CN105989251A - Piratic android application discrimination method and piratic android application discrimination system - Google Patents

Piratic android application discrimination method and piratic android application discrimination system Download PDF

Info

Publication number
CN105989251A
CN105989251A CN201510075472.8A CN201510075472A CN105989251A CN 105989251 A CN105989251 A CN 105989251A CN 201510075472 A CN201510075472 A CN 201510075472A CN 105989251 A CN105989251 A CN 105989251A
Authority
CN
China
Prior art keywords
android
application
android application
legal
doubtful
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510075472.8A
Other languages
Chinese (zh)
Other versions
CN105989251B (en
Inventor
周建宁
刘志诚
王巍
吴卓坤
霍要峰
陈文博
王刚
劳剑明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aspire Digital Technologies Shenzhen Co Ltd
Original Assignee
Aspire Digital Technologies Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aspire Digital Technologies Shenzhen Co Ltd filed Critical Aspire Digital Technologies Shenzhen Co Ltd
Priority to CN201510075472.8A priority Critical patent/CN105989251B/en
Publication of CN105989251A publication Critical patent/CN105989251A/en
Application granted granted Critical
Publication of CN105989251B publication Critical patent/CN105989251B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a piratic android application discrimination method and a piratic android application discrimination system. The system comprises an android application channel monitoring system, an android application data storage center, an android application database and an android application differential analysis system, wherein the android application channel monitoring system is used for acquiring android application basic information from an android application distribution channel and downloading android application installation packages; the android application data storage center is used for intensively storing the android application basic information and the android application installation packages; the android application database is used for constructing an android application information table which contains an application name, application introduction information and version information on the basis of massive android application data of the android application data storage center; and the android application differential analysis system is used for selecting a to-be-monitored legal android application from a pre-constructed legal android application information table, screening all the suspected android applications associated with the to-be-monitored legal android application from the android application information table, and discriminating legal applications, old applications and piratic applications in the suspected android applications according to a set android application version judging condition.

Description

A kind of pirate Android application discriminating method and pirate Android application discrimination system
Technical field
The present invention relates to Android application monitoring technical field, more particularly, it relates to a kind of pirate Android should With discriminating method and pirate Android application discrimination system.
Background technology
At present, pirate Android application decision method depends primarily on the title of application, bag name, signing certificate, I.e. judging that Apply Names is the most similar, bag name is the most identical, and signing certificate is the most different.Such as certain Android Application meets above three condition simultaneously, then judge that the application of this Android is applied as piracy.
Actually, on the one hand, for the different editions of same application, probably due to the signature of original author is demonstrate,proved Book Renewal of Certificate for the Date of Termination, thus cause signing certificate to change, simultaneously as application publication channel is different, can The situation that the application issued is signed by channel again can occur.
On the other hand, Android application radix huge (more than 1,000,000 sections), and it is in rapid growth state, In same type is applied, occur that the similar situation of Apply Names is also extremely widespread, use existing piracy Android application decision method carries out the examination of pirate Android application, just as looking for a needle in a haystack, and not only pirate application Judging inefficiency, False Rate is high, and, the workload of staff is high.
Furthermore, many bootleggers are not for the purpose of replacing legal copy application, therefore the Bao Mingyu of pirate application is just The situation that the bag name of version application is inconsistent is the most universal.Existing pirate Android application decision method cannot be discriminated Not such pirate application.
Summary of the invention
The technical problem to be solved in the present invention is the drawbacks described above for prior art, it is provided that a kind of pirate Android application discriminating method and pirate Android application discrimination system.
The technical solution adopted for the present invention to solve the technical problems is: a kind of pirate Android application of structure is discriminated Other method, described method comprises the steps:
S1, collection are by the Android application essential information of each big Android application channel website orientation, according to Android Application download address in application essential information downloads Android application installation kit from related download source, will gather Android application essential information and the Android application installation kit of download collect to Android application data store The heart;
S2, magnanimity Android application data construct based on remittance Android application data store center comprise application The Android application data base of title, application recommended information and version information;
S3, from legal Android application table, select legal Android application to be monitored, according to the screening bar of input Part filters out from Android application data base and applies, with legal Android to be monitored, all doubtful Android being associated Application, and according to the Android application version decision condition set, the legal copy in the application of this doubtful Android is applied, Old edition application and pirate application are screened one by one.
In the above-mentioned pirate Android application discriminating method of the present invention, also included as follows before described step S1 Step:
S01, the legal Android application build legal copy Android application message provided based on Android application developers Table;
S02, setting are for screening the first decision condition of legal Android application, for screening old version peace Second decision condition of Zhuo Yingyong and for screening the 3rd decision condition of pirate Android application;Wherein
Described first decision condition is as follows: a1, Apply Names are identical;B1, the bag of Android application installation kit Name is identical;C1, version information are identical;D1, signing certificate are identical;
Described second decision condition is as follows: a2, Apply Names are identical;B2, the bag of Android application installation kit Name is identical;C2, version information are different;D2, signing certificate are identical;
Described 3rd decision condition is as follows: a3, Apply Names are similar;B3, the bag of Android application installation kit Name is similar;D3, signing certificate are different;The code that e, legal Android application to be monitored are applied with doubtful Android Similarity is not less than the code similarity threshold of setting;F, legal Android application to be monitored are answered with doubtful Android Text similarity be not less than the text similarity threshold of setting;G, legal Android to be monitored The image file similarity that application and doubtful Android are applied is not less than the image file similarity threshold of setting.
In the above-mentioned pirate Android application discriminating method of the present invention, according to the screening inputted in described step S3 Condition filters out from Android application information table applies, with legal Android to be monitored, all doubtful peace being associated The step of Zhuo Yingyong includes:
The legal Apply Names of Android application to be monitored, the application of setting are monitored keyword as retrieval bar Part retrieves the Android application similar to this Apply Names, or application reference in Android application information table Breath comprises this Apply Names and/or the Android application of this application monitoring keyword, should by the Android retrieved With the doubtful Android application being defined as legal Android application to be monitored.
In the above-mentioned pirate Android application discriminating method of the present invention, according to the Android set in described step S3 Application version decision condition this doubtful Android is applied in legal application, old edition application and pirate application by One step carrying out screening includes:
Legal Android application to be monitored and the application of all doubtful Androids are carried out decompiling, respectively obtains and wait to supervise Survey bag name, signing certificate, Apply Names, resource file, configuration file and the smali of legal Android application File, and each money doubtful Android application bag name, signing certificate, Apply Names, resource file, join Put file and smali file;
By the Apply Names of legal Android application to be monitored, bag name, signing certificate, resource file, configuration The Apply Names of file and smali file and the application of each money doubtful Android, bag name, signing certificate, resource literary composition Part, configuration file and smali file are compared respectively;
If the Apply Names of legal Android application to be monitored, bag name, version information, signing certificate are with a certain The Apply Names of money doubtful Android application, bag name, version information, signing certificate are the most corresponding identical, then Judge this doubtful Android application legal copy as legal Android application to be monitored;
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should Apply Names, bag name, signing certificate correspondence identical, and the version letter of legal Android application to be monitored Cease different from the version information of this doubtful Android application, then judge that the application of this doubtful Android is as this hospitality The old version of monitoring Android application;
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should Apply Names, bag name, signing certificate different, then to legal Android application to be monitored and this The application of doubtful Android carries out similarity analysis, the piracy preset based on applications similar degree analysis result combination Whether Android application decision condition belongs to pirate application to the application of this doubtful Android carries out comprehensive analysis.
In the above-mentioned pirate Android application discriminating method of the present invention, Android applications similar degree analysis includes text File similarity analysis, code similarity analysis and image file similarity analysis;
The described step that legal Android application to be monitored and the application of this doubtful Android are carried out similarity analysis Including:
Calculate legal Android application to be monitored by the first calculating formula of similarity to apply with this doubtful Android The similarity of each file and code similarity;Wherein
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiRepresent one of them file of legal Android application to be monitored and the contrast of this doubtful Android application The similarity of file;
I represents the reference number of a document order that Android is applied;
J represents the edit operation number of times that need to carry out from source string to target string;
D represents file size;
The Similarity value of each pair of file of two Android application and each to literary composition is calculated according to the first similarity formula The meansigma methods of the Similarity value of part, using the meansigma methods of Similarity value that calculated as legal Android to be monitored Apply the text similarity with the application of this doubtful Android and code similarity.
In the above-mentioned pirate Android application discriminating method of the present invention, legal Android to be monitored is applied and this The application of doubtful Android carries out the step of similarity analysis and also includes:
Calculate legal Android application to be monitored by the second calculating formula of similarity to apply with this doubtful Android Image file similarity;Wherein
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Represent the image similarity between legal Android application to be monitored and the application of this doubtful Android;
H0Represent average Hamming distance distance values, legal Android application the most to be monitored and the application of this doubtful Android The meansigma methods of the Hamming distance distance values of each image file.
In the above-mentioned pirate Android application discriminating method of the present invention, average Hamming distance distance values H0Calculating process Comprise the steps:
To be used for characterizing first image file and the application of this doubtful Android of legal Android application to be monitored The first Hamming distance distance values of similarity of contrast images file be set to H1, H is incremental variable, and H Value is defaulted as 0;
By first image file and the contrast images literary composition of doubtful Android application of legal Android application to be monitored Part is contracted to the dimension of picture of 8*8 respectively, to the first image file after this minification and contrast images File carries out ashing process respectively;
Calculate gray scale and the gray scale of 64 pixels of each pixel of first image file of ashed process Meansigma methods, by the average gray one of the gray scale of each pixel under first image file Yu 64 pixels One compares, and builds the first number of the 8*8 form being made up of numeral 0 and numeral 1 according to comparative result Word matrix;
Calculate gray scale and the ash of 64 pixels of each pixel of the contrast images file of this doubtful Android application Degree meansigma methods, by gray scale and the average gray of 64 pixels of each pixel under this contrast images file Compare one by one, build the second of the 8*8 form being made up of numeral 0 and numeral 1 according to comparative result Character matrix;
Numeral identical for coordinate position in first character matrix and the second character matrix is compared one by one, Judge that this is the most identical to numeral, such as difference, then by H1Value add 1;
Accumulative H1Value;
Repeat the above steps, obtains H successively1。。。。。。HNValue;
To H1To HNValue be weighted averagely, obtaining H0
H0Computing formula as follows:
Wherein, N represents the quantity of image file of legal Android application to be monitored and the application of doubtful Android.
The present invention also constructs a kind of pirate Android application discrimination system, and described system includes:
Android application channel monitoring system, should for gathering each money Android from each big Android application channel website Essential information, according to the application download address in Android application essential information from related download source download Android application installation kit;
Android application data store center, for the Android application to Android application channel monitoring system acquisition The Android application installation kit of essential information and download carries out centralized stores;
Android application data base, constructed including the legal Android application provided based on Android application developers Legal Android application information table, for receive from Android application data store center magnanimity Android should By data, comprise Apply Names, application recommended information and version letter based on magnanimity Android application data construct The Android application information table of breath;
Android application difference analysis system, for the legal Android application message from Android application data base Table selects legal Android application to be monitored, according to the screening conditions inputted from this Android application information table Filter out all doubtful Android application being associated with legal Android application to be monitored, and according to the peace set Legal application in the application of this doubtful Android, old edition application and piracy are applied by Zhuo application version decision condition Screen one by one.
In the above-mentioned pirate Android application discrimination system of the present invention, described Android application channel monitoring system bag Include and be laid in domestic and international zones of different, use distributed structure/architecture design, for from Android application channel website Gather the first server cluster of Android applications pages surface information, be laid in domestic and international zones of different, use and divide Cloth architecture design, for the Android application download address that crawls according to this first server cluster from phase Loading source is answered to download the second server cluster of Android application installation kit.
In the above-mentioned pirate Android application discrimination system of the present invention, described Android application difference analysis system Including:
Select module, for selecting legal Android application to be monitored, root from legal Android application information table Filter out from Android application information table according to the screening conditions of input and be associated with legal Android application to be monitored All doubtful Android application;
Android application decompiling module, for answering legal Android application installation kit to be monitored and doubtful Android Carry out decompiling with installation kit, respectively obtain bag name, the signing certificate of legal Android application to be monitored, answer With title, resource file, configuration file and smali file, and the bag name of doubtful Android application, signature Certificate, Apply Names, resource file, configuration file and smali file;
Android applications similar degree analyzes module, for be monitored just according to the first calculating formula of similarity calculating The similarity of each file that version Android application is applied with doubtful Android and code similarity, and for root The image file of legal Android application to be monitored and the application of doubtful Android is calculated according to the second calculating formula of similarity Similarity;
