CN102663286B - 一种病毒apk的识别方法及装置 - Google Patents
一种病毒apk的识别方法及装置 Download PDFInfo
- Publication number
- CN102663286B CN102663286B CN201210076889.2A CN201210076889A CN102663286B CN 102663286 B CN102663286 B CN 102663286B CN 201210076889 A CN201210076889 A CN 201210076889A CN 102663286 B CN102663286 B CN 102663286B
- Authority
- CN
- China
- Prior art keywords
- virus
- file
- code
- apk
- installation kit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 241000700605 Viruses Species 0.000 title claims abstract description 312
- 238000000034 method Methods 0.000 title claims abstract description 77
- 238000009434 installation Methods 0.000 claims description 121
- 230000003612 virological effect Effects 0.000 claims description 59
- 230000008878 coupling Effects 0.000 claims description 44
- 238000010168 coupling process Methods 0.000 claims description 44
- 238000005859 coupling reaction Methods 0.000 claims description 44
- 238000001514 detection method Methods 0.000 claims description 38
- 239000000284 extract Substances 0.000 claims description 15
- 230000000840 anti-viral effect Effects 0.000 claims description 9
- 230000006870 function Effects 0.000 description 45
- 230000008569 process Effects 0.000 description 30
- 230000008859 change Effects 0.000 description 11
- 230000035772 mutation Effects 0.000 description 11
- 238000004590 computer program Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 241000282376 Panthera tigris Species 0.000 description 5
- 238000004519 manufacturing process Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000012163 sequencing technique Methods 0.000 description 2
- 241000931705 Cicada Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical group CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 150000002500 ions Chemical class 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- MYWUZJCMWCOHBA-VIFPVBQESA-N methamphetamine Chemical compound CN[C@@H](C)CC1=CC=CC=C1 MYWUZJCMWCOHBA-VIFPVBQESA-N 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 238000010408 sweeping Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)
Abstract
Description
Claims (14)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210076889.2A CN102663286B (zh) | 2012-03-21 | 2012-03-21 | 一种病毒apk的识别方法及装置 |
PCT/CN2013/072474 WO2013139215A1 (zh) | 2012-03-21 | 2013-03-12 | 病毒apk的识别方法及装置 |
US14/386,681 US9619650B2 (en) | 2012-03-21 | 2013-03-12 | Method and device for identifying virus APK |
US15/440,901 US10152594B2 (en) | 2012-03-21 | 2017-02-23 | Method and device for identifying virus APK |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210076889.2A CN102663286B (zh) | 2012-03-21 | 2012-03-21 | 一种病毒apk的识别方法及装置 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510146262.3A Division CN104715199A (zh) | 2012-03-21 | 2012-03-21 | 一种病毒apk的识别方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102663286A CN102663286A (zh) | 2012-09-12 |
CN102663286B true CN102663286B (zh) | 2015-05-06 |
Family
ID=46772774
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210076889.2A Active CN102663286B (zh) | 2012-03-21 | 2012-03-21 | 一种病毒apk的识别方法及装置 |
Country Status (3)
Country | Link |
---|---|
US (2) | US9619650B2 (zh) |
CN (1) | CN102663286B (zh) |
WO (1) | WO2013139215A1 (zh) |
Families Citing this family (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102663286B (zh) | 2012-03-21 | 2015-05-06 | 北京奇虎科技有限公司 | 一种病毒apk的识别方法及装置 |
CN103546448A (zh) * | 2012-12-21 | 2014-01-29 | 哈尔滨安天科技股份有限公司 | 一种基于格式解析的网络病毒检测方法及*** |
CN103268444B (zh) * | 2012-12-28 | 2016-06-01 | 武汉安天信息技术有限责任公司 | 一种基于插件加载的android恶意代码检测***及方法 |
CN103093148A (zh) * | 2012-12-28 | 2013-05-08 | 广东欧珀移动通信有限公司 | 一种恶意广告的检测方法、***及设备 |
CN103077349B (zh) * | 2013-01-05 | 2016-04-13 | 北京奇虎科技有限公司 | 一种浏览器侧提示访问安全信息的方法及装置 |
CN103902900A (zh) * | 2013-05-03 | 2014-07-02 | 哈尔滨安天科技股份有限公司 | 外部提取式移动终端恶意代码检测装置及方法 |
CN103400076B (zh) * | 2013-07-30 | 2016-01-06 | 腾讯科技(深圳)有限公司 | 一种移动终端上的恶意软件检测方法、装置和*** |
CN104899009A (zh) * | 2014-03-03 | 2015-09-09 | 可牛网络技术(北京)有限公司 | 一种安卓应用的识别方法及装置 |
CN104915596B (zh) * | 2014-03-10 | 2018-01-26 | 可牛网络技术(北京)有限公司 | apk病毒特征库构建方法、装置及apk病毒检测*** |
CN103886258A (zh) * | 2014-03-10 | 2014-06-25 | 珠海市君天电子科技有限公司 | 一种病毒检测方法及装置 |
CN103955449B (zh) * | 2014-04-21 | 2018-03-06 | 安一恒通(北京)科技有限公司 | 定位目标样本的方法和装置 |
CN104216946B (zh) * | 2014-07-31 | 2019-03-26 | 百度在线网络技术(北京)有限公司 | 一种用于确定重打包应用程序的方法和装置 |
CN104318161A (zh) * | 2014-11-18 | 2015-01-28 | 北京奇虎科技有限公司 | 一种安卓样本的病毒检测方法及装置 |
US9519780B1 (en) * | 2014-12-15 | 2016-12-13 | Symantec Corporation | Systems and methods for identifying malware |
KR101574652B1 (ko) * | 2015-01-14 | 2015-12-11 | 한국인터넷진흥원 | 모바일 침해사고 분석시스템 및 방법 |
CN104657661B (zh) * | 2015-01-26 | 2018-05-22 | 武汉安天信息技术有限责任公司 | 移动终端中恶意代码的检测方法和装置 |
CN105389510A (zh) * | 2015-12-14 | 2016-03-09 | 江山市同舟数码科技有限公司 | 一种安卓移动设备恶意软件检测方法和*** |
CN106934287B (zh) * | 2015-12-31 | 2020-02-11 | 北京金山安全软件有限公司 | 一种root病毒清理方法、装置及电子设备 |
CN106934288B (zh) | 2015-12-31 | 2021-04-16 | 北京金山安全软件有限公司 | 一种root病毒清理方法、装置及电子设备 |
CN106940771A (zh) * | 2016-01-04 | 2017-07-11 | 阿里巴巴集团控股有限公司 | 基于文件的漏洞检测方法和装置 |
CN108256324A (zh) * | 2016-12-29 | 2018-07-06 | 武汉安天信息技术有限责任公司 | 一种针对加固apk样本的检测方法及*** |
CN108334776B (zh) * | 2017-01-19 | 2020-09-04 | ***通信有限公司研究院 | 一种变形恶意代码的检测方法及装置 |
CN109214179B (zh) * | 2017-06-30 | 2021-04-27 | 武汉斗鱼网络科技有限公司 | 一种程序模块安全检测方法及装置 |
CN109558731B (zh) * | 2017-09-26 | 2022-04-08 | 腾讯科技(深圳)有限公司 | 特征码处理方法、装置及存储介质 |
CN107885505B (zh) * | 2017-09-30 | 2021-05-14 | 浙江福山电子科技有限责任公司 | 一种代码定位方法 |
CN111104671B (zh) * | 2018-10-25 | 2023-05-30 | 阿里巴巴集团控股有限公司 | 应用的标识确定方法和应用的检测方法 |
CN109635565A (zh) * | 2018-11-28 | 2019-04-16 | 江苏通付盾信息安全技术有限公司 | 恶意程序的检测方法、装置、计算设备及计算机存储介质 |
CN112580036B (zh) * | 2019-09-30 | 2024-01-30 | 奇安信安全技术(珠海)有限公司 | 病毒防御的优化方法及装置、存储介质、计算机设备 |
CN110826068B (zh) * | 2019-11-01 | 2022-03-18 | 海南车智易通信息技术有限公司 | 安全检测方法和安全检测*** |
CN110941833A (zh) * | 2019-12-04 | 2020-03-31 | 厦门安胜网络科技有限公司 | 一种检测apk文件中漏洞的方法、装置及存储介质 |
CN113259768B (zh) * | 2020-02-10 | 2022-12-20 | 中国电信股份有限公司 | 管理机顶盒中apk的方法、***与介质 |
CN111581331B (zh) * | 2020-04-27 | 2023-08-25 | 抖音视界有限公司 | 文案处理的方法、装置、电子设备及计算机可读介质 |
CN113312624B (zh) * | 2021-06-21 | 2023-06-30 | 厦门服云信息科技有限公司 | 一种Java Web应用内存木马检测方法、终端设备及存储介质 |
CN113805893B (zh) * | 2021-09-17 | 2023-04-28 | 杭州云深科技有限公司 | 一种异常apk的识别方法、电子设备及可读存储介质 |
CN113805892B (zh) * | 2021-09-17 | 2024-04-05 | 杭州云深科技有限公司 | 一种异常apk的识别方法、电子设备及可读存储介质 |
CN115309785B (zh) * | 2022-08-08 | 2023-07-07 | 北京百度网讯科技有限公司 | 文件规则引擎库的生成、文件信息检测方法、装置及设备 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1567118A (zh) * | 2004-03-29 | 2005-01-19 | 四川大学 | 一种计算机病毒检测和识别***及方法 |
CN1752888A (zh) * | 2005-11-08 | 2006-03-29 | 朱林 | 用于移动/智能终端的病毒特征提取和检测***及方法 |
CN1936910A (zh) * | 2005-11-16 | 2007-03-28 | 白杰 | 未知病毒程序的识别及清除方法 |
CN102254113A (zh) * | 2011-06-27 | 2011-11-23 | 深圳市安之天信息技术有限公司 | 一种检测和拦截移动终端恶意代码的方法及*** |
CN102346829A (zh) * | 2011-09-22 | 2012-02-08 | 重庆大学 | 基于集成分类的病毒检测方法 |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4567275B2 (ja) * | 2002-02-28 | 2010-10-20 | 株式会社エヌ・ティ・ティ・ドコモ | 移動通信端末、情報処理装置、中継サーバ装置、情報処理システム及び情報処理方法 |
WO2007117585A2 (en) * | 2006-04-06 | 2007-10-18 | Smobile Systems Inc. | System and method for managing malware protection on mobile devices |
CN100485703C (zh) * | 2006-10-11 | 2009-05-06 | 飞塔信息科技(北京)有限公司 | 一种计算机恶意代码处理方法和*** |
US8590039B1 (en) * | 2007-11-28 | 2013-11-19 | Mcafee, Inc. | System, method and computer program product for sending information extracted from a potentially unwanted data sample to generate a signature |
US9235704B2 (en) * | 2008-10-21 | 2016-01-12 | Lookout, Inc. | System and method for a scanning API |
US9367680B2 (en) * | 2008-10-21 | 2016-06-14 | Lookout, Inc. | System and method for mobile communication device application advisement |
US8984628B2 (en) * | 2008-10-21 | 2015-03-17 | Lookout, Inc. | System and method for adverse mobile application identification |
US8826439B1 (en) * | 2011-01-26 | 2014-09-02 | Symantec Corporation | Encoding machine code instructions for static feature based malware clustering |
US8874579B2 (en) * | 2011-08-18 | 2014-10-28 | Verisign, Inc. | Systems and methods for identifying associations between malware samples |
KR101299099B1 (ko) * | 2011-09-07 | 2013-09-16 | 주식회사 팬택 | 임베디드 시스템에서 최적화된 가상화 모듈을 관리하는 장치 및 방법 |
US20130067577A1 (en) * | 2011-09-14 | 2013-03-14 | F-Secure Corporation | Malware scanning |
US9781151B1 (en) * | 2011-10-11 | 2017-10-03 | Symantec Corporation | Techniques for identifying malicious downloadable applications |
US8806641B1 (en) * | 2011-11-15 | 2014-08-12 | Symantec Corporation | Systems and methods for detecting malware variants |
CN102663285B (zh) * | 2012-03-21 | 2015-06-10 | 北京奇虎科技有限公司 | 一种apk病毒特征码的提取方法及装置 |
CN102663286B (zh) * | 2012-03-21 | 2015-05-06 | 北京奇虎科技有限公司 | 一种病毒apk的识别方法及装置 |
-
2012
- 2012-03-21 CN CN201210076889.2A patent/CN102663286B/zh active Active
-
2013
- 2013-03-12 US US14/386,681 patent/US9619650B2/en active Active
- 2013-03-12 WO PCT/CN2013/072474 patent/WO2013139215A1/zh active Application Filing
-
2017
- 2017-02-23 US US15/440,901 patent/US10152594B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1567118A (zh) * | 2004-03-29 | 2005-01-19 | 四川大学 | 一种计算机病毒检测和识别***及方法 |
