection | |
US10645097B2 (en) | Hardware-based detection devices for detecting unsafe network traffic content and methods of using the same | |
RU2680736C1 (en) | Malware files in network traffic detection server and method | |
JP5996810B2 (en) | Self-rewriting platform application code obfuscation device and method | |
US8850583B1 (en) | Intrusion detection using secure signatures | |
US7783046B1 (en) | Probabilistic cryptographic key identification with deterministic result | |
CN108134673A (en) | A kind of method and device for generating whitepack library file | |
CN108111622A (en) | A kind of method, apparatus and system for downloading whitepack library file | |
CN113132484B (en) | Data transmission method and device | |
CN114338510A (en) | Data forwarding method and system with separated control and forwarding | |
KR20140139392A (en) | Method for generating application execution file for mobile device, application execution method of mobile device, device for generating application execution file and mobile device | |
CN111475168B (en) | Code compiling method and device | |
JP2015106914A (en) | Malware communication analyzer and malware communication analysis method | |
CN110602051B (en) | Information processing method based on consensus protocol and related device | |
CN116611067A (en) | IPv 6-based app detection and reinforcement method | |
CN113922972B (en) | Data forwarding method and device based on MD5 identification code | |
CN107968793B (en) | Method, device and storage medium for downloading white box key | |
CN115333753A (en) | Internet protocol address generation method and device, storage medium and electronic equipment | |
CN114168909A (en) | Program protection method, device, equipment and storage medium based on code signature | |
CN111767540A (en) | Automatic analysis method and device for Jart malicious software and computer readable storage medium | |
Yang et al. | A multi-level feature extraction technique to detect moble botnet | |
KR101614189B1 (en) | Method and device for prevention of illegal application deployment | |
JP6207392B2 (en) | Abnormality detection device, abnormality detection method, and abnormality detection program | |
CN115242389B (en) | Data confusion transmission method and system based on multi-level node network | |
CN112597449B (en) | Software encryption method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |