CN105989251A - Piratic android application discrimination method and piratic android application discrimination system - Google Patents
Piratic android application discrimination method and piratic android application discrimination system Download PDFInfo
- Publication number
- CN105989251A CN105989251A CN201510075472.8A CN201510075472A CN105989251A CN 105989251 A CN105989251 A CN 105989251A CN 201510075472 A CN201510075472 A CN 201510075472A CN 105989251 A CN105989251 A CN 105989251A
- Authority
- CN
- China
- Prior art keywords
- android
- application
- android application
- legal
- doubtful
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a piratic android application discrimination method and a piratic android application discrimination system. The system comprises an android application channel monitoring system, an android application data storage center, an android application database and an android application differential analysis system, wherein the android application channel monitoring system is used for acquiring android application basic information from an android application distribution channel and downloading android application installation packages; the android application data storage center is used for intensively storing the android application basic information and the android application installation packages; the android application database is used for constructing an android application information table which contains an application name, application introduction information and version information on the basis of massive android application data of the android application data storage center; and the android application differential analysis system is used for selecting a to-be-monitored legal android application from a pre-constructed legal android application information table, screening all the suspected android applications associated with the to-be-monitored legal android application from the android application information table, and discriminating legal applications, old applications and piratic applications in the suspected android applications according to a set android application version judging condition.
Description
Technical field
The present invention relates to Android application monitoring technical field, more particularly, it relates to a kind of pirate Android should
With discriminating method and pirate Android application discrimination system.
Background technology
At present, pirate Android application decision method depends primarily on the title of application, bag name, signing certificate,
I.e. judging that Apply Names is the most similar, bag name is the most identical, and signing certificate is the most different.Such as certain Android
Application meets above three condition simultaneously, then judge that the application of this Android is applied as piracy.
Actually, on the one hand, for the different editions of same application, probably due to the signature of original author is demonstrate,proved
Book Renewal of Certificate for the Date of Termination, thus cause signing certificate to change, simultaneously as application publication channel is different, can
The situation that the application issued is signed by channel again can occur.
On the other hand, Android application radix huge (more than 1,000,000 sections), and it is in rapid growth state,
In same type is applied, occur that the similar situation of Apply Names is also extremely widespread, use existing piracy
Android application decision method carries out the examination of pirate Android application, just as looking for a needle in a haystack, and not only pirate application
Judging inefficiency, False Rate is high, and, the workload of staff is high.
Furthermore, many bootleggers are not for the purpose of replacing legal copy application, therefore the Bao Mingyu of pirate application is just
The situation that the bag name of version application is inconsistent is the most universal.Existing pirate Android application decision method cannot be discriminated
Not such pirate application.
Summary of the invention
The technical problem to be solved in the present invention is the drawbacks described above for prior art, it is provided that a kind of pirate
Android application discriminating method and pirate Android application discrimination system.
The technical solution adopted for the present invention to solve the technical problems is: a kind of pirate Android application of structure is discriminated
Other method, described method comprises the steps:
S1, collection are by the Android application essential information of each big Android application channel website orientation, according to Android
Application download address in application essential information downloads Android application installation kit from related download source, will gather
Android application essential information and the Android application installation kit of download collect to Android application data store
The heart;
S2, magnanimity Android application data construct based on remittance Android application data store center comprise application
The Android application data base of title, application recommended information and version information;
S3, from legal Android application table, select legal Android application to be monitored, according to the screening bar of input
Part filters out from Android application data base and applies, with legal Android to be monitored, all doubtful Android being associated
Application, and according to the Android application version decision condition set, the legal copy in the application of this doubtful Android is applied,
Old edition application and pirate application are screened one by one.
In the above-mentioned pirate Android application discriminating method of the present invention, also included as follows before described step S1
Step:
S01, the legal Android application build legal copy Android application message provided based on Android application developers
Table;
S02, setting are for screening the first decision condition of legal Android application, for screening old version peace
Second decision condition of Zhuo Yingyong and for screening the 3rd decision condition of pirate Android application;Wherein
Described first decision condition is as follows: a1, Apply Names are identical;B1, the bag of Android application installation kit
Name is identical;C1, version information are identical;D1, signing certificate are identical;
Described second decision condition is as follows: a2, Apply Names are identical;B2, the bag of Android application installation kit
Name is identical;C2, version information are different;D2, signing certificate are identical;
Described 3rd decision condition is as follows: a3, Apply Names are similar;B3, the bag of Android application installation kit
Name is similar;D3, signing certificate are different;The code that e, legal Android application to be monitored are applied with doubtful Android
Similarity is not less than the code similarity threshold of setting;F, legal Android application to be monitored are answered with doubtful Android
Text similarity be not less than the text similarity threshold of setting;G, legal Android to be monitored
The image file similarity that application and doubtful Android are applied is not less than the image file similarity threshold of setting.
In the above-mentioned pirate Android application discriminating method of the present invention, according to the screening inputted in described step S3
Condition filters out from Android application information table applies, with legal Android to be monitored, all doubtful peace being associated
The step of Zhuo Yingyong includes:
The legal Apply Names of Android application to be monitored, the application of setting are monitored keyword as retrieval bar
Part retrieves the Android application similar to this Apply Names, or application reference in Android application information table
Breath comprises this Apply Names and/or the Android application of this application monitoring keyword, should by the Android retrieved
With the doubtful Android application being defined as legal Android application to be monitored.
In the above-mentioned pirate Android application discriminating method of the present invention, according to the Android set in described step S3
Application version decision condition this doubtful Android is applied in legal application, old edition application and pirate application by
One step carrying out screening includes:
Legal Android application to be monitored and the application of all doubtful Androids are carried out decompiling, respectively obtains and wait to supervise
Survey bag name, signing certificate, Apply Names, resource file, configuration file and the smali of legal Android application
File, and each money doubtful Android application bag name, signing certificate, Apply Names, resource file, join
Put file and smali file;
By the Apply Names of legal Android application to be monitored, bag name, signing certificate, resource file, configuration
The Apply Names of file and smali file and the application of each money doubtful Android, bag name, signing certificate, resource literary composition
Part, configuration file and smali file are compared respectively;
If the Apply Names of legal Android application to be monitored, bag name, version information, signing certificate are with a certain
The Apply Names of money doubtful Android application, bag name, version information, signing certificate are the most corresponding identical, then
Judge this doubtful Android application legal copy as legal Android application to be monitored;
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should
Apply Names, bag name, signing certificate correspondence identical, and the version letter of legal Android application to be monitored
Cease different from the version information of this doubtful Android application, then judge that the application of this doubtful Android is as this hospitality
The old version of monitoring Android application;
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should
Apply Names, bag name, signing certificate different, then to legal Android application to be monitored and this
The application of doubtful Android carries out similarity analysis, the piracy preset based on applications similar degree analysis result combination
Whether Android application decision condition belongs to pirate application to the application of this doubtful Android carries out comprehensive analysis.
In the above-mentioned pirate Android application discriminating method of the present invention, Android applications similar degree analysis includes text
File similarity analysis, code similarity analysis and image file similarity analysis;
The described step that legal Android application to be monitored and the application of this doubtful Android are carried out similarity analysis
Including:
Calculate legal Android application to be monitored by the first calculating formula of similarity to apply with this doubtful Android
The similarity of each file and code similarity;Wherein
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiRepresent one of them file of legal Android application to be monitored and the contrast of this doubtful Android application
The similarity of file;
I represents the reference number of a document order that Android is applied;
J represents the edit operation number of times that need to carry out from source string to target string;
D represents file size;
The Similarity value of each pair of file of two Android application and each to literary composition is calculated according to the first similarity formula
The meansigma methods of the Similarity value of part, using the meansigma methods of Similarity value that calculated as legal Android to be monitored
Apply the text similarity with the application of this doubtful Android and code similarity.
In the above-mentioned pirate Android application discriminating method of the present invention, legal Android to be monitored is applied and this
The application of doubtful Android carries out the step of similarity analysis and also includes:
Calculate legal Android application to be monitored by the second calculating formula of similarity to apply with this doubtful Android
Image file similarity;Wherein
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Represent the image similarity between legal Android application to be monitored and the application of this doubtful Android;
H0Represent average Hamming distance distance values, legal Android application the most to be monitored and the application of this doubtful Android
The meansigma methods of the Hamming distance distance values of each image file.
In the above-mentioned pirate Android application discriminating method of the present invention, average Hamming distance distance values H0Calculating process
Comprise the steps:
To be used for characterizing first image file and the application of this doubtful Android of legal Android application to be monitored
The first Hamming distance distance values of similarity of contrast images file be set to H1, H is incremental variable, and H
Value is defaulted as 0;
By first image file and the contrast images literary composition of doubtful Android application of legal Android application to be monitored
Part is contracted to the dimension of picture of 8*8 respectively, to the first image file after this minification and contrast images
File carries out ashing process respectively;
Calculate gray scale and the gray scale of 64 pixels of each pixel of first image file of ashed process
Meansigma methods, by the average gray one of the gray scale of each pixel under first image file Yu 64 pixels
One compares, and builds the first number of the 8*8 form being made up of numeral 0 and numeral 1 according to comparative result
Word matrix;
Calculate gray scale and the ash of 64 pixels of each pixel of the contrast images file of this doubtful Android application
Degree meansigma methods, by gray scale and the average gray of 64 pixels of each pixel under this contrast images file
Compare one by one, build the second of the 8*8 form being made up of numeral 0 and numeral 1 according to comparative result
Character matrix;
Numeral identical for coordinate position in first character matrix and the second character matrix is compared one by one,
Judge that this is the most identical to numeral, such as difference, then by H1Value add 1;
Accumulative H1Value;
Repeat the above steps, obtains H successively1。。。。。。HNValue;
To H1To HNValue be weighted averagely, obtaining H0;
H0Computing formula as follows:
Wherein, N represents the quantity of image file of legal Android application to be monitored and the application of doubtful Android.
The present invention also constructs a kind of pirate Android application discrimination system, and described system includes:
Android application channel monitoring system, should for gathering each money Android from each big Android application channel website
Essential information, according to the application download address in Android application essential information from related download source download
Android application installation kit;
Android application data store center, for the Android application to Android application channel monitoring system acquisition
The Android application installation kit of essential information and download carries out centralized stores;
Android application data base, constructed including the legal Android application provided based on Android application developers
Legal Android application information table, for receive from Android application data store center magnanimity Android should
By data, comprise Apply Names, application recommended information and version letter based on magnanimity Android application data construct
The Android application information table of breath;
Android application difference analysis system, for the legal Android application message from Android application data base
Table selects legal Android application to be monitored, according to the screening conditions inputted from this Android application information table
Filter out all doubtful Android application being associated with legal Android application to be monitored, and according to the peace set
Legal application in the application of this doubtful Android, old edition application and piracy are applied by Zhuo application version decision condition
Screen one by one.
In the above-mentioned pirate Android application discrimination system of the present invention, described Android application channel monitoring system bag
Include and be laid in domestic and international zones of different, use distributed structure/architecture design, for from Android application channel website
Gather the first server cluster of Android applications pages surface information, be laid in domestic and international zones of different, use and divide
Cloth architecture design, for the Android application download address that crawls according to this first server cluster from phase
Loading source is answered to download the second server cluster of Android application installation kit.