Android application version determination module, for judging bar with reference to the legal copy set/old version Android application Legal application in the application of doubtful Android, old edition application are screened by part, and based on Android application phase The to be monitored legal Android application analyzing module offer like degree is similar to the text of doubtful Android application Degree, code similarity and image file similarity also combine the pirate Android application decision condition of setting to doubting Pirate application in applying like Android is screened.
Implement piracy Android application discriminating method of the present invention and pirate Android application discrimination system, can reach with Lower beneficial effect:
1, piracy Android application discrimination system of the present invention can be according to Apply Names and application monitoring keyword lookup The all doubtful Android application being associated with legal Android application to be monitored, to legal Android application to be monitored And the application of doubtful Android carries out similarity analysis and (includes text similarity analysis, code similarity Analysis, image file similarity analysis), according to similarity analysis result, and combine the pirate Android of setting Pirate application during doubtful Android is applied by application decision condition carries out comprehensive analysis, compares existing piracy For Android application decision technology, examination efficiency and the accuracy rate with pirate application are high, and False Rate is extremely low Outstanding advantages.
2, in piracy Android application discrimination system of the present invention, Android application safety assessment system can be to piracy The potential safety hazard (hiding the malicious code in piracy is applied and malicious act thereof) of the pirate application in storehouse It is analyzed and assesses, generating pirate Android application security analysis report according to assessment result, therefore this is System can enumerate pirate Android, and apply and provide piracy Android application security analysis report for reference, keeps away Exempt from user to download pirate Android and apply and sustain a loss.
3, in Android application Surveillance generation system of the present invention, Android application difference analysis system can Legal application, old edition application and piracy in all doubtful Android application that legal Android to be monitored is applied Application is screened quickly and efficiently, and Android application Surveillance generates system can be poor based on Android application Legal copy in legal Android application to be monitored is applied by the examination result of alienation analysis system, old edition is applied, Total download and the respective channel source of pirate application are added up, and provide legal Android application to be monitored Download service condition Surveillance, it is simple to legal Android application developers right-safeguarding.
Accompanying drawing explanation
The structure of the pirate Android application discrimination system that first preferred embodiment that Fig. 1 is the present invention provides Block diagram;
Fig. 2 is the Android application channel monitoring system under the pirate Android application discrimination system shown in Fig. 1 Structured flowchart;
Fig. 3 is the Android application difference analysis system under the pirate Android application discrimination system shown in Fig. 1 Structured flowchart;
The flow process of the pirate Android application discriminating method that second preferred embodiment that Fig. 4 is the present invention provides Figure.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with this Accompanying drawing in bright embodiment, is clearly and completely described the technical scheme in the embodiment of the present invention. Based on the embodiment in the present invention, those of ordinary skill in the art are not under making creative work premise The every other embodiment obtained, broadly falls into the scope of protection of the invention.
Embodiment one
The present embodiment discloses a kind of pirate Android application discrimination system.
As it is shown in figure 1, this piracy Android application discrimination system includes the Android application channel prison being sequentially connected with Examining system 100, Android application data store center 200, Android application difference analysis system 300, peace Zhuo Yingyong data base 400 and the Android application safety assessment system of connection Android application data base 400 500 and Android application Surveillance generate system 600.Wherein:
Android application channel monitoring system 100 is for gathering by each channel website (such as including 360 Each big Mobile solution resource website) issue each money Android application essential information, according to Android apply From related download source, (such as, 360 Mobile solution stores, Semen setariae move application download address in essential information Dynamic application store, Huawei's Mobile solution store) download Android application installation kit.
Android application data store center 200 is for the peace gathering Android application channel monitoring system 100 The Android application installation kit of Zhuo Yingyong essential information and download carries out centralized stores.
Android application data base 400 pacifies for receiving the magnanimity from Android application data store center 200 Zhuo Yingyong data, comprise Apply Names, application recommended information and version based on magnanimity Android application data construct The Android application information table of this information.
Android application safety assessment system 500 is for the malicious code hidden in piracy is applied and evil thereof Meaning behavior is analyzed and assesses, and generates pirate Android application safety in operation assessment result.
It is all doubtful for apply legal Android to be monitored that Android application Surveillance generates system 600 Unite in legal application, old edition application, the download of pirate application and channel source thereof in Android application Meter, generates Android application Surveillance.
Android application data base 400 also includes the legal Android application structure provided based on Android application developers The legal Android application information table built and storage are for screening legal Android application, old version Android The Android application version of the adjustable parameter (i.e. Android application version decision condition) of application and pirate Android application This critical parameter table.Android application version critical parameter table of the present invention includes for screening legal Android application The first decision condition, for screen old version Android application the second decision condition and for screening robber 3rd decision condition of version Android application;Wherein
First decision condition is as follows: a1, Apply Names are identical;B1, the bag famous prime minister of Android application installation kit With;C1, version information are identical;D1, signing certificate are identical;
Second decision condition is as follows: a2, Apply Names are identical;B2, the bag famous prime minister of Android application installation kit With;C2, version information are different;D2, signing certificate are identical;
3rd decision condition is as follows: a3, Apply Names basic simlarity;B3, the bag of Android application installation kit Name is similar;D3, signing certificate are different;The code that e, legal Android application to be monitored are applied with doubtful Android Similarity is not less than the code similarity threshold (preferably 85%) of setting;F, legal Android to be monitored are answered The text similarity threshold being not less than setting by the text similarity applied with doubtful Android is (excellent Elect 60% as);G, legal Android to be monitored are applied the lowest with the image file similarity of doubtful Android application In the image file similarity threshold (preferably 75%) set.
Android application difference analysis system 300 is to be monitored for choosing from legal Android application information table Legal Android application, according to the screening conditions of input filter out from Android application information table with to be monitored just The all doubtful Android application that version Android application is associated, according to the Android application version decision condition set Legal application, old edition application and pirate application in applying this doubtful Android are screened.
As in figure 2 it is shown, Android application channel of the present invention monitoring system 100 to include that several are laid in domestic Outer zones of different, uses distributed structure/architecture design, basic for gathering Android application from each big channel website The first of information (including applying recommended information, application download address, developer's information, application version) Server cluster 101 and be laid in domestic and international zones of different, uses distributed structure/architecture design, for root The Android application download address provided according to first server cluster 101 downloads Android from Android application loading source The second server cluster 102 of application installation kit.First server cluster 101 and second server cluster 102 all include multiple stage Cloud Server.
As it is shown on figure 3, Android application difference analysis system 300 of the present invention includes the selection being sequentially connected with Module 301, Android application decompiling module 302, Android applications similar degree analyze module 303 and Android should With version determination module 304.
Select module 301 to be used for from legal Android application information table and select legal Android application to be monitored, Screening conditions according to input filter out relevant to legal Android application to be monitored from Android application information table The all doubtful Android application of connection;
Android application decompiling module 302 is for legal Android application installation kit to be monitored and doubtful Android Application installation kit carries out decompiling, respectively obtain the bag name of legal Android application to be monitored, signing certificate, Apply Names, resource file, configuration file and smali file, and the bag name of doubtful Android application, label Name certificate, Apply Names, resource file, configuration file and smali file.
Android applications similar degree analyzes module 303 for calculating to be monitored according to the first calculating formula of similarity The similarity of each file that legal Android application is applied with doubtful Android and code similarity, and be used for The image literary composition of legal Android application to be monitored and the application of doubtful Android is calculated according to the second calculating formula of similarity Part similarity.
Android application version determination module 304 is for judging with reference to the legal copy set/old version Android application Condition doubtful Android is applied in legal application, old edition application screen, and based on to be monitored just Version Android application is similar to text similarity, code similarity and the image file of the application of doubtful Android The pirate application spent and combine during doubtful Android is applied by the pirate Android application decision condition of setting is discriminated Not.
In piracy Android application discrimination system of the present invention:
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiRepresent one of them file of legal Android application to be monitored and the contrast of this doubtful Android application The similarity of file;
I represents the reference number of a document order that Android is applied;
J represents the edit operation number of times that need to carry out from source string to target string;
D represents file size.
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Represent the image similarity between legal Android application to be monitored and the application of this doubtful Android;
H0Represent average Hamming distance distance values, legal Android application the most to be monitored and the application of this doubtful Android The meansigma methods of the Hamming distance distance values of each image file.
Embodiment two
The present embodiment discloses a kind of piracy based on the pirate Android application discrimination system described in embodiment one Android application discriminating method.As shown in Figure 4, the handling process of the method comprises the steps:
Step 101, native system operator pre-set Android application version decision condition and (include for discriminating First decision condition of legal Android application, for screening the second judgement bar of old version Android application Part and for screening the 3rd decision condition of pirate Android application), by relevant for Android application version decision condition The Android application version critical parameter table that is stored in Android data base of supplemental characteristic.
One legal copy of legal Android application build that native system operator provide based on Android application developers Android application information table, is stored in Android data base by legal copy Android application information table.
Step 102, by Android application channel monitoring system 100 from each big channel website gather Android apply Essential information, according to the application download address in Android application essential information from relevant Android application website Carry Android application installation kit (Android Package, APK), the Android application essential information that will gather And the Android application installation kit downloaded imports Android application data store center 200.
Step 103, Android application difference analysis system 300 will be from Android application data store centers The Android application data conversion storage of 200 applies data base 400 in Android.
Step 104, the selection module 301 of Android application difference analysis system 300 are applied from legal Android Information table selects legal application to be monitored, (includes Apply Names, key according to the screening conditions of input Word) apply screening data base 400 all doubtful with what legal Android application to be monitored was associated from Android Android application (can be that the Apply Names Android similar to the Apply Names in screening conditions is applied, or Application recommended information comprises the Android application of this key word).
Step 105, Android application decompiling module 302 are to legal Android application to be monitored and the institute of association thereof The installation kit having doubtful Android to apply carries out decompiling, respectively obtain legal Android application to be monitored bag name, Signing certificate, Apply Names, resource file, configuration file and smali file, and the doubtful Android of each money Bag name, signing certificate, Apply Names, resource file, configuration file and the smali file of application.
Step 106, Android application version determination module 304 by the Apply Names of legal Android application to be monitored, Bag name, signing certificate, resource file, configuration file and smali file should with the application of each money doubtful Android Compare respectively with title, bag name, signing certificate, resource file, configuration file and smali file.
If the Apply Names of legal Android application to be monitored, bag name, version information, signing certificate are with a certain The Apply Names of money doubtful Android application, bag name, version information, signing certificate are the most corresponding identical, then Judge this doubtful Android application legal application as legal Android application to be monitored.
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should Apply Names, bag name, signing certificate correspondence identical, and the version letter of legal Android application to be monitored Cease different from the version information of this doubtful Android application, then judge that the application of this doubtful Android is as this hospitality The old version of monitoring Android application.
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should Apply Names, bag name, signing certificate different, then enter step 107.
