KR101579175B1 - Apparatus and method for detection of repackaging - Google Patents

Apparatus and method for detection of repackaging Download PDF

Info

Publication number
KR101579175B1
KR101579175B1 KR1020140020334A KR20140020334A KR101579175B1 KR 101579175 B1 KR101579175 B1 KR 101579175B1 KR 1020140020334 A KR1020140020334 A KR 1020140020334A KR 20140020334 A KR20140020334 A KR 20140020334A KR 101579175 B1 KR101579175 B1 KR 101579175B1
Authority
KR
South Korea
Prior art keywords
repackaging
file
condition
source candidate
candidate group
Prior art date
Application number
KR1020140020334A
Other languages
Korean (ko)
Other versions
KR20150098935A (en
Inventor
이광우
정혜진
박시준
주설우
Original Assignee
주식회사 안랩
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 안랩 filed Critical 주식회사 안랩
Priority to KR1020140020334A priority Critical patent/KR101579175B1/en
Priority to PCT/KR2015/001130 priority patent/WO2015126079A1/en
Publication of KR20150098935A publication Critical patent/KR20150098935A/en
Application granted granted Critical
Publication of KR101579175B1 publication Critical patent/KR101579175B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Treatment And Welfare Office Work (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present invention relates to a repackaging detection method and apparatus. The disclosed repackaging detection method includes the steps of extracting file property information of an application program to be inspected which can be run in a mobile operating system, obtaining file registration information about management application programs previously stored in an application program database, And selecting a repackaging source candidate group that satisfies a predetermined repackaging source candidate condition among the managed application programs according to a result of comparison between the property information and the file registration information of the application programs to be managed. The present invention first selects a repackaging original candidate group when detecting whether or not a package is repackaged for an application program that can be run in a mobile operating system. Therefore, when the similarity degree between application programs is detected as 1: 1, it is possible to check only the repacking source candidates, so that the similarity detection and repackaging source detection times are greatly reduced.

Description

[0001] APPARATUS AND METHOD FOR DETECTION OF REPACKAGING [0002]

The present invention relates to a repackaging detection method and apparatus. More particularly, the present invention relates to a repackaging detection method and apparatus for detecting whether or not to repackage an application program that can be run on a mobile operating system.

Recently, due to the development of mobile communication technology as well as wired and wireless Internet, mobile phones having various functions such as a wireless Internet function as well as a simple telephone conversation function are spreading. In particular, a smartphone that has been spreading recently can install various applications running on a mobile operating system. For this reason, users are using the smartphone for various purposes.

These smart phones are equipped with mobile operating systems such as Android, i-OS (Operating System) and Windows mobile, and application programs that can be executed on various mobile operating systems are being actively developed.

Among the mobile operating systems mentioned above, the Android platform is an open source platform released by Google's Open Handset Alliance (OHA). It is a Linux kernel, a virtual machine (VM), a framework, Means a software package that contains all of the applications.

As users' expectation for the current Android platform is rising and mobile terminals such as smart phones equipped with Android platform are increasingly responding to the high demand from handset makers and mobile communication service providers, the Android application market has been activated, There is a growing demand for applications.

However, as the number of smartphone users equipped with the Android platform increases as described above, the harmful activities of targeting the Android application are increasing rapidly.

These Android applications are easy to repackage. Reversing tools and repackaging tools are readily available to anyone, and after downloading an application from a specific Android Market, repackaging can be easily done by inserting malicious code or inserting their own ads , You can register the repackaged app as a new application in another market or store.

Accordingly, a method for detecting repackaging of Android application programs has been studied, and according to the related art, similarity between applications is detected to detect repackaging.

The Android package (APK) file, which is an executable file for installing and running applications running on the Android platform, contains multiple folders and files at the root. Among them, META-INF folder, AndroidManifest.xml file, The classes.dex file and resources.arsc file are required components. If none of these prerequisites are present, the application will not install or run normally. The META-INF folder contains mandatory RSA files, SF files, and MANIFEST.MF files under it.

According to the related art, when detecting repackaging based on the APK file, the binary code of the dex file is analyzed and the similarity between the two APK files is detected as 1: 1.

However, if you want to check whether a newly received APK that has been received in a large capacity system that manages a very large number of APK files such as the Android Market is a repackaging APK having an original among the APKs that are already registered and managed, It is necessary to detect the similarity by comparing 1: 1 of the files. Therefore, even if the detection method is highly reliable, it can not be practically applied.

Korean Registered Patent No. 1214893, registered on December 17, 2012.

An embodiment of the present invention provides a repackaging detection method and apparatus for selecting a repackaging source candidate group when detecting whether or not a repackaging is performed on an application program that can be run in a mobile operating system.

The problems to be solved by the present invention are not limited to those mentioned above, and another problem to be solved can be clearly understood by those skilled in the art from the following description.

According to an aspect of the present invention, there is provided a repackaging detection method comprising: extracting file property information of an application program to be inspected which can be run in a mobile operating system; extracting file property information Selecting a repackaging source candidate group that satisfies a predetermined repackaging source candidate condition among the management application programs according to a result of the comparison between the file characteristic information and the file registration information of the management application programs .

The repackaging detection method may include determining whether to repackage the inspection target application program according to a result of comparison between the file property information and the file registration information of the repackaging source candidate group.

In the repackaging detection method, the step of selecting the repackaging source candidate group may include: selecting a primary repackaging source candidate group satisfying the repackaging source candidate condition among the management application programs; And selecting the final repacking source candidate group satisfying the critical similarity condition according to the result of the comparison of the information with the file registration information of the primary repackaging original candidate group.

In the above repackaging detection method, the repackaging source candidate condition may include at least one of the following conditions: when the file names are the same; when the package names are the same; when the label names are the same or when the main activity names are the same; May include one or more instances.

In the repackaging detection method, the repackaging source candidate condition may be a case where a difference in at least one of a component, a permission, and a native library satisfies a predetermined threshold difference condition.

In the repackaging detection method, the final repackaging original candidate group may be selected when the similarity degree test result for the component name satisfies the threshold similarity condition.

In the repackaging detection method, the final repackaging source candidate group may include at least one or more names of an activity, a service, a receiver, a provider, or a main activity to sort the strings to extract a string similarity, It can be selected when the condition is satisfied.

The repackaging detection apparatus according to another aspect of the present invention includes an inspection object information extracting unit for extracting file property information of an inspection target application program that can be run on a mobile operating system, And a file management unit that manages a predetermined repackaging source candidate condition among the management application programs according to the comparison result of the file property information and the file registration information of the management application programs, And an original candidate selection unit for selecting a repackaging original candidate group that satisfies.

The repackaging detection apparatus may determine whether to repackage the inspection target application program according to a result of comparison between the file characteristic information and the file registration information of the repackaging source candidate group.

In the above repackaging detection apparatus, the original candidate selecting unit may include: a primary selecting unit for selecting a primary repacking original candidate group satisfying the repacking original candidate condition among the management application programs; The final repacking original candidate group satisfying the critical similarity condition can be selected according to the result of the comparison of the file registration information of the primary repackaging original candidate group.

In the above repackaging detection apparatus, the repackaging source candidate condition includes at least one of a signature, a file name, a package name, a label name, or a main activity name May include one or more instances.

In the repackaging detection apparatus, the repackaging source candidate condition may be a case where the difference in the number of at least one of the component, the permission, and the native library satisfies a predetermined threshold difference condition.

In the repackaging detection apparatus, the final repacking original candidate group may be selected when the similarity degree check result for the component name satisfies the threshold similarity condition.

In the repackaging detection apparatus, the final repackaging original candidate group may include at least one of an activity, a service, a receiver, a provider, or a main activity to sort a name by at least one name to extract a string similarity, It can be selected when the condition is satisfied.

According to an embodiment of the present invention, when detecting whether or not repackaging is performed on an application program that can be run on a mobile operating system, the file information of the application program to be inspected and the file information of the application programs to be managed are collectively compared Select repackage source candidates first.

Therefore, when the similarity degree between application programs is detected as 1: 1 and it is confirmed whether there is a substantial repackaging source, only the repackaging source candidates can be performed. Therefore, the similarity detection and repackaging source detection time can be significantly reduced .

1 is a block diagram of a repackaging detection apparatus according to an embodiment of the present invention.
2 is a flowchart illustrating a repackaging detection method according to an embodiment of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention, and the manner of achieving them, will be apparent from and elucidated with reference to the embodiments described hereinafter in conjunction with the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. To fully disclose the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout the specification.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The following terms are defined in consideration of the functions in the embodiments of the present invention, which may vary depending on the intention of the user, the intention or the custom of the operator. Therefore, the definition should be based on the contents throughout this specification.

1 is a block diagram of a repackaging detection apparatus according to an embodiment of the present invention.

The repackaging detection apparatus 100 according to the embodiment includes an inspection object information extraction unit 110, a management object information acquisition unit 120, an original candidate selection unit 130, a repackaging determination unit 140, And the original candidate selection unit 130 includes a primary selection unit 131, a final selection unit 133, and the like.

The inspection object information extraction unit 110 extracts file property information of an application program to be inspected which can be driven by the mobile operating system. Here, the file property information extracted by the inspection object information extraction unit 110 can be used as file registration information when registering and storing the application program in the application program database 10 and managing it.

The management subject information obtaining unit 120 obtains the file registration information on the application programs previously stored in the application program database 10.

The original candidate selecting unit 130 selects a repackaging source candidate that satisfies the predetermined repackaging source candidate condition among the managed application programs in accordance with the file property information of the application program to be inspected and the file registration information of the application programs to be managed Select original candidates.

Here, the repackaging source candidate condition includes conditions with different signatures, file name is the same, package name is the same, label name is the same, or the main activity name is the same At least one or more of the following may be included. It is also possible that the difference in the number of at least one of a component, a permission, and a native library satisfies a predetermined threshold difference condition.

The primary selection unit 131 constituting the original candidate selection unit 130 selects a primary repacking original candidate group satisfying the repacking original candidate condition among the application programs to be managed.

The final selection unit 133 constituting the original candidate selection unit 130 receives the file registration information of the primary repacking source candidate group selected by the primary selection unit 131 and the file property information of the application program to be inspected The final repacking source candidate group satisfying the critical similarity condition is selected.

Here, the final repackaging original candidate group can be selected when the similarity test result for the component name satisfies the critical similarity condition. Also, at least one name among a component, that is, an activity, a service, a receiver, a provider, or a main activity is sorted to extract a string similarity, and the extracted string similarity is extracted from a threshold similarity It can be selected when the condition is satisfied.

The repackaging determination unit 140 determines whether or not the application program to be inspected is repackaged according to the comparison result between the file property information of the repacking source candidate group selected by the original candidate selection unit 130 and the file property information of the application program to be inspected .

2 is a flowchart illustrating a repackaging detection method according to an embodiment of the present invention.

As described above, the repackaging detection method according to the embodiment includes extracting file property information of an application program to be inspected which can be run in the mobile operating system (S210).

The method further includes a step (S220) of acquiring file registration information on the managed application programs previously stored in the application program database.

In addition, according to the result of the comparison between the file property information of the application program to be inspected and the file registration information of the application programs to be managed, a step of selecting a primary repacking source candidate group satisfying the repacking source candidate condition among the application programs to be managed (S230).

In addition, the final repacking source candidate group satisfying the critical similarity condition is selected (S240) according to the result of comparison between the file registration information of the selected primary repackaging original candidate group and the file characteristic information of the application program to be inspected .

Finally, the method further includes determining whether to repackage the application program to be inspected (S250) according to the comparison result between the file registration information of the repackaging source candidate group and the file property information of the application program to be inspected.

Hereinafter, a repackaging detection method using a repackaging detection apparatus according to an embodiment of the present invention will be described in more detail with reference to FIG. 1 and FIG.

First, the file registration information of the managed application programs is stored in the application program database 10 in which the managed application programs are stored. Here, the file registration information is used as reference information for determining whether to repackage by comparing the file property information of the application program to be inspected. In addition, the file characteristic information extracted by the object-of-inspection information extracting unit 110 from the application program to be inspected may be registered and stored as file characteristic information of the application program to be managed and processed and registered and stored.

If the repackaging detection for the application program to be inspected is requested while the management application programs are registered and stored in the application program database 10, the inspection object information extraction unit 110 parses the application program to be inspected The file characteristic information is extracted (S210).

In addition, when repackaging detection is requested, the management subject information obtaining unit 120 obtains file registration information from the application program database 10 (S220).

For example, the file property information extracted by the inspection object information extraction unit 110 and the file registration information acquired by the management subject information acquisition unit 120 may be the same information. In the case of the Android application program, the file property information and the file property information can be extracted and acquired as shown in Table 1 below.

Item Explanation Remarks So file count Number of native libraries Int Number of Permissions Number of permissions declared Int Number of external libraries Number of external libraries used Int Label name Application name (user perspective) String Package name Package name (system perspective) String Name of main activity Name of the activity being started String Number of activities Number of declared activities Int Number of Services Number of declared services Int Number of receivers Number of declared receivers Int Number of Providers Number of providers declared Int Activity name Any name of the declared activity String Service Name Any name of the declared service String Receiver Name All names of the declared receiver String Provider name Any name of the declared provider. String

Among the items listed in Table 1, the remaining items except the so file count can be extracted by parsing the AndroidManifest.xml file.

Next, the primary selecting unit 131 of the original candidate selecting unit 130 selects one of the application programs to be managed according to the comparison result between the file property information of the application program to be inspected and the file registration information about the application programs to be managed A first candidate repackaging original candidate that satisfies the set repackaging original candidate condition is selected (S230).

Here, the primary selecting unit 131 may be configured to repackage at least one of the cases where the conditions of the signatures are satisfied, the file names are the same, the package names are the same, the label names are the same, or the main activity names are the same, It is available as an original candidate condition. Also, when the difference in the number of at least one of the component, the permission, and the native library satisfies the preset threshold difference condition, the repacking source candidate condition can be used.

For example, when comparing the file property information of the application program to be inspected and the file registration information of the application programs to be managed, the primary selecting unit 131 determines that the APK file name is the same, the package name is the same, If the same condition is satisfied and at least one of the component, permission, or native library has a difference of 10% or less, it can be selected as a repackaging original candidate.

The final selection unit 133 constituting the original candidate selection unit 130 receives the file registration information of the primary repacking source candidate group selected by the primary selection unit 131 and the file property information of the application program to be inspected The final repacking source candidate group satisfying the critical similarity condition is selected (S240).

Here, the final repackaging original candidate group can be selected when the similarity test result for the component name satisfies the critical similarity condition. Also, at least one name of an activity, a service, a receiver, a provider, or a main activity may be sorted to extract a string similarity degree, and the extracted string similarity degree may be selected when the extracted similarity degree satisfies the critical similarity condition.

For example, the final selection unit 133 arranges all the names of the activity, the service, the receiver, the provider, and the main activity, arranges them into one string without distinguishing each component, and then, if the string similarity satisfies the threshold similarity condition, It can be selected as a candidate for packaging original. As such, the reason for making each component into a single string without distinction is to reduce the time required for comparing the similarity.

Next, the repackaging judging unit 140 judges whether or not the repacking source of the inspection target application program is to be tested based on the comparison result between the file registration information of the repacking source candidate group selected by the original candidate selecting unit 130 and the file characteristic information of the inspection target application program. It is determined whether repackaging is to be performed (S250). The repackaging determination unit 140 can determine whether or not to repackage by using a general repackaging determination process according to the prior art. For example, when repackaging is detected with respect to an APK file, the binary code of the dex file is analyzed to determine whether the repackaging is possible by detecting the similarity between the two APK files as 1: 1.

As described above, according to the embodiment of the present invention, when the application program that can be run in the mobile operating system is targeted, the repackaging source candidate group is first selected when it is detected whether or not the package is repackaged. Therefore, when the similarity degree between application programs is detected as 1: 1, it is possible to check only the repacking source candidates, so that the similarity detection and repackaging source detection times are greatly reduced.

Each block of the block diagrams attached hereto and combinations of steps of the flowchart diagrams may be performed by computer program instructions. These computer program instructions may be loaded into a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus so that the instructions, which may be executed by a processor of a computer or other programmable data processing apparatus, And means for performing the functions described in each step are created. These computer program instructions may also be stored in a computer usable or computer readable memory capable of directing a computer or other programmable data processing apparatus to implement the functionality in a particular manner so that the computer usable or computer readable memory It is also possible for the instructions stored in the block diagram to produce a manufacturing item containing instruction means for performing the functions described in each block or flowchart of the block diagram. Computer program instructions may also be stored on a computer or other programmable data processing equipment so that a series of operating steps may be performed on a computer or other programmable data processing equipment to create a computer- It is also possible that the instructions that perform the processing equipment provide the steps for executing the functions described in each block of the block diagram and at each step of the flowchart.

Also, each block or each step may represent a module, segment, or portion of code that includes one or more executable instructions for executing the specified logical function (s). It should also be noted that in some alternative embodiments, the functions mentioned in the blocks or steps may occur out of order. For example, two blocks or steps shown in succession may in fact be performed substantially concurrently, or the blocks or steps may sometimes be performed in reverse order according to the corresponding function.

The foregoing description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

100 Repackaging detection device 110: Inspection object information extraction unit
120: management object information acquisition unit 130: original candidate selection unit
131: primary election government 133: final election government
140: repackaging judgment section

Claims (14)

Extracting file characteristic information of an application program to be inspected which can be driven by a mobile operating system,
Acquiring file registration information on managed application programs previously stored in an application program database;
Selecting a repackaging source candidate group satisfying a predetermined repackaging source candidate condition among the management application programs according to a result of comparison between the file characteristic information and file registration information about the management application programs;
Determining whether the application program to be inspected is repackaged according to a result of comparison between the file property information and the file registration information of the repackaging source candidate group.
delete The method according to claim 1,
Wherein the step of selecting the repackaging source candidate group includes the steps of: selecting a primary repackaging source candidate group satisfying the repackaging source candidate condition among the management application programs;
And selecting a final repackaging source candidate group that satisfies the threshold similarity condition according to a result of comparison between the file characteristic information and the file registration information of the primary repackaging source candidate group.
The method according to claim 1 or 3,
Wherein the repackaging source candidate condition includes a condition with a different signature,
A case where the file names are the same, a case where the package names are the same, a case where the label names are the same, or a case where the main activity names are the same.
5. The method of claim 4,
Wherein the repackaging source candidate condition is a case where a difference in the number of at least one of a component, a permission, and a native library satisfies a preset threshold difference condition.
The method of claim 3,
Wherein the final repackaging source candidate group is selected when a result of the similarity test on the component name satisfies the threshold similarity condition.
The method according to claim 6,
The final repackaging source candidate group is a group of at least one of activities, services, receivers, providers, or main activities, and extracts the string similarity by sorting at least one name, and selects the string similarity if the extracted string similarity satisfies the threshold similarity condition Lt; RTI ID = 0.0 > repackaging. ≪ / RTI >
An inspection target information extracting unit for extracting file characteristic information of an application program to be inspected which can be driven by a mobile operating system,
A management object information acquiring unit for acquiring file registration information on management application programs previously stored in an application program database;
An original candidate selecting unit that selects a repackaging original candidate group that satisfies predetermined repackaging source candidate conditions among the management application programs according to a result of the comparison between the file property information and the file registration information of the management application programs, ,
And a repackaging determination unit that determines whether or not the application program to be inspected is repackaged according to a result of comparison between the file property information and the file registration information for the repackaging source candidate group.
delete 9. The method of claim 8,
Wherein the original candidate selecting unit includes a primary selecting unit for selecting a primary repacking original candidate group satisfying the repacking original candidate condition among the management application programs,
And a final selecting unit for selecting a final repacking source candidate group satisfying the threshold similarity condition according to a result of comparison between the file characteristic information and the file registration information for the primary repackaging source candidate group.
11. The method according to claim 8 or 10,
Wherein the repackaging source candidate condition includes a condition with a different signature,
A case where the file names are the same, a case where the package names are the same, a case where the label names are the same, or a case where the main activity names are the same.
12. The method of claim 11,
Wherein the repackaging source candidate condition is a case where a difference in the number of at least one of a component, a permission, and a native library satisfies a preset threshold difference condition.
11. The method of claim 10,
Wherein the final repackaging source candidate group is selected when a result of the similarity test on the component name satisfies the threshold similarity condition.
14. The method of claim 13,
The final repackaging source candidate group is a group of at least one of activities, services, receivers, providers, or main activities, and extracts the string similarity by sorting at least one name among the activities, service, receiver, or main activity. When the extracted string similarity satisfies the threshold similarity condition Lt; RTI ID = 0.0 > repackaging < / RTI >

KR1020140020334A 2014-02-21 2014-02-21 Apparatus and method for detection of repackaging KR101579175B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
KR1020140020334A KR101579175B1 (en) 2014-02-21 2014-02-21 Apparatus and method for detection of repackaging
PCT/KR2015/001130 WO2015126079A1 (en) 2014-02-21 2015-02-04 Method and apparatus for detecting repackaging

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020140020334A KR101579175B1 (en) 2014-02-21 2014-02-21 Apparatus and method for detection of repackaging

Publications (2)

Publication Number Publication Date
KR20150098935A KR20150098935A (en) 2015-08-31
KR101579175B1 true KR101579175B1 (en) 2015-12-21

Family

ID=53878534

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020140020334A KR101579175B1 (en) 2014-02-21 2014-02-21 Apparatus and method for detection of repackaging

Country Status (2)

Country Link
KR (1) KR101579175B1 (en)
WO (1) WO2015126079A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108255695A (en) * 2016-12-29 2018-07-06 武汉安天信息技术有限责任公司 APK beats again the detection method and system of packet
CN109933976B (en) * 2017-12-15 2023-05-09 深圳Tcl工业研究院有限公司 Android application similarity detection method, mobile terminal and storage device
KR102149466B1 (en) * 2019-01-31 2020-08-28 단국대학교 산학협력단 Apparatus and method for feature information extraction and similarity comparison of android app considering obfuscation
CN114356296A (en) * 2021-12-30 2022-04-15 上海米哈游璃月科技有限公司 Resource packaging method and device, electronic equipment and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101214893B1 (en) * 2011-12-16 2013-01-09 주식회사 안랩 Apparatus and method for detecting similarity amongf applications

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101235517B1 (en) * 2011-03-30 2013-02-20 주식회사 엔씨소프트 Method for Detecting Modification of Computer Program Executing in Memory
KR20130134790A (en) * 2012-05-31 2013-12-10 네이버비즈니스플랫폼 주식회사 Method and system for storing the integrity information of application, method and system for checking the integrity of application

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101214893B1 (en) * 2011-12-16 2013-01-09 주식회사 안랩 Apparatus and method for detecting similarity amongf applications

Also Published As

Publication number Publication date
KR20150098935A (en) 2015-08-31
WO2015126079A1 (en) 2015-08-27

Similar Documents

Publication Publication Date Title
KR101246623B1 (en) Apparatus and method for detecting malicious applications
US10152594B2 (en) Method and device for identifying virus APK
CN106951780B (en) Beat again the static detection method and device of packet malicious application
US10296745B2 (en) Detecting vulnerable applications
CN108319854B (en) Incremental code static scanning method and device and computer readable storage medium
US20140082729A1 (en) System and method for analyzing repackaged application through risk calculation
US20170214704A1 (en) Method and device for feature extraction
KR101579175B1 (en) Apparatus and method for detection of repackaging
US20150213365A1 (en) Methods and systems for classification of software applications
KR20150044490A (en) A detecting device for android malignant application and a detecting method therefor
CN108536451B (en) Method and device for embedding embedded point of application program
US20160142437A1 (en) Method and system for preventing injection-type attacks in a web based operating system
US20160267270A1 (en) Method and system for fast inspection of android malwares
KR20170068814A (en) Apparatus and Method for Recognizing Vicious Mobile App
CN104317599A (en) Method and device for detecting whether installation package is packaged repeatedly or not
KR20150083627A (en) Method for detecting malignant code of android by activity string analysis
CN106709336A (en) Method and apparatus for identifying malware
KR101803888B1 (en) Method and apparatus for detecting malicious application based on similarity
KR101520671B1 (en) System and method for analysis executable code based on similarity
CN108829575B (en) Test case recommendation method, electronic device and readable storage medium
CN109711149B (en) Dynamic updating mechanism judging method and application full life cycle behavior monitoring method
CN107766075B (en) Code merging processing method and device
CN107341110B (en) Tool for modifying and affecting range of software test positioning patch and implementation method
CN105631332A (en) Malicious program processing method and apparatus
Feichtner et al. Obfuscation-resilient code recognition in Android apps

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
FPAY Annual fee payment

Payment date: 20181217

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20191216

Year of fee payment: 5