In the above-mentioned pirate Android application discrimination system of the present invention, described Android application difference analysis system
Including:
Select module, for selecting legal Android application to be monitored, root from legal Android application information table
Filter out from Android application information table according to the screening conditions of input and be associated with legal Android application to be monitored
All doubtful Android application;
Android application decompiling module, for answering legal Android application installation kit to be monitored and doubtful Android
Carry out decompiling with installation kit, respectively obtain bag name, the signing certificate of legal Android application to be monitored, answer
With title, resource file, configuration file and smali file, and the bag name of doubtful Android application, signature
Certificate, Apply Names, resource file, configuration file and smali file;
Android applications similar degree analyzes module, for be monitored just according to the first calculating formula of similarity calculating
The similarity of each file that version Android application is applied with doubtful Android and code similarity, and for root
The image file of legal Android application to be monitored and the application of doubtful Android is calculated according to the second calculating formula of similarity
Similarity;
Android application version determination module, for judging bar with reference to the legal copy set/old version Android application
Legal application in the application of doubtful Android, old edition application are screened by part, and based on Android application phase
The to be monitored legal Android application analyzing module offer like degree is similar to the text of doubtful Android application
Degree, code similarity and image file similarity also combine the pirate Android application decision condition of setting to doubting
Pirate application in applying like Android is screened.
Implement piracy Android application discriminating method of the present invention and pirate Android application discrimination system, can reach with
Lower beneficial effect:
1, piracy Android application discrimination system of the present invention can be according to Apply Names and application monitoring keyword lookup
The all doubtful Android application being associated with legal Android application to be monitored, to legal Android application to be monitored
And the application of doubtful Android carries out similarity analysis and (includes text similarity analysis, code similarity
Analysis, image file similarity analysis), according to similarity analysis result, and combine the pirate Android of setting
Pirate application during doubtful Android is applied by application decision condition carries out comprehensive analysis, compares existing piracy
For Android application decision technology, examination efficiency and the accuracy rate with pirate application are high, and False Rate is extremely low
Outstanding advantages.
2, in piracy Android application discrimination system of the present invention, Android application safety assessment system can be to piracy
The potential safety hazard (hiding the malicious code in piracy is applied and malicious act thereof) of the pirate application in storehouse
It is analyzed and assesses, generating pirate Android application security analysis report according to assessment result, therefore this is
System can enumerate pirate Android, and apply and provide piracy Android application security analysis report for reference, keeps away
Exempt from user to download pirate Android and apply and sustain a loss.
3, in Android application Surveillance generation system of the present invention, Android application difference analysis system can
Legal application, old edition application and piracy in all doubtful Android application that legal Android to be monitored is applied
Application is screened quickly and efficiently, and Android application Surveillance generates system can be poor based on Android application
Legal copy in legal Android application to be monitored is applied by the examination result of alienation analysis system, old edition is applied,
Total download and the respective channel source of pirate application are added up, and provide legal Android application to be monitored
Download service condition Surveillance, it is simple to legal Android application developers right-safeguarding.
Accompanying drawing explanation
The structure of the pirate Android application discrimination system that first preferred embodiment that Fig. 1 is the present invention provides
Block diagram;
Fig. 2 is the Android application channel monitoring system under the pirate Android application discrimination system shown in Fig. 1
Structured flowchart;
Fig. 3 is the Android application difference analysis system under the pirate Android application discrimination system shown in Fig. 1
Structured flowchart;
The flow process of the pirate Android application discriminating method that second preferred embodiment that Fig. 4 is the present invention provides
Figure.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with this
Accompanying drawing in bright embodiment, is clearly and completely described the technical scheme in the embodiment of the present invention.
Based on the embodiment in the present invention, those of ordinary skill in the art are not under making creative work premise
The every other embodiment obtained, broadly falls into the scope of protection of the invention.
Embodiment one
The present embodiment discloses a kind of pirate Android application discrimination system.
As it is shown in figure 1, this piracy Android application discrimination system includes the Android application channel prison being sequentially connected with
Examining system 100, Android application data store center 200, Android application difference analysis system 300, peace
Zhuo Yingyong data base 400 and the Android application safety assessment system of connection Android application data base 400
500 and Android application Surveillance generate system 600.Wherein:
Android application channel monitoring system 100 is for gathering by each channel website (such as including 360
Each big Mobile solution resource website) issue each money Android application essential information, according to Android apply
From related download source, (such as, 360 Mobile solution stores, Semen setariae move application download address in essential information
Dynamic application store, Huawei's Mobile solution store) download Android application installation kit.
Android application data store center 200 is for the peace gathering Android application channel monitoring system 100
The Android application installation kit of Zhuo Yingyong essential information and download carries out centralized stores.
Android application data base 400 pacifies for receiving the magnanimity from Android application data store center 200
Zhuo Yingyong data, comprise Apply Names, application recommended information and version based on magnanimity Android application data construct
The Android application information table of this information.
Android application safety assessment system 500 is for the malicious code hidden in piracy is applied and evil thereof
Meaning behavior is analyzed and assesses, and generates pirate Android application safety in operation assessment result.
It is all doubtful for apply legal Android to be monitored that Android application Surveillance generates system 600
Unite in legal application, old edition application, the download of pirate application and channel source thereof in Android application
Meter, generates Android application Surveillance.
Android application data base 400 also includes the legal Android application structure provided based on Android application developers
The legal Android application information table built and storage are for screening legal Android application, old version Android
The Android application version of the adjustable parameter (i.e. Android application version decision condition) of application and pirate Android application
This critical parameter table.Android application version critical parameter table of the present invention includes for screening legal Android application
The first decision condition, for screen old version Android application the second decision condition and for screening robber
3rd decision condition of version Android application;Wherein
First decision condition is as follows: a1, Apply Names are identical;B1, the bag famous prime minister of Android application installation kit
With;C1, version information are identical;D1, signing certificate are identical;
Second decision condition is as follows: a2, Apply Names are identical;B2, the bag famous prime minister of Android application installation kit
With;C2, version information are different;D2, signing certificate are identical;
3rd decision condition is as follows: a3, Apply Names basic simlarity;B3, the bag of Android application installation kit
Name is similar;D3, signing certificate are different;The code that e, legal Android application to be monitored are applied with doubtful Android
Similarity is not less than the code similarity threshold (preferably 85%) of setting;F, legal Android to be monitored are answered
The text similarity threshold being not less than setting by the text similarity applied with doubtful Android is (excellent
Elect 60% as);G, legal Android to be monitored are applied the lowest with the image file similarity of doubtful Android application
In the image file similarity threshold (preferably 75%) set.