Step 107, analyzed module 303 by Android applications similar degree and legal Android to be monitored is applied and should The application of money doubtful Android carries out similarity analysis, based on applications similar degree analysis result the robber that combines setting Whether version Android application decision condition belongs to pirate application to the application of this doubtful Android carries out comprehensive analysis, Include confirmed pirate Android application in pirate storehouse.
Step 107 includes following sub-step:
Step 1071, calculated legal Android application to be monitored by the first calculating formula of similarity and doubt with this Similarity like each file of Android application;Wherein
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiRepresent one of them file of legal Android application to be monitored and the contrast of this doubtful Android application The similarity of file;
I represents the reference number of a document order that Android is applied;
J represents the edit operation number of times that need to carry out from source string to target string;
D represents file size;
Step 1072, calculate the similarity of each pair of file of two Android application according to the first similarity formula Value and the meansigma methods of Similarity value of each pair of file, supervise the meansigma methods of the Similarity value calculated as waiting Survey text similarity and code similarity that legal Android application is applied with this doubtful Android;
Step 1073, calculated legal Android application to be monitored by the second calculating formula of similarity and doubt with this Image file similarity like Android application;Wherein
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Represent the image similarity between legal Android application to be monitored and the application of this doubtful Android;
H0Represent average Hamming distance distance values, legal Android application the most to be monitored and the application of this doubtful Android The meansigma methods of the Hamming distance distance values of each image file.
Wherein, average Hamming distance distance values H in step 10730Calculating process include following sub-step:
S10731, will be used for characterizing first image file of legal Android application to be monitored and this is doubtful First Hamming distance distance values of the similarity of the contrast images file of Android application is set to H1, H is incremental variable, And the value of H is defaulted as 0;
It is right that S10732, first image file legal Android to be monitored applied and doubtful Android are applied Be contracted to the dimension of picture of 8*8 respectively than image file, to the first image file after this minification and Contrast images file carries out ashing process respectively;
S10733, the gray scale calculating each pixel of first image file of ashed process and 64 pictures The average gray of element, by the gray scale of the gray scale of each pixel under first image file Yu 64 pixels Meansigma methods compares one by one, builds the 8*8 form being made up of numeral 0 and numeral 1 according to comparative result The first character matrix;
S10734, calculate the gray scale of each pixel of the contrast images file of this doubtful Android application and 64 The average gray of pixel, by gray scale and the ash of 64 pixels of each pixel under this contrast images file Degree meansigma methods compares one by one, builds the 8*8 shape being made up of numeral 0 and numeral 1 according to comparative result Second character matrix of formula;
S10735, numeral identical for coordinate position in the first character matrix and the second character matrix is entered one by one Row comparison, it is judged that this is the most identical to numeral, such as difference, then by H1Value add 1;
Accumulative H1Value;
Repeat the above steps, obtains H successively1。。。。。。HNValue;
S10736, to H1To HNValue be weighted averagely, obtaining H0
H0Computing formula as follows:
Wherein, N represents the quantity of image file of legal Android application to be monitored and the application of doubtful Android.
Step 108, the Android application safety assessment system 500 potential safety hazard to the pirate application in pirate storehouse (hiding the malicious code in piracy is applied and malicious act thereof) is analyzed and assesses, according to assessment Result generates pirate Android application security analysis report.It is right that Android application Surveillance generates system 600 Legal application, old edition in all doubtful Android application that legal copy Android to be monitored is applied are applied, piracy should Download and channel source add up, generate Android application Surveillance.
In sum, piracy Android application discriminating method of the present invention and pirate Android application discrimination system is excellent Point is embodied in:
1, piracy Android application discrimination system of the present invention can be according to Apply Names and application monitoring keyword lookup The all doubtful Android application being associated with legal Android application to be monitored, to legal Android application to be monitored And the application of doubtful Android carries out similarity analysis and (includes text similarity analysis, code similarity Analysis, image file similarity analysis), according to similarity analysis result, and combine the pirate Android of setting Pirate application during doubtful Android is applied by application decision condition carries out comprehensive analysis, compares existing piracy For Android application decision technology, examination efficiency and the accuracy rate with pirate application are high, and False Rate is extremely low Outstanding advantages.
2, in piracy Android application discrimination system of the present invention, Android application safety assessment system 500 can be right The potential safety hazard of the pirate application in pirate storehouse (hides the malicious code in piracy is applied and malice row thereof For) be analyzed and assess, generate pirate Android application security analysis report according to assessment result, therefore Native system can be enumerated pirate Android and apply and provide pirate Android application security analysis report for user's ginseng Examine, it is to avoid user downloads pirate Android and applies and sustain a loss.
3, generate in system 600 at Android application Surveillance of the present invention, Android application difference analysis system Legal application in all doubtful Android application of legal copy Android application to be monitored, old edition can be answered by system 300 With and pirate application screen quickly and efficiently, Android application Surveillance generation system 600 can base Legal copy in legal Android to be monitored is applied by the examination result of Android application difference analysis system 300 Application, old edition application, total download of pirate application and respective channel source are added up, and provide and treat The download service condition Surveillance of monitoring legal Android application, it is simple to legal Android application developers right-safeguarding.
One of ordinary skill in the art will appreciate that all or part of ring realizing in above-described embodiment method Joint, can be by computer program and completes to instruct relevant hardware, and described program can be stored in In one computer read/write memory medium, this program is upon execution, it may include such as the enforcement of above-mentioned each method The link of example.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc..
Above in conjunction with accompanying drawing, embodiments of the invention are described, but the invention is not limited in The detailed description of the invention stated, above-mentioned detailed description of the invention is only schematic rather than restrictive, Those of ordinary skill in the art is under the enlightenment of the present invention, without departing from present inventive concept and claim Under the ambit protected, it may also be made that a lot of form, within these belong to the protection of the present invention.

Claims (10)

1. a pirate Android application discriminating method, it is characterised in that described method comprises the steps:
S1, collection are by the Android application essential information of each big Android application channel website orientation, according to Android Application download address in application essential information downloads Android application installation kit from related download source, will gather Android application essential information and the Android application installation kit of download collect to Android application data store The heart;
S2, magnanimity Android application data construct based on remittance Android application data store center comprise application The Android application data base of title, application recommended information and version information;
S3, from legal Android application table, select legal Android application to be monitored, according to the screening bar of input Part filters out from Android application data base and applies, with legal Android to be monitored, all doubtful Android being associated Application, and according to the Android application version decision condition set, the legal copy in the application of this doubtful Android is applied, Old edition application and pirate application are screened one by one.
Pirate Android application discriminating method the most according to claim 1, it is characterised in that described Also comprise the steps: before step S1
S01, the legal Android application build legal copy Android application message provided based on Android application developers Table;
S02, setting are for screening the first decision condition of legal Android application, for screening old version peace Second decision condition of Zhuo Yingyong and for screening the 3rd decision condition of pirate Android application;Wherein
Described first decision condition is as follows: a1, Apply Names are identical;B1, the bag of Android application installation kit Name is identical;C1, version information are identical;D1, signing certificate are identical;
Described second decision condition is as follows: a2, Apply Names are identical;B2, the bag of Android application installation kit Name is identical;C2, version information are different;D2, signing certificate are identical;
Described 3rd decision condition is as follows: a3, Apply Names are similar;B3, the bag of Android application installation kit Name is similar;D3, signing certificate are different;The code that e, legal Android application to be monitored are applied with doubtful Android Similarity is not less than the code similarity threshold of setting;F, legal Android application to be monitored are answered with doubtful Android Text similarity be not less than the text similarity threshold of setting;G, legal Android to be monitored The image file similarity that application and doubtful Android are applied is not less than the image file similarity threshold of setting.
Pirate Android application discriminating method the most according to claim 2, it is characterised in that described step Filtering out from Android application information table according to the screening conditions of input in rapid S3 should with legal Android to be monitored Include by the step of all doubtful Android application being associated:
The legal Apply Names of Android application to be monitored, the application of setting are monitored keyword as retrieval bar Part retrieves the Android application similar to this Apply Names, or application reference in Android application information table Breath comprises this Apply Names and/or the Android application of this application monitoring keyword, should by the Android retrieved With the doubtful Android application being defined as legal Android application to be monitored.
Pirate Android application discriminating method the most according to claim 3, it is characterised in that described step Legal copy in the application of this doubtful Android is applied by rapid S3 according to the Android application version decision condition set, The step that old edition application and pirate application carry out screening one by one includes:
Legal Android application to be monitored and the application of all doubtful Androids are carried out decompiling, respectively obtains and wait to supervise Survey bag name, signing certificate, Apply Names, resource file, configuration file and the smali of legal Android application File, and each money doubtful Android application bag name, signing certificate, Apply Names, resource file, join Put file and smali file;
By the Apply Names of legal Android application to be monitored, bag name, signing certificate, resource file, configuration The Apply Names of file and smali file and the application of each money doubtful Android, bag name, signing certificate, resource literary composition Part, configuration file and smali file are compared respectively;
If the Apply Names of legal Android application to be monitored, bag name, version information, signing certificate are with a certain The Apply Names of money doubtful Android application, bag name, version information, signing certificate are the most corresponding identical, then Judge this doubtful Android application legal copy as legal Android application to be monitored;
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should Apply Names, bag name, signing certificate correspondence identical, and the version letter of legal Android application to be monitored Cease different from the version information of this doubtful Android application, then judge that the application of this doubtful Android is as this hospitality The old version of monitoring Android application;
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should Apply Names, bag name, signing certificate different, then to legal Android application to be monitored and this The application of doubtful Android carries out similarity analysis, the piracy preset based on applications similar degree analysis result combination Whether Android application decision condition belongs to pirate application to the application of this doubtful Android carries out comprehensive analysis.
Pirate Android application discriminating method the most according to claim 4, it is characterised in that Android should Text similarity analysis, code similarity analysis and image file similarity is included with similarity analysis Analyze;
The described step that legal Android application to be monitored and the application of this doubtful Android are carried out similarity analysis Including:
Calculate legal Android application to be monitored by the first calculating formula of similarity to apply with this doubtful Android The similarity of each file and code similarity;Wherein
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiRepresent one of them file of legal Android application to be monitored and the contrast of this doubtful Android application The similarity of file;
I represents the reference number of a document order that Android is applied;
J represents the edit operation number of times that need to carry out from source string to target string;
D represents file size;
The Similarity value of each pair of file of two Android application and each to literary composition is calculated according to the first similarity formula The meansigma methods of the Similarity value of part, using the meansigma methods of Similarity value that calculated as legal Android to be monitored Apply the text similarity with the application of this doubtful Android and code similarity.
Pirate Android application discriminating method the most according to claim 5, it is characterised in that described right Legal Android application to be monitored and the application of this doubtful Android carry out the step of similarity analysis and also include:
Calculate legal Android application to be monitored by the second calculating formula of similarity to apply with this doubtful Android Image file similarity;Wherein
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Represent the image similarity between legal Android application to be monitored and the application of this doubtful Android;
H0Represent average Hamming distance distance values, legal Android application the most to be monitored and the application of this doubtful Android The meansigma methods of the Hamming distance distance values of each image file.
Pirate Android application discriminating method the most according to claim 6, it is characterised in that the average Chinese Prescribed distance value H0Calculating process comprise the steps:
To be used for characterizing first image file and the application of this doubtful Android of legal Android application to be monitored The first Hamming distance distance values of similarity of contrast images file be set to H1, H is incremental variable, and H Value is defaulted as 0;
By first image file and the contrast images literary composition of doubtful Android application of legal Android application to be monitored Part is contracted to the dimension of picture of 8*8 respectively, to the first image file after this minification and contrast images File carries out ashing process respectively;
Calculate gray scale and the gray scale of 64 pixels of each pixel of first image file of ashed process Meansigma methods, by the average gray one of the gray scale of each pixel under first image file Yu 64 pixels One compares, and builds the first number of the 8*8 form being made up of numeral 0 and numeral 1 according to comparative result Word matrix;
Calculate gray scale and the ash of 64 pixels of each pixel of the contrast images file of this doubtful Android application Degree meansigma methods, by gray scale and the average gray of 64 pixels of each pixel under this contrast images file Compare one by one, build the second of the 8*8 form being made up of numeral 0 and numeral 1 according to comparative result Character matrix;
Numeral identical for coordinate position in first character matrix and the second character matrix is compared one by one, Judge that this is the most identical to numeral, such as difference, then by H1Value add 1;
Accumulative H1Value;
Repeat the above steps, obtains H successively1。。。。。。HNValue;
To H1To HNValue be weighted averagely, obtaining H0
H0Computing formula as follows:
Wherein, N represents the quantity of image file of legal Android application to be monitored and the application of doubtful Android.
8. a pirate Android application discrimination system, it is characterised in that described system includes:
Android application channel monitoring system, should for gathering each money Android from each big Android application channel website Essential information, according to the application download address in Android application essential information from related download source download Android application installation kit;
Android application data store center, for the Android application to Android application channel monitoring system acquisition The Android application installation kit of essential information and download carries out centralized stores;
Android application data base, constructed including the legal Android application provided based on Android application developers Legal Android application information table, for receive from Android application data store center magnanimity Android should By data, comprise Apply Names, application recommended information and version letter based on magnanimity Android application data construct The Android application information table of breath;
Android application difference analysis system, for the legal Android application message from Android application data base Table selects legal Android application to be monitored, according to the screening conditions inputted from this Android application information table Filter out all doubtful Android application being associated with legal Android application to be monitored, and according to the peace set Legal application in the application of this doubtful Android, old edition application and piracy are applied by Zhuo application version decision condition Screen one by one.
Pirate Android application discrimination system the most according to claim 8, it is characterised in that described peace Zhuo Yingyong channel monitoring system includes being laid in domestic and international zones of different, uses distributed structure/architecture design, uses In gathering the first server cluster of Android applications pages surface information from Android application channel website, being laid in state Inside and outside zones of different, uses distributed structure/architecture design, for crawl according to this first server cluster Android application download address downloads the second server cluster of Android application installation kit from respective downloaded source.
Pirate Android application discrimination system the most according to claim 9, it is characterised in that described Android application difference analysis system includes:
Select module, for selecting legal Android application to be monitored, root from legal Android application information table Filter out from Android application information table according to the screening conditions of input and be associated with legal Android application to be monitored All doubtful Android application;
Android application decompiling module, for answering legal Android application installation kit to be monitored and doubtful Android Carry out decompiling with installation kit, respectively obtain bag name, the signing certificate of legal Android application to be monitored, answer With title, resource file, configuration file and smali file, and the bag name of doubtful Android application, signature Certificate, Apply Names, resource file, configuration file and smali file;
Android applications similar degree analyzes module, for be monitored just according to the first calculating formula of similarity calculating The similarity of each file that version Android application is applied with doubtful Android and code similarity, and for root The image file of legal Android application to be monitored and the application of doubtful Android is calculated according to the second calculating formula of similarity Similarity;
Android application version determination module, for judging bar with reference to the legal copy set/old version Android application Legal application in the application of doubtful Android, old edition application are screened by part, and based on Android application phase The to be monitored legal Android application analyzing module offer like degree is similar to the text of doubtful Android application Degree, code similarity and image file similarity also combine the pirate Android application decision condition of setting to doubting Pirate application in applying like Android is screened.
CN201510075472.8A 2015-02-12 2015-02-12 A kind of piracy Android application discriminating method and pirate Android application discrimination system Active CN105989251B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510075472.8A CN105989251B (en) 2015-02-12 2015-02-12 A kind of piracy Android application discriminating method and pirate Android application discrimination system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510075472.8A CN105989251B (en) 2015-02-12 2015-02-12 A kind of piracy Android application discriminating method and pirate Android application discrimination system

Publications (2)

Publication Number Publication Date
CN105989251A true CN105989251A (en) 2016-10-05
CN105989251B CN105989251B (en) 2019-03-29

Family

ID=57042109

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510075472.8A Active CN105989251B (en) 2015-02-12 2015-02-12 A kind of piracy Android application discriminating method and pirate Android application discrimination system

Country Status (1)

Country Link
CN (1) CN105989251B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106548074A (en) * 2016-12-09 2017-03-29 江苏通付盾科技有限公司 Application program analyzing monitoring method and system
CN106919844A (en) * 2017-02-14 2017-07-04 暨南大学 A kind of android system vulnerability of application program detection method
CN107220527A (en) * 2017-04-18 2017-09-29 努比亚技术有限公司 One kind application discriminating method and application management equipment
CN109002441A (en) * 2017-06-06 2018-12-14 阿里巴巴集团控股有限公司 Determination method, the exception of Apply Names similarity apply detection method and system
CN109583157A (en) * 2017-09-29 2019-04-05 卓望数码技术(深圳)有限公司 A kind of long-range trace protecting method of APP and system
CN110362729A (en) * 2019-07-03 2019-10-22 杭州安恒信息技术股份有限公司 Non- restocking risk APP search method based on search engine
CN110610066A (en) * 2018-06-15 2019-12-24 武汉安天信息技术有限责任公司 Counterfeit application detection method and related device
CN111046316A (en) * 2019-12-16 2020-04-21 北京智游网安科技有限公司 Application on-shelf state monitoring method, intelligent terminal and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222199A (en) * 2011-06-03 2011-10-19 奇智软件(北京)有限公司 Method and system for identifying identification of application program
CN102779257A (en) * 2012-06-28 2012-11-14 奇智软件(北京)有限公司 Security detection method and system of Android application program
CN103324697A (en) * 2013-06-07 2013-09-25 北京掌汇天下科技有限公司 Method for removing copycatting applications in android application search and based on icon contrast
CN104123493A (en) * 2014-07-31 2014-10-29 百度在线网络技术(北京)有限公司 Method and device for detecting safety performance of application program
CN104133832A (en) * 2014-05-15 2014-11-05 腾讯科技(深圳)有限公司 Pirate application identification method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222199A (en) * 2011-06-03 2011-10-19 奇智软件(北京)有限公司 Method and system for identifying identification of application program
CN102779257A (en) * 2012-06-28 2012-11-14 奇智软件(北京)有限公司 Security detection method and system of Android application program
CN103324697A (en) * 2013-06-07 2013-09-25 北京掌汇天下科技有限公司 Method for removing copycatting applications in android application search and based on icon contrast
CN104133832A (en) * 2014-05-15 2014-11-05 腾讯科技(深圳)有限公司 Pirate application identification method and device
CN104123493A (en) * 2014-07-31 2014-10-29 百度在线网络技术(北京)有限公司 Method and device for detecting safety performance of application program

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106548074A (en) * 2016-12-09 2017-03-29 江苏通付盾科技有限公司 Application program analyzing monitoring method and system
CN106919844A (en) * 2017-02-14 2017-07-04 暨南大学 A kind of android system vulnerability of application program detection method
CN106919844B (en) * 2017-02-14 2019-08-02 暨南大学 A kind of android system vulnerability of application program detection method
CN107220527A (en) * 2017-04-18 2017-09-29 努比亚技术有限公司 One kind application discriminating method and application management equipment
CN109002441A (en) * 2017-06-06 2018-12-14 阿里巴巴集团控股有限公司 Determination method, the exception of Apply Names similarity apply detection method and system
CN109583157A (en) * 2017-09-29 2019-04-05 卓望数码技术(深圳)有限公司 A kind of long-range trace protecting method of APP and system
CN110610066A (en) * 2018-06-15 2019-12-24 武汉安天信息技术有限责任公司 Counterfeit application detection method and related device
CN110362729A (en) * 2019-07-03 2019-10-22 杭州安恒信息技术股份有限公司 Non- restocking risk APP search method based on search engine
CN111046316A (en) * 2019-12-16 2020-04-21 北京智游网安科技有限公司 Application on-shelf state monitoring method, intelligent terminal and storage medium
CN111046316B (en) * 2019-12-16 2023-03-21 北京智游网安科技有限公司 Application on-shelf state monitoring method, intelligent terminal and storage medium

Also Published As

Publication number Publication date
CN105989251B (en) 2019-03-29

Similar Documents

Publication Publication Date Title
CN105989251A (en) Piratic android application discrimination method and piratic android application discrimination system
US20220327409A1 (en) Real Time Detection of Cyber Threats Using Self-Referential Entity Data
Zhou et al. Coverless image steganography using partial-duplicate image retrieval
CN103080932B (en) Process associated data set
CN107241296B (en) Webshell detection method and device
CN103679031B (en) A kind of immune method and apparatus of file virus
CN104618350B (en) A kind of generation method of picture validation code
EP3449414A1 (en) Computer-implemented privacy engineering system and method
CN103493061A (en) Methods and apparatus for dealing with malware
CN110796269B (en) Method and device for generating model, and method and device for processing information
CN111651768B (en) Method and device for identifying link library function name of computer binary program
Lai et al. An improved block-based matching algorithm of copy-move forgery detection
CN111177795A (en) Method, device and computer storage medium for identifying video tampering by using block chain
CN113901465A (en) Heterogeneous network-based Android malicious software detection method
CN114637892A (en) Overview map generation method of system log dependency map for attack investigation and recovery
Khan et al. Digital forensics and cyber forensics investigation: security challenges, limitations, open issues, and future direction
US20230315846A1 (en) System and method for detecting leaked documents on a computer network
CN112765673A (en) Sensitive data statistical method and related device
CN107819748A (en) A kind of anti-identifying code implementation method cracked and device
CN114036514A (en) Malicious code homologous analysis method and device and computer readable storage medium
CN112765016A (en) Open source software availability judgment method and device
CN105095752A (en) Identification method, apparatus and system of virus packet
US20090288027A1 (en) Visualization and management of information technology components
Anwar et al. Validation Analysis of Scalable Vector Graphics (SVG) File Upload using Magic Number and Document Object Model (DOM)
CN105227338B (en) The recognition methods of web station system information and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant