WO2013077538A1 - Dispositif et procédé d'analyse d'application basée sur une api - Google Patents

Dispositif et procédé d'analyse d'application basée sur une api Download PDF

Info

Publication number
WO2013077538A1
WO2013077538A1 PCT/KR2012/007449 KR2012007449W WO2013077538A1 WO 2013077538 A1 WO2013077538 A1 WO 2013077538A1 KR 2012007449 W KR2012007449 W KR 2012007449W WO 2013077538 A1 WO2013077538 A1 WO 2013077538A1
Authority
WO
WIPO (PCT)
Prior art keywords
api
analysis
application
risk
unit
Prior art date
Application number
PCT/KR2012/007449
Other languages
English (en)
Korean (ko)
Inventor
고승원
김용대
김세일
유영진
김종만
Original Assignee
주식회사 안랩
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 안랩 filed Critical 주식회사 안랩
Publication of WO2013077538A1 publication Critical patent/WO2013077538A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Definitions

  • the present invention relates to a technology for analyzing an application used in a mobile device.
  • the present invention analyzes the propensity and risk of an application installed in a mobile device based on usage information of a mobile application platform API (Application Programming Interface) and performs a diagnosis. Appropriate API-based application analysis device and method.
  • smart terminals which combines the advantages of mobile phones and personal digital assistants (PDAs), is increasing not only in foreign countries but also in Korea. Since the user can install various kinds of applications in the smart terminal, it is possible to install and drive financial transactions, movie and performance booking, navigation, game applications, etc. in addition to the basic call function.
  • virus diagnosis companies and security institutes conduct behavior-based diagnosis on application permissions, or application analysts directly analyze application source code or machine language using reverse engineering technology, and analyze the analyzed results.
  • a diagnostic method through Cyclic Redundancy Check (CRC) is used to find the same file.
  • behavior-based diagnosis can be performed for a verification process that allows a user to control access rights in a manifest file.
  • an embodiment of the present invention may provide an API-based application analysis apparatus and method for analyzing and diagnosing and diagnosing characteristics and risks of an application based on usage information of a mobile operating system platform API before installing an application on a mobile device. .
  • the embodiment of the present invention classify the operating system platform APIs by behavior elements and patterns, create a diagnostic policy model by assigning a weight to each, and then analyze the APIs extracted from the corresponding application to analyze the functional characteristics and risk of the application.
  • An apparatus and method for analyzing an API-based application may be provided.
  • the embodiment of the present invention classify the operating system platform APIs by behavioral elements and patterns, and assigns risk weights to each to create a risk diagnosis policy, and then extracts the requested application through reverse engineering, and extracts the extracted API.
  • the input unit for receiving the analysis request message for at least one application, and the API (Application Programming Interface) in the operating system platform classified by the behavior element and pattern diagnostic policy model
  • an analysis control unit for outputting an analysis result by analyzing at least one of functional features and risks of the API of the application for which the analysis is requested, based on the generated diagnostic policy model, wherein the analysis control unit includes the analysis requested application.
  • An API extracting unit for extracting an API from the API may include a risk analysis for adding weights.
  • the analysis control unit may include an API analysis unit performing API analysis for each API of the operating system platform for each action and pattern, and for each action according to a function-specific API list and pattern analysis based on the API analysis.
  • the apparatus may further include an API classification unit classifying the API list, and a diagnostic policy establishment unit generating the diagnostic policy model based on the information classified from the API classification unit.
  • the diagnosis policy establishment unit may generate a risk diagnosis policy model by assigning a weight to each of a single API, an unordered combination API, and an ordered combination API as a list of APIs for each action according to the pattern analysis.
  • the API-based application analysis apparatus may further include a graph generator that generates a graph having a preset form based on the analysis result.
  • the API-based application analysis apparatus may further include an analysis result output unit configured to transmit analysis result information including the generated graph to a user's mobile device or an application store server.
  • An API-based application analysis method includes a process of receiving an analysis request message for at least one application, a process of generating a diagnostic policy model by classifying APIs in an operating system platform by behavior elements and patterns, and The method may include outputting an analysis result by analyzing at least one of a functional feature and a risk of an API of the requested application, based on the generated diagnostic policy model, and outputting the analysis result may include: Extracting an API from the API, analyzing the corresponding function in the extracted API based on the diagnostic policy model, adding up the number of APIs having the same functional characteristics, and analyzing the corresponding risk in the extracted API to determine the same risk. Process of summing preset weights for owned API It can be included.
  • the process of generating the diagnostic policy model may include performing API analysis for each API of the OS platform by behavior and pattern, and based on the API analysis and pattern analysis according to the function analysis based on the API analysis.
  • the method may further include classifying into an API list and generating the diagnostic policy model based on the classified information.
  • the generating of the diagnosis policy model may generate a risk diagnosis policy model by assigning a weight to each of a single API, an orderless combination API, and an ordered combination API as an API list according to the pattern analysis.
  • the API-based application analysis method may further include generating a graph having a preset form based on the analysis result.
  • the API-based application analysis method may further include transmitting analysis result information including the generated graph to a user's mobile device or an application store server.
  • API-based application analysis apparatus and method according to an embodiment of the present invention as described above has one or more of the following effects.
  • API-based application analysis apparatus and method it is possible to automate the analysis of the application installed in the mobile device to more objectively and quickly analyze the propensity and risk of the application without depending on the analyst.
  • FIG. 1 is a block diagram showing the structure of an API-based application analysis device according to an embodiment of the present invention
  • FIG. 2 is a diagram illustrating databases in which a list of APIs for each function according to behavior analysis is stored according to an embodiment of the present invention
  • FIG. 3 is a diagram illustrating databases in which a list of APIs by behavior according to pattern analysis is stored according to an embodiment of the present invention
  • FIG. 4 is a flowchart illustrating an operation procedure of an API-based application analyzing apparatus according to an embodiment of the present invention
  • 5A and 5B are graphs for calculating the characteristics and risks of applications diagnosed according to an embodiment of the present invention.
  • Combinations of each block of the accompanying block diagram and each step of the flowchart may be performed by computer program instructions.
  • These computer program instructions may be mounted on a processor of a general purpose computer, special purpose computer, or other programmable data processing equipment such that instructions executed through the processor of the computer or other programmable data processing equipment may not be included in each block or flowchart of the block diagram. It will create means for performing the functions described in each step.
  • These computer program instructions may be stored in a computer usable or computer readable memory that can be directed to a computer or other programmable data processing equipment to implement functionality in a particular manner, and thus the computer usable or computer readable memory.
  • instructions stored in may produce an article of manufacture containing instruction means for performing the functions described in each block or flowchart of each step of the block diagram.
  • Computer program instructions may also be mounted on a computer or other programmable data processing equipment, such that a series of operating steps may be performed on the computer or other programmable data processing equipment to create a computer-implemented process to create a computer or other programmable data. Instructions that perform processing equipment may also provide steps for performing the functions described in each block of the block diagram and in each step of the flowchart.
  • each block or step may represent a portion of a module, segment or code that includes one or more executable instructions for executing a specified logical function (s).
  • a specified logical function s.
  • the functions noted in the blocks or steps may occur out of order.
  • the two blocks or steps shown in succession may in fact be executed substantially concurrently or the blocks or steps may sometimes be performed in the reverse order, depending on the functionality involved.
  • An embodiment of the present invention is to analyze and diagnose characteristics and risks of an application installed on a mobile device based on usage information of a mobile operating system platform API, and classify the operating system platform API by behavior elements and patterns, After creating a diagnosis policy model by assigning weights, the APIs extracted from the application are analyzed to analyze the functional characteristics and risk of the application.
  • an embodiment of the present invention will describe an API analysis method of a mobile operating system platform (for example, Android, iOS, Bada, etc.), but is not limited to the mobile operating system platform, and provides APIs from operating system platform operators of various computing devices. If it can be provided, of course, it is possible to apply the present invention to perform the API analysis for this.
  • a mobile operating system platform for example, Android, iOS, Bada, etc.
  • FIG. 1 is a block diagram showing the structure of an API-based application analysis apparatus according to an embodiment of the present invention.
  • the API-based application analyzing apparatus 100 may include an analysis control unit 110, an input unit 130, a graph generator 140, and an analysis result output unit 150.
  • 110 may include an API analyzer 112, an API classifier 114, a diagnostic policy establisher 116, a feature analyzer 118, a risk analyzer 120, an API extractor 122, and the like. have.
  • the API-based application analysis apparatus 100 may be linked to an application store server to analyze an API of a corresponding application at the request of a mobile device user or an application store server operator.
  • the application store server may be a server in which a plurality of mobile device users and a plurality of application providers are connected through a wired / wireless network, and when an application is uploaded from each application provider, sales thereof are made.
  • the input unit 130 may receive an analysis request message for a specific application from a mobile device user or an application store server operator, and transmit the received analysis request message to the analysis control unit 110.
  • the analysis control unit 110 may transmit the received analysis request message to the analysis control unit 110.
  • a new API when a new API is input from the mobile operating system platform operator, it may be transmitted to the analysis controller 110.
  • the analysis control unit 110 may control the respective functional blocks, generate a diagnostic policy model by analyzing and classifying APIs received from the mobile operating system platform operators, and then analyze functional characteristics and risks of the requested application APIs. Can provide analysis results.
  • the API analysis unit 112 in the analysis control unit 110 may receive an API from a corresponding mobile operating system platform operator and perform behavior analysis and pattern analysis for each API. That is, by analyzing all APIs in the corresponding mobile operating system platform, an analysis for creating an API list by action and pattern may be performed, and the analysis result information may be output.
  • the analysis result information output through the API analysis unit 112 is transferred to the API classification unit 114 so that the API classification unit 114 displays a list of APIs by functions according to behavior analysis and API list by behaviors according to pattern analysis for each API. Classification can be done with
  • each API Since each API has its own function, each API can be classified by judging each function and the action performed based on each function.
  • FIG. 2 is a diagram illustrating databases in which API lists for functions according to behavior analysis are stored according to an embodiment of the present invention
  • FIG. 3 is a diagram illustrating databases in which API lists for behaviors according to pattern analysis are stored according to an embodiment of the present invention. The figure is shown.
  • the API classification unit 114 may include a function-based API determination unit 200 according to a behavior analysis and an action-based API determination unit 310 according to a pattern analysis, and the like.
  • the department may determine the function-specific and behavior-based API based on the analysis result information received through the API analysis unit 112 and perform classification into the corresponding database.
  • the API determination unit 200 of each function of FIG. 2 may determine each API based on behavior analysis information included in the analysis result information. That is, according to the determined function of the API can be stored in each function list database (DB).
  • DB function list database
  • Each function list database can be unauthorized charging API DB (210), general data leakage API DB (212), rootable API DB (214), Bluetooth hacking API DB (216), system damage possible API DB (218) , Personal information leakage API DB 220, terminal information leakage API DB 222, usage information leakage API DB 224, location information leakage API DB 226 and financial information leakage API DB 228 And the like, but are not limited thereto.
  • the API analyzer 112 analyzes "getUserData" among the Android platform APIs, and analyzes that this API provides user information through a key associated with the account and the account information, and analyzes the result of the analysis. It may be delivered to the API classifier 114.
  • the API determining unit 200 for each function of the API classification unit 114 may determine that the corresponding API provides the user information and transmit the stored information to the usage information leakable API DB 224. .
  • the action-specific API determination unit 310 of FIG. 3 may determine each API based on the pattern analysis information included in the analysis result information. That is, it can be stored in each behavior list database (DB) according to the determined behavior of the API, and the behavior list database includes a single API DB 312, an unordered combination API DB 314, and an API DB 316 having an order. And the like.
  • DB behavior list database
  • the analyzed result information may be transmitted to the API classification unit 114.
  • the API classification unit 114 may be delivered to the API determination unit 310 for each action, and the API determination unit 200 for each function may deliver and store the "getUserData" API to the personal information leakage possible API DB 220.
  • action-based API determination unit 310 may link the "getUserData" API to the single API DB 312 and the unordered combination API DB 314 to give weights, and then store the weight.
  • the single API DB 312 stores APIs that can be used independently, and the unordered combination API DB 314 includes, for example, an API for reading personal information, an API for temporary storage in a file or memory area, and a later point in time. If it is determined that the API to be sent to the server set in advance is performed in any order in one combination, it can be stored.
  • the ordered API DB 316 for example, when personal information is read, APIs that sequentially perform a specific function may be classified and stored, such as when the personal information is read directly to a predetermined server.
  • each of the functional API determination unit 200 and the behavior-specific API determination unit 310 may be linked to each other DB, depending on the implementation method may be dependent on each other.
  • the diagnostic policy establishment unit 116 may receive classification information from the API classification unit 114 and generate a diagnosis policy model based on the classified information. That is, the functional characteristics can identify the functional characteristics or propensity of the application based on the number of APIs for each function included in one application, and the risk is a single API classified in the application, an unordered combination API, and a combination having an order. Risk diagnosis is given by assigning a risk weight to each API.
  • the diagnostic policy model for confirming the functional characteristics and the risk of the specific application may be transmitted to the characteristic analyzer 118 and the risk analyzer 120, respectively.
  • the API extraction unit 122 receives the analysis request message of the mobile device user from the input unit 130, parses the application data contained in the analysis request message using reverse engineering technology, at least one set through parsing The package and at least one API included in the package may be extracted. The extracted API may be transmitted to the characteristic analyzer 118 and the risk analyzer 120.
  • the API extracting unit 122 may receive the application data for extraction directly from the mobile device user through the analysis request message, but the analysis request message does not include additional data other than the systematic information about the application. In the request to the application to the associated application store server may be delivered.
  • the characteristic analysis unit 118 is for analyzing and confirming the propensity of the application, that is, the functional characteristics, and classifies the API into functional APIs through the functional analysis of each API based on a diagnosis policy model, and classifies the API number information for each functional function as an analysis result. You can print
  • the risk analysis unit 120 is for diagnosing a potential risk of an application.
  • the risk analysis unit 120 may classify each API into action APIs through action analysis based on a diagnosis policy model, and may assign a risk weight to each action API. .
  • the risk weights for an unordered combinatorial API or an ordered combinatorial API may be summed up to a single API risk to finally calculate the potential risk of the application.
  • the result information analyzed from the characteristic analyzer 118 and the risk analyzer 120 may be transmitted to the analysis result output unit 150 and the graph generator 140.
  • the graph generator 140 receives the characteristic and risk result information from the characteristic analyzer 118 and the risk analyzer 120, and digitizes or percentages the graph through a preset graph. Accordingly, trend analysis and statistical results such as functional statistics, risk weight calculation details, etc. may be calculated and graph output information including the same may be transmitted to the analysis result output unit 150.
  • the analysis result output unit 150 may receive the characteristic and risk result information from the characteristic analyzer 118 and the risk analyzer 120, and may receive the graph output information from the graph generator 140.
  • the information may be linked to each other and transmitted to an application store server or transmitted to a mobile user device.
  • FIG. 4 is a flowchart illustrating an operation procedure of an API-based application analyzing apparatus according to an embodiment of the present invention.
  • API analysis unit 112 in the API-based application analysis apparatus 100 is previously stored or received API information from an operating system platform operator through the input unit 130 in step 400, for each API The analysis is performed for each action element and pattern, and the analyzed result information is transmitted to the API classification unit 114.
  • the API classifier 114 determines the API according to the function in step 402 based on the result information analyzed in step 402, and stores each API determined as the API for each pattern in step 404 in the corresponding DB.
  • steps 402 and 404 are not necessarily sequentially performed, or may be performed simultaneously or step 404 may be performed before step 402.
  • the API classification unit 114 transmits the classified information to the diagnosis policy establishing unit 116 to establish a policy and a risk policy for each service function in the diagnosis policy establishing unit 116, and generate this as a diagnosis policy model.
  • the API extraction unit 122 receives the analysis request message of the mobile device user from the input unit 130 in step 408, the corresponding application data is based on the application information included in the analysis request message. API is parsed by reverse engineering.
  • the extracted API is transferred to the characteristic analyzer 118 and the risk analyzer 120, and in step 410, the characteristic analyzer 118 compares and analyzes the API extracted for each functional element of the diagnostic policy model to correspond to each API.
  • the number is added, and the risk analysis unit 120 compares the risk-specific weights of the APIs and the behavior-specific weights set in the diagnostic policy model with the extracted APIs and adds the corresponding risk weights.
  • an analysis result about the general service function is derived through the characteristic analysis unit 118, and an analysis result about the potential risk is derived through the risk analysis unit 120.
  • Each derived analysis result information is transferred to the analysis result output unit 150.
  • the analysis result output unit 150 displays text and numbers of the analysis result information including service functions and potential risks for the corresponding application.
  • the graph is output through the interlocked graph generation unit 140 and transferred to the application store server or the mobile device of the user.
  • 5A and 5B are graphs illustrating characteristics and risks of diagnosed applications according to an exemplary embodiment of the present invention.
  • the graph generator 140 may receive functional characteristic information and risk information analyzed from the characteristic analyzer 118 and the risk analyzer 120 from the mobile device user or the application server operator. In this way, a graph of a predetermined format may be generated based on each information.
  • FIG. 5A is a circular graph of the functional characteristics and risks of APIs included in the application, indicating that the personal information access function API occupies about 30% of all APIs, and the location information API occupies about 25% of all APIs. Can be. However, these functions indicate that the likelihood of terminal information leakage is about 15%, and the possibility of charging cost is about 15%.
  • API list information for performing these functions may be provided.
  • the pie graph may be represented as the sum of the number of APIs rather than the% format.
  • Figure 5b is a radial graph of the functional characteristics and risks of the APIs included in the application, the application has a high personal information access, location information use a lot, it can be confirmed that the terminal information leakage possibility is high. .
  • the functional characteristic information and the risk score calculated through the embodiment of the present invention may not be an absolute basis for determining whether the application is functional or malicious. However, it is sufficient to serve as a primary filter for automating analysis in environments where mobile applications are expected to grow exponentially, and by analyzing the combined patterns for these APIs, more sophisticated risks can be predicted and diagnosed. Can be done.
  • the API-based application analysis apparatus and method is for analyzing and diagnosing characteristics and risks of an application installed in a mobile device based on usage information of a mobile operating system platform API.
  • the platform APIs are classified by action elements and patterns, weighted for each to generate a diagnostic policy model, and then the functional characteristics and risks of the application are analyzed by analyzing the API extracted from the application.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

La présente invention concerne une technologie d'analyse d'application basée sur une API qui analyse et diagnostique les propriétés et les risques d'une application installée dans un dispositif mobile sur la base d'informations d'utilisation d'une API de plateforme de système d'exploitation mobile. Dans ce but, la technologie classe l'API de la plateforme du système d'exploitation en termes d'un élément d'action et d'un motif, fournit un poids à chacun d'eux afin de créer un modèle de politique de diagnostic, et ensuite analyse une API extraite d'une application correspondante afin d'analyser une propriété fonctionnelle et un risque fonctionnel. Selon la présente invention, puisque l'analyse d'une application installée dans un dispositif mobile est effectuée automatiquement, il est possible d'effectuer une analyse plus objective et plus rapide des tendances et des risques de l'application sans dépendre d'un analyste, et il est possible de fournir une indication sur des éléments à risque et des risques à annoncer à un utilisateur d'un dispositif mobile avec des valeurs quantitatives qui représentent des risques et une distribution d'API par élément à risque.
PCT/KR2012/007449 2011-11-22 2012-09-18 Dispositif et procédé d'analyse d'application basée sur une api WO2013077538A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020110122294A KR101143999B1 (ko) 2011-11-22 2011-11-22 Api 기반 어플리케이션 분석 장치 및 방법
KR10-2011-0122294 2011-11-22