Android application difference analysis system 300 is to be monitored for choosing from legal Android application information table
Legal Android application, according to the screening conditions of input filter out from Android application information table with to be monitored just
The all doubtful Android application that version Android application is associated, according to the Android application version decision condition set
Legal application, old edition application and pirate application in applying this doubtful Android are screened.
As in figure 2 it is shown, Android application channel of the present invention monitoring system 100 to include that several are laid in domestic
Outer zones of different, uses distributed structure/architecture design, basic for gathering Android application from each big channel website
The first of information (including applying recommended information, application download address, developer's information, application version)
Server cluster 101 and be laid in domestic and international zones of different, uses distributed structure/architecture design, for root
The Android application download address provided according to first server cluster 101 downloads Android from Android application loading source
The second server cluster 102 of application installation kit.First server cluster 101 and second server cluster
102 all include multiple stage Cloud Server.
As it is shown on figure 3, Android application difference analysis system 300 of the present invention includes the selection being sequentially connected with
Module 301, Android application decompiling module 302, Android applications similar degree analyze module 303 and Android should
With version determination module 304.
Select module 301 to be used for from legal Android application information table and select legal Android application to be monitored,
Screening conditions according to input filter out relevant to legal Android application to be monitored from Android application information table
The all doubtful Android application of connection;
Android application decompiling module 302 is for legal Android application installation kit to be monitored and doubtful Android
Application installation kit carries out decompiling, respectively obtain the bag name of legal Android application to be monitored, signing certificate,
Apply Names, resource file, configuration file and smali file, and the bag name of doubtful Android application, label
Name certificate, Apply Names, resource file, configuration file and smali file.
Android applications similar degree analyzes module 303 for calculating to be monitored according to the first calculating formula of similarity
The similarity of each file that legal Android application is applied with doubtful Android and code similarity, and be used for
The image literary composition of legal Android application to be monitored and the application of doubtful Android is calculated according to the second calculating formula of similarity
Part similarity.
Android application version determination module 304 is for judging with reference to the legal copy set/old version Android application
Condition doubtful Android is applied in legal application, old edition application screen, and based on to be monitored just
Version Android application is similar to text similarity, code similarity and the image file of the application of doubtful Android
The pirate application spent and combine during doubtful Android is applied by the pirate Android application decision condition of setting is discriminated
Not.
In piracy Android application discrimination system of the present invention:
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiRepresent one of them file of legal Android application to be monitored and the contrast of this doubtful Android application
The similarity of file;
I represents the reference number of a document order that Android is applied;
J represents the edit operation number of times that need to carry out from source string to target string;
D represents file size.
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Represent the image similarity between legal Android application to be monitored and the application of this doubtful Android;
H0Represent average Hamming distance distance values, legal Android application the most to be monitored and the application of this doubtful Android
The meansigma methods of the Hamming distance distance values of each image file.
Embodiment two
The present embodiment discloses a kind of piracy based on the pirate Android application discrimination system described in embodiment one
Android application discriminating method.As shown in Figure 4, the handling process of the method comprises the steps:
Step 101, native system operator pre-set Android application version decision condition and (include for discriminating
First decision condition of legal Android application, for screening the second judgement bar of old version Android application
Part and for screening the 3rd decision condition of pirate Android application), by relevant for Android application version decision condition
The Android application version critical parameter table that is stored in Android data base of supplemental characteristic.
One legal copy of legal Android application build that native system operator provide based on Android application developers
Android application information table, is stored in Android data base by legal copy Android application information table.
Step 102, by Android application channel monitoring system 100 from each big channel website gather Android apply
Essential information, according to the application download address in Android application essential information from relevant Android application website
Carry Android application installation kit (Android Package, APK), the Android application essential information that will gather
And the Android application installation kit downloaded imports Android application data store center 200.
Step 103, Android application difference analysis system 300 will be from Android application data store centers
The Android application data conversion storage of 200 applies data base 400 in Android.
Step 104, the selection module 301 of Android application difference analysis system 300 are applied from legal Android
Information table selects legal application to be monitored, (includes Apply Names, key according to the screening conditions of input
Word) apply screening data base 400 all doubtful with what legal Android application to be monitored was associated from Android
Android application (can be that the Apply Names Android similar to the Apply Names in screening conditions is applied, or
Application recommended information comprises the Android application of this key word).
Step 105, Android application decompiling module 302 are to legal Android application to be monitored and the institute of association thereof
The installation kit having doubtful Android to apply carries out decompiling, respectively obtain legal Android application to be monitored bag name,
Signing certificate, Apply Names, resource file, configuration file and smali file, and the doubtful Android of each money
Bag name, signing certificate, Apply Names, resource file, configuration file and the smali file of application.
Step 106, Android application version determination module 304 by the Apply Names of legal Android application to be monitored,
Bag name, signing certificate, resource file, configuration file and smali file should with the application of each money doubtful Android
Compare respectively with title, bag name, signing certificate, resource file, configuration file and smali file.
If the Apply Names of legal Android application to be monitored, bag name, version information, signing certificate are with a certain
The Apply Names of money doubtful Android application, bag name, version information, signing certificate are the most corresponding identical, then
Judge this doubtful Android application legal application as legal Android application to be monitored.
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should
Apply Names, bag name, signing certificate correspondence identical, and the version letter of legal Android application to be monitored
Cease different from the version information of this doubtful Android application, then judge that the application of this doubtful Android is as this hospitality
The old version of monitoring Android application.
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should
Apply Names, bag name, signing certificate different, then enter step 107.
Step 107, analyzed module 303 by Android applications similar degree and legal Android to be monitored is applied and should
The application of money doubtful Android carries out similarity analysis, based on applications similar degree analysis result the robber that combines setting
Whether version Android application decision condition belongs to pirate application to the application of this doubtful Android carries out comprehensive analysis,
Include confirmed pirate Android application in pirate storehouse.
Step 107 includes following sub-step:
Step 1071, calculated legal Android application to be monitored by the first calculating formula of similarity and doubt with this
Similarity like each file of Android application;Wherein
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiRepresent one of them file of legal Android application to be monitored and the contrast of this doubtful Android application
The similarity of file;
I represents the reference number of a document order that Android is applied;
J represents the edit operation number of times that need to carry out from source string to target string;
D represents file size;
Step 1072, calculate the similarity of each pair of file of two Android application according to the first similarity formula
Value and the meansigma methods of Similarity value of each pair of file, supervise the meansigma methods of the Similarity value calculated as waiting
Survey text similarity and code similarity that legal Android application is applied with this doubtful Android;
Step 1073, calculated legal Android application to be monitored by the second calculating formula of similarity and doubt with this
Image file similarity like Android application;Wherein
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Represent the image similarity between legal Android application to be monitored and the application of this doubtful Android;
H0Represent average Hamming distance distance values, legal Android application the most to be monitored and the application of this doubtful Android
The meansigma methods of the Hamming distance distance values of each image file.
Wherein, average Hamming distance distance values H in step 10730Calculating process include following sub-step:
S10731, will be used for characterizing first image file of legal Android application to be monitored and this is doubtful
First Hamming distance distance values of the similarity of the contrast images file of Android application is set to H1, H is incremental variable,
And the value of H is defaulted as 0;
It is right that S10732, first image file legal Android to be monitored applied and doubtful Android are applied
Be contracted to the dimension of picture of 8*8 respectively than image file, to the first image file after this minification and
Contrast images file carries out ashing process respectively;
S10733, the gray scale calculating each pixel of first image file of ashed process and 64 pictures
The average gray of element, by the gray scale of the gray scale of each pixel under first image file Yu 64 pixels
Meansigma methods compares one by one, builds the 8*8 form being made up of numeral 0 and numeral 1 according to comparative result
The first character matrix;
S10734, calculate the gray scale of each pixel of the contrast images file of this doubtful Android application and 64
The average gray of pixel, by gray scale and the ash of 64 pixels of each pixel under this contrast images file
Degree meansigma methods compares one by one, builds the 8*8 shape being made up of numeral 0 and numeral 1 according to comparative result
Second character matrix of formula;
S10735, numeral identical for coordinate position in the first character matrix and the second character matrix is entered one by one
Row comparison, it is judged that this is the most identical to numeral, such as difference, then by H1Value add 1;
Accumulative H1Value;
Repeat the above steps, obtains H successively1。。。。。。HNValue;
S10736, to H1To HNValue be weighted averagely, obtaining H0;
H0Computing formula as follows:
Wherein, N represents the quantity of image file of legal Android application to be monitored and the application of doubtful Android.
Step 108, the Android application safety assessment system 500 potential safety hazard to the pirate application in pirate storehouse
(hiding the malicious code in piracy is applied and malicious act thereof) is analyzed and assesses, according to assessment
Result generates pirate Android application security analysis report.It is right that Android application Surveillance generates system 600
Legal application, old edition in all doubtful Android application that legal copy Android to be monitored is applied are applied, piracy should
Download and channel source add up, generate Android application Surveillance.
In sum, piracy Android application discriminating method of the present invention and pirate Android application discrimination system is excellent
Point is embodied in:
1, piracy Android application discrimination system of the present invention can be according to Apply Names and application monitoring keyword lookup
The all doubtful Android application being associated with legal Android application to be monitored, to legal Android application to be monitored
And the application of doubtful Android carries out similarity analysis and (includes text similarity analysis, code similarity
Analysis, image file similarity analysis), according to similarity analysis result, and combine the pirate Android of setting
Pirate application during doubtful Android is applied by application decision condition carries out comprehensive analysis, compares existing piracy
For Android application decision technology, examination efficiency and the accuracy rate with pirate application are high, and False Rate is extremely low
Outstanding advantages.
2, in piracy Android application discrimination system of the present invention, Android application safety assessment system 500 can be right
The potential safety hazard of the pirate application in pirate storehouse (hides the malicious code in piracy is applied and malice row thereof
For) be analyzed and assess, generate pirate Android application security analysis report according to assessment result, therefore
Native system can be enumerated pirate Android and apply and provide pirate Android application security analysis report for user's ginseng
Examine, it is to avoid user downloads pirate Android and applies and sustain a loss.
3, generate in system 600 at Android application Surveillance of the present invention, Android application difference analysis system
Legal application in all doubtful Android application of legal copy Android application to be monitored, old edition can be answered by system 300
With and pirate application screen quickly and efficiently, Android application Surveillance generation system 600 can base
Legal copy in legal Android to be monitored is applied by the examination result of Android application difference analysis system 300
Application, old edition application, total download of pirate application and respective channel source are added up, and provide and treat
The download service condition Surveillance of monitoring legal Android application, it is simple to legal Android application developers right-safeguarding.
One of ordinary skill in the art will appreciate that all or part of ring realizing in above-described embodiment method
Joint, can be by computer program and completes to instruct relevant hardware, and described program can be stored in
In one computer read/write memory medium, this program is upon execution, it may include such as the enforcement of above-mentioned each method
The link of example.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read Only
Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc..