CN1752888A (zh) * | 2005-11-08 | 2006-03-29 | 朱林 | 用于移动/智能终端的病毒特征提取和检测***及方法 |
CN1936910A (zh) * | 2005-11-16 | 2007-03-28 | 白杰 | 未知病毒程序的识别及清除方法 |
CN102254113A (zh) * | 2011-06-27 | 2011-11-23 | 深圳市安之天信息技术有限公司 | 一种检测和拦截移动终端恶意代码的方法及*** |
CN102346829A (zh) * | 2011-09-22 | 2012-02-08 | 重庆大学 | 基于集成分类的病毒检测方法 |
Also Published As
Publication number | Publication date |
---|---|
CN102663286A (zh) | 2012-09-12 |
WO2013139215A1 (zh) | 2013-09-26 |
US20150052612A1 (en) | 2015-02-19 |
US20170161496A1 (en) | 2017-06-08 |
US10152594B2 (en) | 2018-12-11 |
US9619650B2 (en) | 2017-04-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102663286B (zh) | 一种病毒apk的识别方法及装置 | |
CN102708320B (zh) | 一种病毒apk的识别方法及装置 | |
CN102663285B (zh) | 一种apk病毒特征码的提取方法及装置 | |
CN104715199A (zh) | 一种病毒apk的识别方法及装置 | |
Fazzini et al. | Automated API-usage update for Android apps | |
US10114946B2 (en) | Method and device for detecting malicious code in an intelligent terminal | |
KR102415971B1 (ko) | 악성 모바일 앱 감지 장치 및 방법 | |
Chen et al. | Detecting android malware using clone detection | |
KR101246623B1 (ko) | 악성 애플리케이션 진단 장치 및 방법 | |
WO2018081629A1 (en) | Application security service | |
US20130185799A1 (en) | Trusted installation of a software application | |
CN111563015B (zh) | 数据监控方法及装置、计算机可读介质及终端设备 | |
CN104715200A (zh) | 一种病毒apk的识别方法及装置 | |
CN114386032A (zh) | 电力物联网设备的固件检测***及方法 | |
Zhao et al. | A large-scale empirical analysis of the vulnerabilities introduced by third-party components in IoT firmware | |
CN114462044A (zh) | 一种基于污点分析的uefi固件漏洞静态检测方法及装置 | |
CN110414218B (zh) | 内核检测方法、装置、电子设备及存储介质 | |
US11283836B2 (en) | Automatic decoy derivation through patch transformation | |
CN116932381A (zh) | 小程序安全风险自动化评估方法及相关设备 | |
Niu et al. | Clone analysis and detection in android applications | |
CN114417347A (zh) | 应用程序的漏洞检测方法、装置、设备、存储介质和程序 | |
CN109933990B (zh) | 基于多模式匹配的安全漏洞发现方法、装置及电子设备 | |
KR101369254B1 (ko) | 악성 애플리케이션 진단장치 및 방법 | |
CN102810142B (zh) | 基于可扩展模式的恶意代码查杀***和方法 | |
JP5941745B2 (ja) | アプリケーション解析装置、アプリケーション解析システム、およびプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
ASS | Succession or assignment of patent right |
Owner name: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20121101 Owner name: BEIJING QIHU TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20121101 |
|
C41 | Transfer of patent application or patent right or utility model | ||
COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100016 CHAOYANG, BEIJING TO: 100088 XICHENG, BEIJING |
|
TA01 | Transfer of patent application right |
Effective date of registration: 20121101 Address after: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Applicant after: Qizhi software (Beijing) Co.,Ltd. Address before: The 4 layer 100016 unit of Beijing city Chaoyang District Jiuxianqiao Road No. 14 Building C Applicant before: Qizhi software (Beijing) Co.,Ltd. |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220729 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
TR01 | Transfer of patent right |