Publications (1)

Publication Number Publication Date
WO2013077538A1 true WO2013077538A1 (fr) 2013-05-30

Family

ID=46271733

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2012/007449 WO2013077538A1 (fr) 2011-11-22 2012-09-18 Dispositif et procédé d'analyse d'application basée sur une api

Country Status (2)

Country Link
KR (1) KR101143999B1 (fr)
WO (1) WO2013077538A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014106716A (ja) * 2012-11-27 2014-06-09 Nippon Telegr & Teleph Corp <Ntt> 制御装置、制御システム、制御方法および制御プログラム
US10747556B2 (en) * 2018-10-18 2020-08-18 Sap Se Serverless function as a service (FAAS)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9043919B2 (en) 2008-10-21 2015-05-26 Lookout, Inc. Crawling multiple markets and correlating
US9407443B2 (en) 2012-06-05 2016-08-02 Lookout, Inc. Component analysis of software applications on computing devices
US9589129B2 (en) 2012-06-05 2017-03-07 Lookout, Inc. Determining source of side-loaded software
KR101325954B1 (ko) 2012-09-13 2013-11-20 주식회사 인프라웨어테크놀러지 코드분석과 화면분석을 이용한 안드로이드 어플의 자동실행 방법, 및 이를 위한 안드로이드 어플 자동실행 프로그램을 기록한 컴퓨터로 판독가능한 기록매체
KR101402057B1 (ko) 2012-09-19 2014-06-03 주식회사 이스트시큐리티 위험도 계산을 통한 리패키지 애플리케이션의 분석시스템 및 분석방법
US9208215B2 (en) 2012-12-27 2015-12-08 Lookout, Inc. User classification based on data gathered from a computing device
KR101739125B1 (ko) 2013-02-27 2017-05-24 한국전자통신연구원 모바일 디바이스용 어플리케이션의 권한을 분석하고 위험성을 검출하기 위한 장치 및 방법
KR101434094B1 (ko) 2013-03-18 2014-08-26 한양대학교 에리카산학협력단 안드로이드 플랫폼에서 인텐트 모니터링을 통한 유해 어플리케이션 차단 방법
KR101453412B1 (ko) 2013-06-21 2014-10-22 주식회사 케이티 Api 실행을 위한 스마트 어댑터 및 제어 방법
AU2016258533B2 (en) 2015-05-01 2017-11-30 Lookout, Inc. Determining source of side-loaded software
KR102415971B1 (ko) 2015-12-10 2022-07-05 한국전자통신연구원 악성 모바일 앱 감지 장치 및 방법
US10218697B2 (en) 2017-06-09 2019-02-26 Lookout, Inc. Use of device risk evaluation to manage access to services
WO2023022359A1 (fr) * 2021-08-19 2023-02-23 삼성전자 주식회사 Dispositif électronique permettant de détecter une erreur d'exécution d'une application et son procédé de fonctionnement

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070121195A (ko) * 2006-06-21 2007-12-27 한국전자통신연구원 시스템 이벤트 정보를 이용한 은닉 프로세스 탐지 시스템및 방법
KR20080065814A (ko) * 2007-01-10 2008-07-15 재단법인서울대학교산학협력재단 실시간 운영체제 기반 임베디드 소프트웨어 자동생성장치및 그 방법
KR100991807B1 (ko) * 2008-05-20 2010-11-04 주식회사 웰비아닷컴 마이크로소프트 윈도우 운영체제를 사용하는 컴퓨터시스템에서의 악성코드 탐지 및 처리 시스템 및 방법
KR101046549B1 (ko) * 2003-04-17 2011-07-05 가부시키가이샤 엔티티 도코모 이동 통신 프레임워크에서 컨텐츠/보안 분석 기능성에액세스하는 api시스템, 방법 및 컴퓨터 프로그램 제품

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101046549B1 (ko) * 2003-04-17 2011-07-05 가부시키가이샤 엔티티 도코모 이동 통신 프레임워크에서 컨텐츠/보안 분석 기능성에액세스하는 api시스템, 방법 및 컴퓨터 프로그램 제품
KR20070121195A (ko) * 2006-06-21 2007-12-27 한국전자통신연구원 시스템 이벤트 정보를 이용한 은닉 프로세스 탐지 시스템및 방법
KR20080065814A (ko) * 2007-01-10 2008-07-15 재단법인서울대학교산학협력재단 실시간 운영체제 기반 임베디드 소프트웨어 자동생성장치및 그 방법
KR100991807B1 (ko) * 2008-05-20 2010-11-04 주식회사 웰비아닷컴 마이크로소프트 윈도우 운영체제를 사용하는 컴퓨터시스템에서의 악성코드 탐지 및 처리 시스템 및 방법

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WONTAE, SIM ET AL.: "Android Application Analysis Method for Malicious Activity Detection", JOURNAL OF THE KOREA INSTITUTE OF INFORMATION SECURITY & CRYPTOLOGY, vol. 21, no. 1, 28 February 2011 (2011-02-28), KOREA INSTITUTE OF INFORMATION SECURITY AND CRYPTOLOGY, pages 213 - 219 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014106716A (ja) * 2012-11-27 2014-06-09 Nippon Telegr & Teleph Corp <Ntt> 制御装置、制御システム、制御方法および制御プログラム
US10747556B2 (en) * 2018-10-18 2020-08-18 Sap Se Serverless function as a service (FAAS)
US11481234B2 (en) 2018-10-18 2022-10-25 Sap Se Serverless function as a service (FAAS)

Also Published As

Publication number Publication date
KR101143999B1 (ko) 2012-05-09

Similar Documents

Publication Publication Date Title
WO2013077538A1 (fr) Dispositif et procédé d&#39;analyse d&#39;application basée sur une api
US11019114B2 (en) Method and system for application security evaluation
WO2011102605A2 (fr) Système de service qui diagnostique la vulnérabilité d&#39;un service web en mode temps réel et fournit les informations de résultat correspondantes
WO2013089340A1 (fr) Appareil et procédé de détection de similarité entre applications
JP5802848B2 (ja) モバイル環境用のトロイの木馬化されたアプリケーション(アプリ)を特定するためのコンピュータ実装方法、非一時コンピュータ読み取り可能な媒体およびコンピュータシステム
CN104517054B (zh) 一种检测恶意apk的方法、装置、客户端和服务器
WO2018182126A1 (fr) Système et procédé permettant d&#39;authentifier un logiciel sécurisé
WO2014035043A1 (fr) Appareil et procédé permettant de diagnostiquer des applications malveillantes
WO2015056885A1 (fr) Dispositif de détection et procédé de détection pour une application android malveillante
WO2014088262A1 (fr) Dispositif et procédé de détection d&#39;applications frauduleuses/modifiées
CN104715195A (zh) 基于动态插桩的恶意代码检测系统及方法
WO2011090329A2 (fr) Appareil, système et procédé de prévention d&#39;infection par un code malveillant
CN111835756A (zh) App隐私合规检测方法、装置、计算机设备及存储介质
WO2013073762A1 (fr) Procédé et appareil conçus pour produire et recueillir des données concernant un arrêt anormal d&#39;un programme
WO2014168408A1 (fr) Dispositif, système et procédé permettant de diagnostiquer un logiciel malveillant sur la base du nuage
CN109818972B (zh) 一种工业控制系统信息安全管理方法、装置及电子设备
KR20160090566A (ko) 유효마켓 데이터를 이용한 apk 악성코드 검사 장치 및 방법
WO2018199366A1 (fr) Procédé et système permettant de détecter si un obscurcissement a été appliqué à un fichier dex et d&#39;évaluer la sécurité
CN111865927B (zh) 基于系统的漏洞处理方法、装置、计算机设备和存储介质
WO2015050348A1 (fr) Procédé de vérification d&#39;application sur la base d&#39;extraction d&#39;objet, et dispositif correspondant
CN115525897A (zh) 终端设备的系统检测方法、装置、电子装置和存储介质
CN109714371B (zh) 一种工控网络安全检测系统
CN109933990B (zh) 基于多模式匹配的安全漏洞发现方法、装置及电子设备
WO2014098387A1 (fr) Appareil et méthode de diagnostic d&#39;application malveillante
Rodriguez et al. Ntapps: A network traffic analyzer of android applications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12851294

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12851294

Country of ref document: EP

Kind code of ref document: A1