Above in conjunction with accompanying drawing, embodiments of the invention are described, but the invention is not limited in
The detailed description of the invention stated, above-mentioned detailed description of the invention is only schematic rather than restrictive,
Those of ordinary skill in the art is under the enlightenment of the present invention, without departing from present inventive concept and claim
Under the ambit protected, it may also be made that a lot of form, within these belong to the protection of the present invention.
Claims (10)
1. a pirate Android application discriminating method, it is characterised in that described method comprises the steps:
S1, collection are by the Android application essential information of each big Android application channel website orientation, according to Android
Application download address in application essential information downloads Android application installation kit from related download source, will gather
Android application essential information and the Android application installation kit of download collect to Android application data store
The heart;
S2, magnanimity Android application data construct based on remittance Android application data store center comprise application
The Android application data base of title, application recommended information and version information;
S3, from legal Android application table, select legal Android application to be monitored, according to the screening bar of input
Part filters out from Android application data base and applies, with legal Android to be monitored, all doubtful Android being associated
Application, and according to the Android application version decision condition set, the legal copy in the application of this doubtful Android is applied,
Old edition application and pirate application are screened one by one.
Pirate Android application discriminating method the most according to claim 1, it is characterised in that described
Also comprise the steps: before step S1
S01, the legal Android application build legal copy Android application message provided based on Android application developers
Table;
S02, setting are for screening the first decision condition of legal Android application, for screening old version peace
Second decision condition of Zhuo Yingyong and for screening the 3rd decision condition of pirate Android application;Wherein
Described first decision condition is as follows: a1, Apply Names are identical;B1, the bag of Android application installation kit
Name is identical;C1, version information are identical;D1, signing certificate are identical;
Described second decision condition is as follows: a2, Apply Names are identical;B2, the bag of Android application installation kit
Name is identical;C2, version information are different;D2, signing certificate are identical;
Described 3rd decision condition is as follows: a3, Apply Names are similar;B3, the bag of Android application installation kit
Name is similar;D3, signing certificate are different;The code that e, legal Android application to be monitored are applied with doubtful Android
Similarity is not less than the code similarity threshold of setting;F, legal Android application to be monitored are answered with doubtful Android
Text similarity be not less than the text similarity threshold of setting;G, legal Android to be monitored
The image file similarity that application and doubtful Android are applied is not less than the image file similarity threshold of setting.
Pirate Android application discriminating method the most according to claim 2, it is characterised in that described step
Filtering out from Android application information table according to the screening conditions of input in rapid S3 should with legal Android to be monitored
Include by the step of all doubtful Android application being associated:
The legal Apply Names of Android application to be monitored, the application of setting are monitored keyword as retrieval bar
Part retrieves the Android application similar to this Apply Names, or application reference in Android application information table
Breath comprises this Apply Names and/or the Android application of this application monitoring keyword, should by the Android retrieved
With the doubtful Android application being defined as legal Android application to be monitored.
Pirate Android application discriminating method the most according to claim 3, it is characterised in that described step
Legal copy in the application of this doubtful Android is applied by rapid S3 according to the Android application version decision condition set,
The step that old edition application and pirate application carry out screening one by one includes:
Legal Android application to be monitored and the application of all doubtful Androids are carried out decompiling, respectively obtains and wait to supervise
Survey bag name, signing certificate, Apply Names, resource file, configuration file and the smali of legal Android application
File, and each money doubtful Android application bag name, signing certificate, Apply Names, resource file, join
Put file and smali file;
By the Apply Names of legal Android application to be monitored, bag name, signing certificate, resource file, configuration
The Apply Names of file and smali file and the application of each money doubtful Android, bag name, signing certificate, resource literary composition
Part, configuration file and smali file are compared respectively;
If the Apply Names of legal Android application to be monitored, bag name, version information, signing certificate are with a certain
The Apply Names of money doubtful Android application, bag name, version information, signing certificate are the most corresponding identical, then
Judge this doubtful Android application legal copy as legal Android application to be monitored;
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should
Apply Names, bag name, signing certificate correspondence identical, and the version letter of legal Android application to be monitored
Cease different from the version information of this doubtful Android application, then judge that the application of this doubtful Android is as this hospitality
The old version of monitoring Android application;
Apply Names, bag name, signing certificate and the doubtful Android of certain money such as legal Android application to be monitored should
Apply Names, bag name, signing certificate different, then to legal Android application to be monitored and this
The application of doubtful Android carries out similarity analysis, the piracy preset based on applications similar degree analysis result combination
Whether Android application decision condition belongs to pirate application to the application of this doubtful Android carries out comprehensive analysis.
Pirate Android application discriminating method the most according to claim 4, it is characterised in that Android should
Text similarity analysis, code similarity analysis and image file similarity is included with similarity analysis
Analyze;
The described step that legal Android application to be monitored and the application of this doubtful Android are carried out similarity analysis
Including:
Calculate legal Android application to be monitored by the first calculating formula of similarity to apply with this doubtful Android
The similarity of each file and code similarity;Wherein
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiRepresent one of them file of legal Android application to be monitored and the contrast of this doubtful Android application
The similarity of file;
I represents the reference number of a document order that Android is applied;
J represents the edit operation number of times that need to carry out from source string to target string;
D represents file size;
The Similarity value of each pair of file of two Android application and each to literary composition is calculated according to the first similarity formula
The meansigma methods of the Similarity value of part, using the meansigma methods of Similarity value that calculated as legal Android to be monitored
Apply the text similarity with the application of this doubtful Android and code similarity.
Pirate Android application discriminating method the most according to claim 5, it is characterised in that described right
Legal Android application to be monitored and the application of this doubtful Android carry out the step of similarity analysis and also include:
Calculate legal Android application to be monitored by the second calculating formula of similarity to apply with this doubtful Android
Image file similarity;Wherein
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Represent the image similarity between legal Android application to be monitored and the application of this doubtful Android;
H0Represent average Hamming distance distance values, legal Android application the most to be monitored and the application of this doubtful Android
The meansigma methods of the Hamming distance distance values of each image file.
Pirate Android application discriminating method the most according to claim 6, it is characterised in that the average Chinese
Prescribed distance value H0Calculating process comprise the steps:
To be used for characterizing first image file and the application of this doubtful Android of legal Android application to be monitored
The first Hamming distance distance values of similarity of contrast images file be set to H1, H is incremental variable, and H
Value is defaulted as 0;
By first image file and the contrast images literary composition of doubtful Android application of legal Android application to be monitored
Part is contracted to the dimension of picture of 8*8 respectively, to the first image file after this minification and contrast images
File carries out ashing process respectively;
Calculate gray scale and the gray scale of 64 pixels of each pixel of first image file of ashed process
Meansigma methods, by the average gray one of the gray scale of each pixel under first image file Yu 64 pixels
One compares, and builds the first number of the 8*8 form being made up of numeral 0 and numeral 1 according to comparative result
Word matrix;
Calculate gray scale and the ash of 64 pixels of each pixel of the contrast images file of this doubtful Android application
Degree meansigma methods, by gray scale and the average gray of 64 pixels of each pixel under this contrast images file
Compare one by one, build the second of the 8*8 form being made up of numeral 0 and numeral 1 according to comparative result
Character matrix;
Numeral identical for coordinate position in first character matrix and the second character matrix is compared one by one,
Judge that this is the most identical to numeral, such as difference, then by H1Value add 1;
Accumulative H1Value;
Repeat the above steps, obtains H successively1。。。。。。HNValue;
To H1To HNValue be weighted averagely, obtaining H0;
H0Computing formula as follows:
Wherein, N represents the quantity of image file of legal Android application to be monitored and the application of doubtful Android.
8. a pirate Android application discrimination system, it is characterised in that described system includes:
Android application channel monitoring system, should for gathering each money Android from each big Android application channel website
Essential information, according to the application download address in Android application essential information from related download source download
Android application installation kit;
Android application data store center, for the Android application to Android application channel monitoring system acquisition
The Android application installation kit of essential information and download carries out centralized stores;
Android application data base, constructed including the legal Android application provided based on Android application developers
Legal Android application information table, for receive from Android application data store center magnanimity Android should
By data, comprise Apply Names, application recommended information and version letter based on magnanimity Android application data construct
The Android application information table of breath;
Android application difference analysis system, for the legal Android application message from Android application data base
Table selects legal Android application to be monitored, according to the screening conditions inputted from this Android application information table
Filter out all doubtful Android application being associated with legal Android application to be monitored, and according to the peace set
Legal application in the application of this doubtful Android, old edition application and piracy are applied by Zhuo application version decision condition
Screen one by one.
Pirate Android application discrimination system the most according to claim 8, it is characterised in that described peace
Zhuo Yingyong channel monitoring system includes being laid in domestic and international zones of different, uses distributed structure/architecture design, uses
In gathering the first server cluster of Android applications pages surface information from Android application channel website, being laid in state
Inside and outside zones of different, uses distributed structure/architecture design, for crawl according to this first server cluster
Android application download address downloads the second server cluster of Android application installation kit from respective downloaded source.
Pirate Android application discrimination system the most according to claim 9, it is characterised in that described
Android application difference analysis system includes:
Select module, for selecting legal Android application to be monitored, root from legal Android application information table
Filter out from Android application information table according to the screening conditions of input and be associated with legal Android application to be monitored
All doubtful Android application;
Android application decompiling module, for answering legal Android application installation kit to be monitored and doubtful Android
Carry out decompiling with installation kit, respectively obtain bag name, the signing certificate of legal Android application to be monitored, answer
With title, resource file, configuration file and smali file, and the bag name of doubtful Android application, signature
Certificate, Apply Names, resource file, configuration file and smali file;
Android applications similar degree analyzes module, for be monitored just according to the first calculating formula of similarity calculating
The similarity of each file that version Android application is applied with doubtful Android and code similarity, and for root
The image file of legal Android application to be monitored and the application of doubtful Android is calculated according to the second calculating formula of similarity
Similarity;
Android application version determination module, for judging bar with reference to the legal copy set/old version Android application
Legal application in the application of doubtful Android, old edition application are screened by part, and based on Android application phase
The to be monitored legal Android application analyzing module offer like degree is similar to the text of doubtful Android application
Degree, code similarity and image file similarity also combine the pirate Android application decision condition of setting to doubting
Pirate application in applying like Android is screened.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510075472.8A CN105989251B (en) | 2015-02-12 | 2015-02-12 | A kind of piracy Android application discriminating method and pirate Android application discrimination system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510075472.8A CN105989251B (en) | 2015-02-12 | 2015-02-12 | A kind of piracy Android application discriminating method and pirate Android application discrimination system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105989251A true CN105989251A (en) | 2016-10-05 |
CN105989251B CN105989251B (en) | 2019-03-29 |
Family
ID=57042109
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510075472.8A Active CN105989251B (en) | 2015-02-12 | 2015-02-12 | A kind of piracy Android application discriminating method and pirate Android application discrimination system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105989251B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106548074A (en) * | 2016-12-09 | 2017-03-29 | 江苏通付盾科技有限公司 | Application program analyzing monitoring method and system |
CN106919844A (en) * | 2017-02-14 | 2017-07-04 | 暨南大学 | A kind of android system vulnerability of application program detection method |
CN107220527A (en) * | 2017-04-18 | 2017-09-29 | 努比亚技术有限公司 | One kind application discriminating method and application management equipment |
CN109002441A (en) * | 2017-06-06 | 2018-12-14 | 阿里巴巴集团控股有限公司 | Determination method, the exception of Apply Names similarity apply detection method and system |
CN109583157A (en) * | 2017-09-29 | 2019-04-05 | 卓望数码技术(深圳)有限公司 | A kind of long-range trace protecting method of APP and system |
CN110362729A (en) * | 2019-07-03 | 2019-10-22 | 杭州安恒信息技术股份有限公司 | Non- restocking risk APP search method based on search engine |
CN110610066A (en) * | 2018-06-15 | 2019-12-24 | 武汉安天信息技术有限责任公司 | Counterfeit application detection method and related device |
CN111046316A (en) * | 2019-12-16 | 2020-04-21 | 北京智游网安科技有限公司 | Application on-shelf state monitoring method, intelligent terminal and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102222199A (en) * | 2011-06-03 | 2011-10-19 | 奇智软件(北京)有限公司 | Method and system for identifying identification of application program |
CN102779257A (en) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | Security detection method and system of Android application program |
CN103324697A (en) * | 2013-06-07 | 2013-09-25 | 北京掌汇天下科技有限公司 | Method for removing copycatting applications in android application search and based on icon contrast |
CN104123493A (en) * | 2014-07-31 | 2014-10-29 | 百度在线网络技术(北京)有限公司 | Method and device for detecting safety performance of application program |
CN104133832A (en) * | 2014-05-15 | 2014-11-05 | 腾讯科技(深圳)有限公司 | Pirate application identification method and device |
-
2015
- 2015-02-12 CN CN201510075472.8A patent/CN105989251B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102222199A (en) * | 2011-06-03 | 2011-10-19 | 奇智软件(北京)有限公司 | Method and system for identifying identification of application program |
CN102779257A (en) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | Security detection method and system of Android application program |
CN103324697A (en) * | 2013-06-07 | 2013-09-25 | 北京掌汇天下科技有限公司 | Method for removing copycatting applications in android application search and based on icon contrast |
CN104133832A (en) * | 2014-05-15 | 2014-11-05 | 腾讯科技(深圳)有限公司 | Pirate application identification method and device |
CN104123493A (en) * | 2014-07-31 | 2014-10-29 | 百度在线网络技术(北京)有限公司 | Method and device for detecting safety performance of application program |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106548074A (en) * | 2016-12-09 | 2017-03-29 | 江苏通付盾科技有限公司 | Application program analyzing monitoring method and system |
CN106919844A (en) * | 2017-02-14 | 2017-07-04 | 暨南大学 | A kind of android system vulnerability of application program detection method |
CN106919844B (en) * | 2017-02-14 | 2019-08-02 | 暨南大学 | A kind of android system vulnerability of application program detection method |
CN107220527A (en) * | 2017-04-18 | 2017-09-29 | 努比亚技术有限公司 | One kind application discriminating method and application management equipment |
CN109002441A (en) * | 2017-06-06 | 2018-12-14 | 阿里巴巴集团控股有限公司 | Determination method, the exception of Apply Names similarity apply detection method and system |
CN109583157A (en) * | 2017-09-29 | 2019-04-05 | 卓望数码技术(深圳)有限公司 | A kind of long-range trace protecting method of APP and system |
CN110610066A (en) * | 2018-06-15 | 2019-12-24 | 武汉安天信息技术有限责任公司 | Counterfeit application detection method and related device |
CN110362729A (en) * | 2019-07-03 | 2019-10-22 | 杭州安恒信息技术股份有限公司 | Non- restocking risk APP search method based on search engine |
CN111046316A (en) * | 2019-12-16 | 2020-04-21 | 北京智游网安科技有限公司 | Application on-shelf state monitoring method, intelligent terminal and storage medium |
CN111046316B (en) * | 2019-12-16 | 2023-03-21 | 北京智游网安科技有限公司 | Application on-shelf state monitoring method, intelligent terminal and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN105989251B (en) | 2019-03-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105989251A (en) | Piratic android application discrimination method and piratic android application discrimination system | |
US20220327409A1 (en) | Real Time Detection of Cyber Threats Using Self-Referential Entity Data | |
Zhou et al. | Coverless image steganography using partial-duplicate image retrieval | |
CN103080932B (en) | Process associated data set | |
CN107241296B (en) | Webshell detection method and device | |
CN103679031B (en) | A kind of immune method and apparatus of file virus | |
CN104618350B (en) | A kind of generation method of picture validation code | |
EP3449414A1 (en) | Computer-implemented privacy engineering system and method | |
CN103493061A (en) | Methods and apparatus for dealing with malware | |
CN110796269B (en) | Method and device for generating model, and method and device for processing information | |
CN111651768B (en) | Method and device for identifying link library function name of computer binary program | |
Lai et al. | An improved block-based matching algorithm of copy-move forgery detection | |
CN111177795A (en) | Method, device and computer storage medium for identifying video tampering by using block chain | |
CN113901465A (en) | Heterogeneous network-based Android malicious software detection method | |
CN114637892A (en) | Overview map generation method of system log dependency map for attack investigation and recovery | |
Khan et al. | Digital forensics and cyber forensics investigation: security challenges, limitations, open issues, and future direction | |
US20230315846A1 (en) | System and method for detecting leaked documents on a computer network | |
CN112765673A (en) | Sensitive data statistical method and related device | |
CN107819748A (en) | A kind of anti-identifying code implementation method cracked and device | |
CN114036514A (en) | Malicious code homologous analysis method and device and computer readable storage medium | |
CN112765016A (en) | Open source software availability judgment method and device | |
CN105095752A (en) | Identification method, apparatus and system of virus packet | |
US20090288027A1 (en) | Visualization and management of information technology components | |
Anwar et al. | Validation Analysis of Scalable Vector Graphics (SVG) File Upload using Magic Number and Document Object Model (DOM) | |
CN105227338B (en) | The recognition methods of web station system information and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |