CN105989251B - A kind of piracy Android application discriminating method and pirate Android application discrimination system - Google Patents

A kind of piracy Android application discriminating method and pirate Android application discrimination system Download PDF

Info

Publication number
CN105989251B
CN105989251B CN201510075472.8A CN201510075472A CN105989251B CN 105989251 B CN105989251 B CN 105989251B CN 201510075472 A CN201510075472 A CN 201510075472A CN 105989251 B CN105989251 B CN 105989251B
Authority
CN
China
Prior art keywords
android
android application
application
legal
doubtful
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510075472.8A
Other languages
Chinese (zh)
Other versions
CN105989251A (en
Inventor
周建宁
刘志诚
王巍
吴卓坤
霍要峰
陈文博
王刚
劳剑明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aspire Digital Technologies Shenzhen Co Ltd
Original Assignee
Aspire Digital Technologies Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aspire Digital Technologies Shenzhen Co Ltd filed Critical Aspire Digital Technologies Shenzhen Co Ltd
Priority to CN201510075472.8A priority Critical patent/CN105989251B/en
Publication of CN105989251A publication Critical patent/CN105989251A/en
Application granted granted Critical
Publication of CN105989251B publication Critical patent/CN105989251B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a kind of pirate Android application discriminating method and pirate Android application discrimination systems.The system comprises for acquiring Android application essential information from Android application publication channel, the Android application channel for downloading Android application installation package monitors system, for carrying out centrally stored Android application data store center to Android application essential information and Android application installation package, it include Apply Names for the magnanimity Android application data building based on Android application data store center, using the Android application database of the Android application information table of recommended information and version information, for selecting legal Android application to be monitored from the legal Android application information table constructed in advance, it is filtered out from Android application information table with legal Android to be monitored using associated all doubtful Android applications, according to the Android application version decision condition of setting to the legal application in the doubtful Android application, the peace that old edition application and pirate application are screened Zhuo Yingyong difference analysis system.

Description

A kind of piracy Android application discriminating method and pirate Android application discrimination system
Technical field
The present invention relates to Android application monitoring technology fields, apply examination side more specifically to a kind of pirate Android Method and pirate Android application discrimination system.
Background technique
Currently, pirate Android application determination method depends primarily on the title of application, packet name, signing certificate, that is, determine to answer Whether similar with title, whether packet name is identical, and whether signing certificate is different.Such as certain Android is applied while meeting above three item Part then determines that this Android is applied as piracy application.
Actually, on the one hand, for the different editions of same application, probably due to the signing certificate of original author expires and changes Card, to cause signing certificate to change, simultaneously as using publication channel difference, in fact it could happen that channel is answered what is issued The case where with signing again.
On the other hand, Android application radix is huge (more than 1,000,000 sections), and is in rapid growth state, in same type Occur in the similar situation of Apply Names be also it is extremely widespread, stolen using existing pirate Android application determination method The examination of version Android application, like looking for a needle in a haystack, not only pirate application determines inefficiency, and False Rate is high, moreover, staff Workload it is high.
Furthermore many bootleggers are not for the purpose of the legal application of replacement, therefore the Bao Mingyu legal copy application of pirate application The inconsistent situation of packet name is more universal.Existing piracy Android application determination method can not screen such piracy application.
Summary of the invention
The technical problem to be solved in the present invention is that in view of the above drawbacks of the prior art, providing a kind of pirate Android application Discriminating method and pirate Android application discrimination system.
The technical solution adopted by the present invention to solve the technical problems is: a kind of pirate Android application discriminating method is constructed, Described method includes following steps:
S1, acquisition are applied basic by the Android application essential information of major Android application channel website orientation according to Android Application download address in information downloads Android application installation package from related download source, by the Android application essential information of acquisition and The Android application installation package of downloading summarizes to Android application data store center;
S2, include Apply Names, answer based on the magnanimity Android application data building for importing Android application data store center With the Android application database of recommended information and version information;
S3, legal Android application to be monitored is selected from legal Android application table, according to the screening conditions of input from Android It is filtered out in application database with legal Android to be monitored using associated all doubtful Android applications, and according to the peace of setting Tall and erect application version decision condition discriminates legal application, old edition application and the pirate application in the doubtful Android application one by one Not.
Further include following steps before the step S1 in the above-mentioned pirate Android application discriminating method of the present invention:
S01, the legal Android application build legal copy Android application information table provided based on Android application developers;
S02, setting for screening the first decision condition of legal Android application, for screening the application of old version Android Second decision condition and the third decision condition applied for screening pirate Android;Wherein
First decision condition is as follows: a1, Apply Names are identical;B1, the packet name of Android application installation package are identical;c1, Version information is identical;D1, signing certificate are identical;
Second decision condition is as follows: a2, Apply Names are identical;B2, the packet name of Android application installation package are identical;c2, Version information is different;D2, signing certificate are identical;
The third decision condition is as follows: a3, Apply Names are similar;B3, the packet name of Android application installation package are similar;d3, Signing certificate is different;E, legal Android to be monitored applies the code similarity applied with doubtful Android not less than the code phase set Like degree threshold value;F, legal Android to be monitored applies the text file similarity applied with doubtful Android literary not less than the text of setting Part similarity threshold;G, legal Android to be monitored applies the image file similarity applied with doubtful Android not less than the figure set As file similarity threshold value.
In the above-mentioned pirate Android application discriminating method of the present invention, according to the screening conditions of input from peace in the step S3 It is filtered out in tall and erect application information table and includes: using the step of associated all doubtful Androids application with legal Android to be monitored
The application of the Apply Names of legal Android application to be monitored, setting is monitored into keyword as search condition in Android Being retrieved in Android application similar with the Apply Names, or application recommended information in application information table includes the Apply Names And/or the Android application of the application monitoring keyword, it is legal Android application to be monitored by the Android application definition retrieved Doubtful Android application.
In the above-mentioned pirate Android application discriminating method of the present invention, according to the Android application version of setting in the step S3 The step of decision condition screens legal application, old edition application and the pirate application in the doubtful Android application one by one packet It includes:
Decompiling is carried out to legal Android application to be monitored and all doubtful Android applications, respectively obtains legal peace to be monitored Packet name, signing certificate, Apply Names, resource file, configuration file and the smali file and the doubtful Android of each money of Zhuo Yingyong Packet name, signing certificate, Apply Names, resource file, configuration file and the smali file of application;
By Apply Names, packet name, signing certificate, resource file, configuration file and the smali of legal Android application to be monitored Apply Names, packet name, signing certificate, resource file, configuration file and the smali file point of file and the doubtful Android application of each money It is not compared;
Such as Apply Names, packet name, version information, signing certificate and certain a doubtful Android of legal Android application to be monitored Apply Names, packet name, version information, the signing certificate of application respectively correspond it is identical, then determine this doubtful Android apply for Monitor the legal copy of legal Android application;
Such as the Apply Names of legal Android application to be monitored, the application of packet name, signing certificate and the doubtful Android application of certain money Title, packet name, signing certificate correspond to identical, and the version information of legal Android application to be monitored and this doubtful Android application Version information is different, then determines that this doubtful Android applies the old version for this Android application to be monitored;
Such as the Apply Names of legal Android application to be monitored, the application of packet name, signing certificate and the doubtful Android application of certain money Title, packet name, signing certificate are different, then carry out similarity to legal Android application to be monitored and this doubtful Android application Analysis is based on using similarity analysis result and combines preset pirate Android application decision condition to this doubtful Android application Whether belong to pirate application and carries out comprehensive analysis.
In the above-mentioned pirate Android application discriminating method of the present invention, Android application similarity analysis includes that text file is similar Degree analysis, code similarity analysis and image file similarity analysis;
It is described to include: to the step of legal Android application to be monitored and this doubtful Android application progress similarity analysis
Legal Android to be monitored is calculated by the first calculating formula of similarity apply each of apply with this doubtful Android The similarity and code similarity of file;Wherein
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiIndicate the one of file and the documents of this doubtful Android application of legal Android application to be monitored Similarity;
I indicates the reference number of a document sequence of Android application;
J indicates the edit operation times that need to be carried out from source string to target string;
D indicates file size;
The similarity value of each pair of file of two Android application and the phase of each pair of file are calculated according to the first similarity formula Like the average value of angle value, applied the average value of similarity value calculated as legal Android to be monitored and this doubtful Android The text file similarity and code similarity of application.
In the above-mentioned pirate Android application discriminating method of the present invention, to legal Android application to be monitored and this doubtful Android Using the step of carrying out similarity analysis further include:
Legal Android to be monitored, which is calculated, by the second calculating formula of similarity applies the image applied with this doubtful Android File similarity;Wherein
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Indicate the image similarity between legal Android application to be monitored and this doubtful Android application;
H0Indicate each image of average Hamming distance value, i.e., legal Android application to be monitored and this doubtful Android application The average value of the Hamming distance value of file.
In the above-mentioned pirate Android application discriminating method of the present invention, average Hamming distance value H0Calculating process include it is as follows Step:
The comparison of first image file and this doubtful Android application of legal Android application to be monitored will be used to characterize First Hamming distance value of the similarity of image file is set as H1, H is to be incremented by variable, and the value of H is defaulted as 0;
By first image file of legal Android application to be monitored and the contrast images file difference of doubtful Android application Be contracted to the dimension of picture of 8*8, to after the minification the first image file and contrast images file carry out at ashing respectively Reason;
The gray scale of each pixel of first image file of ashed processing and the average gray of 64 pixels are calculated, The gray scale of each pixel under first image file and the average gray of 64 pixels are compared one by one, according to comparing As a result the first character matrix of the 8*8 form being made of number 0 and number 1 is constructed;
The gray scale of the gray scale and 64 pixels that calculate each pixel of the contrast images file of the doubtful Android application is average Value, the average gray of the gray scale of each pixel under the contrast images file and 64 pixels is compared one by one, according to Second character matrix of the 8*8 form that comparison result building is made of number 0 and number 1;
First character matrix number identical with coordinate position in the second character matrix is compared one by one, judges that this is right Whether number is identical, such as different, then by H1Value add 1;
Accumulative H1Value;
It repeats the above steps, successively obtains H1。。。。。。HNValue;
To H1To HNValue be weighted and averaged, obtain H0
H0Calculation formula it is as follows:
Wherein, N indicates the quantity of the image file of legal Android application to be monitored and the application of doubtful Android.
The present invention also constructs a kind of pirate Android application discrimination system, the system comprises:
Android application channel monitors system, for acquiring the basic of each money Android application from major Android application channel website Information downloads Android application installation package from related download source according to the application download address in Android application essential information;
Android application data store center, for the Android application essential information to Android application channel monitoring system acquisition And the Android application installation package progress of downloading is centrally stored;
Android application database, the legal Android including being provided based on Android application developers are pacified using constructed legal copy Tall and erect application information table is based on magnanimity Android for receiving the magnanimity Android application data from Android application data store center Using data building comprising Apply Names, using the Android application information table of recommended information and version information;
Android application difference analysis system, for being selected from the legal Android application information table of Android application database Legal copy Android application to be monitored is filtered out from the Android application information table and legal peace to be monitored according to the screening conditions of input The associated all doubtful Android applications of Zhuo Yingyong, and the doubtful Android is answered according to the Android application version decision condition of setting Legal application, old edition application and pirate application in are screened one by one.
In the above-mentioned pirate Android application discrimination system of the present invention, the Android application channel monitoring system includes being laid in Domestic and international different zones, are designed using distributed structure/architecture, for acquiring Android application page information from Android application channel website First server cluster, be laid in domestic and international different zones, designed using distributed structure/architecture, for according to the first server Second server cluster of the Android application download address that cluster crawls from respective downloaded source downloading Android application installation package.
In the above-mentioned pirate Android application discrimination system of the present invention, the Android application difference analysis system includes:
Selecting module, for selecting legal Android application to be monitored from legal Android application information table, according to input Screening conditions are filtered out with legal Android to be monitored from Android application information table using associated all doubtful Android applications;
Android application decompilation module, for legal Android application installation package to be monitored and doubtful Android application installation package Decompiling is carried out, packet name, the signing certificate, Apply Names, resource file, configuration text of legal Android application to be monitored are respectively obtained Part and smali file and doubtful Android application packet name, signing certificate, Apply Names, resource file, configuration file and Smali file;
Android application similarity analysis module is answered for calculating legal Android to be monitored according to the first calculating formula of similarity With the similarity and code similarity of each file applied with doubtful Android, and for according to the second calculating formula of similarity It calculates legal Android to be monitored and applies the image file similarity applied with doubtful Android;
Android application version determination module, for legal copy/old version Android application decision condition referring to setting to doubtful It is screened like legal application, the old edition application in Android application, and provided based on Android application similarity analysis module Legal copy Android to be monitored applies text file similarity, code similarity and the image file similarity applied with doubtful Android simultaneously The pirate application in the application of doubtful Android is screened in conjunction with the pirate Android application decision condition of setting.
Implement the pirate Android application discriminating method of the present invention and pirate Android application discrimination system, can reach following beneficial to effect Fruit:
1, pirate Android application the discrimination system of the present invention can according to Apply Names and application monitoring keyword lookup with wait supervise Survey legal Android and apply associated all doubtful Android applications, to legal Android application to be monitored and its doubtful Android apply into Row similarity analysis (including text file similarity analysis, code similarity analysis, image file similarity analysis), according to phase It is analyzed like degree as a result, and combining the pirate Android application decision condition of setting to pirate comprehensive using carrying out in the application of doubtful Android Conjunction is studied and judged, and for existing pirate Android application decision technology, has the examination efficiency of pirate application and accuracy rate high, accidentally Sentence the extremely low outstanding advantages of rate.
2, in pirate Android application discrimination system of the invention, Android application safety estimation system can be to the robber in pirate library The security risk (hiding malicious code and its malicious act in pirate application) of version application is analyzed and is assessed, according to commenting Estimate result and generate pirate Android application security analysis report, therefore this system can enumerate pirate Android and apply and provide pirate Android Application security analysis report is for reference, avoids user from downloading pirate Android and applies and sustain a loss.
3, in Android application monitoring report generation system of the present invention, Android application difference analysis system can be to be monitored Legal application, old edition application and pirate application in all doubtful Android applications of legal Android application carry out quickly and efficiently Screen, Android application monitoring report generation system can the examination result based on Android application difference analysis system to it is to be monitored just Legal application, old edition application, total download of pirate application and respective channel source in version Android application are counted, out Has the downloading service condition monitoring report of legal Android application to be monitored, convenient for legal Android application developers right-safeguarding.
Detailed description of the invention
Fig. 1 is the structural block diagram for the pirate Android application discrimination system that first preferred embodiment of the invention provides;
Fig. 2 is the structural block diagram of the Android application channel monitoring system under pirate Android application discrimination system shown in FIG. 1;
Fig. 3 is the structural frames of the Android application difference analysis system under pirate Android application discrimination system shown in FIG. 1 Figure;
Fig. 4 is the flow chart for the pirate Android application discriminating method that second preferred embodiment of the invention provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described.Based on the embodiments of the present invention, Every other embodiment obtained by those of ordinary skill in the art without making creative efforts, belongs to this hair The range of bright protection.
Embodiment one
The present embodiment discloses a kind of pirate Android application discrimination system.
As shown in Figure 1, the piracy Android application discrimination system includes sequentially connected Android application channel monitoring system 100, Android application data store center 200, Android application difference analysis system 300, Android application database 400 and The Android application safety estimation system 500 and Android application monitoring report for connecting Android application database 400 generate system 600. Wherein:
Android application channel monitoring system 100 is for acquiring by each channel website (for example including major movement including 360 Application resource website) publication each money Android application essential information, according in Android application essential information application downloading ground Location is downloaded from related download source (for example, 360 mobile application stores, millet mobile application store, Huawei's mobile application store) pacifies Tall and erect application installation package.
Android application data store center 200 is used for the Android application base acquired to Android application channel monitoring system 100 This information and the Android application installation package of downloading carry out centrally stored.
Android application database 400 is for receiving the magnanimity Android application number from Android application data store center 200 According to based on the building of magnanimity Android application data comprising Apply Names, using the Android application message of recommended information and version information Table.
Android application safety estimation system 500 be used for the malicious code and its malicious act hidden in pirate application into Row analysis and assessment generate pirate Android application safety in operation assessment result.
Android application monitoring report generates system 600 and is used for all doubtful Android applications to legal Android application to be monitored In legal application, old edition application, the download of pirate application and its channel source counted, generate Android application monitoring report It accuses.
Android application database 400 further includes the legal copy of the legal Android application build provided based on Android application developers Android application information table and storage are for screening legal Android application, the application of old version Android and pirate Android application The Android application version critical parameter table of adjustable parameter (i.e. Android application version decision condition).Android application version of the present invention is sentenced Determining parameter list includes for screening the first decision condition of legal Android application, second for screening the application of old version Android Decision condition and the third decision condition applied for screening pirate Android;Wherein
First decision condition is as follows: a1, Apply Names are identical;B1, the packet name of Android application installation package are identical;C1, version Information is identical;D1, signing certificate are identical;
Second decision condition is as follows: a2, Apply Names are identical;B2, the packet name of Android application installation package are identical;C2, version Information is different;D2, signing certificate are identical;
Third decision condition is as follows: a3, Apply Names are substantially similar;B3, the packet name of Android application installation package are similar;d3, Signing certificate is different;E, legal Android to be monitored applies the code similarity applied with doubtful Android not less than the code phase set Like degree threshold value (preferably 85%);F, legal Android to be monitored applies the text file similarity applied with doubtful Android to be not less than The text file similarity threshold (preferably 60%) of setting;G, legal Android to be monitored applies the image applied with doubtful Android Image file similarity threshold (preferably 75%) of the file similarity not less than setting.
Android application difference analysis system 300 from legal Android application information table for choosing legal Android to be monitored Using being filtered out from Android application information table according to the screening conditions of input with legal Android to be monitored using associated institute There is doubtful Android application, the legal copy in the doubtful Android application is applied according to the Android application version decision condition of setting, is old Version application and pirate application are screened.
As shown in Fig. 2, Android application channel monitoring system 100 of the present invention includes that several are laid in both at home and abroad not same district Domain is designed using distributed structure/architecture, for from major channel website acquisition Android application essential information (including using reference Breath, using download address, developer's information, application version) first server cluster 101 and be laid in domestic and international difference Region is designed using distributed structure/architecture, and the Android application download address for being provided according to first server cluster 101 is from Android Using the second server cluster 102 of loading source downloading Android application installation package.First server cluster 101 and second server Cluster 102 includes more Cloud Servers.
As shown in figure 3, Android application difference analysis system 300 of the present invention includes sequentially connected selecting module 301, peace Zhuo Yingyong decompilation module 302, Android application similarity analysis module 303 and Android application version determination module 304.
Selecting module 301 from legal Android application information table for selecting legal Android application to be monitored, according to input Screening conditions filter out from Android application information table and answered with legal Android to be monitored using associated all doubtful Androids With;
Android application decompilation module 302 is used for legal Android application installation package to be monitored and the application installation of doubtful Android Packet carries out decompiling, respectively obtains packet name, the signing certificate, Apply Names, resource file, configuration of legal Android application to be monitored File and smali file and doubtful Android application packet name, signing certificate, Apply Names, resource file, configuration file and Smali file.
Android application similarity analysis module 303 is used to calculate legal Android to be monitored according to the first calculating formula of similarity Using the similarity and code similarity of each file applied with doubtful Android, and for according to the second similarity calculation public affairs Formula calculates legal Android to be monitored and applies the image file similarity applied with doubtful Android.
Android application version determination module 304 is used for legal copy/old version Android application decision condition pair referring to setting Legal application, old edition application in doubtful Android application are screened, and are applied and doubtful peace based on legal Android to be monitored Text file similarity, code similarity and the image file similarity of Zhuo Yingyong simultaneously combine the pirate Android application of setting to determine Condition screens the pirate application in the application of doubtful Android.
In pirate Android application discrimination system of the invention:
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiIndicate the one of file and the documents of this doubtful Android application of legal Android application to be monitored Similarity;
I indicates the reference number of a document sequence of Android application;
J indicates the edit operation times that need to be carried out from source string to target string;
D indicates file size.
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Indicate the image similarity between legal Android application to be monitored and this doubtful Android application;
H0Indicate each image of average Hamming distance value, i.e., legal Android application to be monitored and this doubtful Android application The average value of the Hamming distance value of file.
Embodiment two
The present embodiment discloses a kind of pirate Android based on pirate Android application discrimination system described in embodiment one and answers Use discriminating method.As shown in figure 4, the process flow of this method includes the following steps:
Step 101, this system operator preset Android application version decision condition (including for screening legal peace The first decision condition of Zhuo Yingyong, for screen old version Android application the second decision condition and for screening pirate Android The third decision condition of application), the related supplemental characteristic of Android application version decision condition is stored in Android database Android application version critical parameter table.
This system operator is answered based on the legal Android application build one legal Android that Android application developers provide With information table, legal Android application information table is stored in Android database.
Step 102 monitors system 100 by Android application channel from the basic letter of major channel website acquisition Android application Breath downloads Android application installation package using website from related Android according to the application download address in Android application essential information The Android application essential information of acquisition and the Android application installation package of downloading are imported Android by (Android Package, APK) Application data store center 200.
Step 103, Android application difference analysis system 300 are by the Android from Android application data store center 200 Using data conversion storage in Android application database 400.
Step 104, the selecting module 301 of Android application difference analysis system 300 are from legal Android application information table Legal application to be monitored is selected, according to the screening conditions (including Apply Names, keyword) of input from Android application database 400 Middle screening (can be in Apply Names and screening conditions with legal Android to be monitored using associated all doubtful Android applications The similar Android application of Apply Names, or application recommended information in include the keyword Android application).
Step 105, Android application decompilation module 302 are to legal Android application to be monitored and associated all doubtful peaces The installation kit of Zhuo Yingyong carries out decompiling, respectively obtain the packet name of legal Android application to be monitored, signing certificate, Apply Names, Resource file, configuration file and smali file and the packet name of the doubtful Android application of each money, signing certificate, Apply Names, money Source file, configuration file and smali file.
Apply Names, packet name, the label that step 106, Android application version determination module 304 apply legal Android to be monitored Name certificate, resource file, configuration file and smali file and Apply Names, packet name, the signature of the doubtful Android application of each money are demonstrate,proved Book, resource file, configuration file and smali file are compared respectively.
Such as Apply Names, packet name, version information, signing certificate and certain a doubtful Android of legal Android application to be monitored Apply Names, packet name, version information, the signing certificate of application respectively correspond it is identical, then determine this doubtful Android apply for Monitor the legal application of legal Android application.
Such as the Apply Names of legal Android application to be monitored, the application of packet name, signing certificate and the doubtful Android application of certain money Title, packet name, signing certificate correspond to identical, and the version information of legal Android application to be monitored and this doubtful Android application Version information is different, then determines that this doubtful Android applies the old version for this Android application to be monitored.
Such as the Apply Names of legal Android application to be monitored, the application of packet name, signing certificate and the doubtful Android application of certain money Title, packet name, signing certificate are different, then enter step 107.
Step 107 passes through Android application similarity analysis module 303 to legal Android application to be monitored and this doubtful peace Zhuo Yingyong carries out similarity analysis, based on application similarity analysis result and combines the pirate Android application decision condition pair set Whether this doubtful Android application, which belongs to pirate application, carries out comprehensive analysis, and piracy is included in confirmed pirate Android application Library.
Step 107 includes following sub-step:
Step 1071 is applied by the first calculating formula of similarity calculating legal Android to be monitored and is answered with this doubtful Android The similarity of each file;Wherein
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiIndicate the one of file and the documents of this doubtful Android application of legal Android application to be monitored Similarity;
I indicates the reference number of a document sequence of Android application;
J indicates the edit operation times that need to be carried out from source string to target string;
D indicates file size;
Step 1072, the similarity value of each pair of file that the application of two Android is calculated according to the first similarity formula and each right The average value of the similarity value of file, using the average value of similarity value calculated as legal Android application to be monitored and this The text file similarity and code similarity of doubtful Android application;
Step 1073 is applied by the second calculating formula of similarity calculating legal Android to be monitored and is answered with this doubtful Android Image file similarity;Wherein
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Indicate the image similarity between legal Android application to be monitored and this doubtful Android application;
H0Indicate each image of average Hamming distance value, i.e., legal Android application to be monitored and this doubtful Android application The average value of the Hamming distance value of file.
Wherein, average Hamming distance value H in step 10730Calculating process include following sub-step:
S10731, first image file and this doubtful Android application that will be used to characterize legal Android application to be monitored The first Hamming distance value of similarity of contrast images file be set as H1, H is to be incremented by variable, and the value of H is defaulted as 0;
S10732, the contrast images text for applying first image file of legal Android application to be monitored and doubtful Android Part is contracted to the dimension of picture of 8*8 respectively, to after the minification the first image file and contrast images file carry out respectively Ashing processing;
S10733, calculate ashed processing first image file each pixel gray scale and 64 pixels gray scale The gray scale of each pixel under first image file and the average gray of 64 pixels are compared by average value one by one, According to the first character matrix of the 8*8 form that comparison result building is made of number 0 and number 1;
S10734, calculate doubtful Android application contrast images file each pixel gray scale and 64 pixels ash Average value is spent, the average gray of the gray scale of each pixel under the contrast images file and 64 pixels is compared one by one Compared with according to the second character matrix of the 8*8 form that comparison result building is made of number 0 and number 1;
S10735, the first character matrix number identical with coordinate position in the second character matrix is compared one by one, Judge whether this is identical to number, it is such as different, then by H1Value add 1;
Accumulative H1Value;
It repeats the above steps, successively obtains H1。。。。。。HNValue;
S10736, to H1To HNValue be weighted and averaged, obtain H0
H0Calculation formula it is as follows:
Wherein, N indicates the quantity of the image file of legal Android application to be monitored and the application of doubtful Android.
Pirate application in the pirate libraries of step 108,500 pairs of Android application safety estimation system security risk (hide in Malicious code and its malicious act in piracy application) it is analyzed and is assessed, pirate Android application is generated according to assessment result Safety analysis report.Android application monitoring report generates system 600 to all doubtful Androids of legal Android application to be monitored Legal application, old edition application, the download of pirate application and its channel source in are counted, and Android application prison is generated Observe and predict announcement.
In conclusion the advantages of present invention piracy Android application discriminating method and pirate Android application discrimination system, embodies In:
1, pirate Android application the discrimination system of the present invention can according to Apply Names and application monitoring keyword lookup with wait supervise Survey legal Android and apply associated all doubtful Android applications, to legal Android application to be monitored and its doubtful Android apply into Row similarity analysis (including text file similarity analysis, code similarity analysis, image file similarity analysis), according to phase It is analyzed like degree as a result, and combining the pirate Android application decision condition of setting to pirate comprehensive using carrying out in the application of doubtful Android Conjunction is studied and judged, and for existing pirate Android application decision technology, has the examination efficiency of pirate application and accuracy rate high, accidentally Sentence the extremely low outstanding advantages of rate.
2, in pirate Android application discrimination system of the invention, Android application safety estimation system 500 can be in pirate library The security risk (hiding malicious code and its malicious act in pirate application) of pirate application analyzed and assessed, root Pirate Android application security analysis report is generated according to assessment result, therefore this system can enumerate pirate Android and apply and provide piracy Android application security analysis report is for reference, avoids user from downloading pirate Android and applies and sustain a loss.
3, it is generated in system 600 in Android application monitoring report of the present invention, Android application difference analysis system 300 can be right Legal copy in all doubtful Android applications of legal copy Android application to be monitored is applied, old edition application and pirate application progress are quick, It effectively screens, Android application monitoring report generates system 600 can be based on the examination knot of Android application difference analysis system 300 Fruit carrys out legal application, old edition application, total download of pirate application and the respective channel in legal Android application to be monitored Source is counted, and the downloading service condition monitoring report of legal Android application to be monitored is provided, convenient for legal Android application and development Quotient's right-safeguarding.
Those of ordinary skill in the art will appreciate that realizing all or part of link in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium In, the program is when being executed, it may include such as the link of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic Dish, CD, read-only memory (Read Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..
The embodiment of the present invention is described with above attached drawing, but the invention is not limited to above-mentioned specific Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much Form, all of these belong to the protection of the present invention.

Claims (9)

1. a kind of piracy Android application discriminating method, which is characterized in that described method includes following steps:
S1, acquisition by major Android application channel website orientation Android application essential information, according to Android application essential information In application download address from related download source download Android application installation package, by the Android application essential information of acquisition and downloading Android application installation package summarize to Android application data store center;
S2, it is constructed based on the magnanimity Android application data for importing Android application data store center comprising Apply Names, using Jie The Android application database of the information that continues and version information;
S3, legal Android application to be monitored is selected from legal Android application table, according to the screening conditions of input from Android application It is filtered out in database with legal Android to be monitored using associated all doubtful Android applications, and is answered according to the Android of setting Legal application, old edition application and the pirate application in the doubtful Android application are screened one by one with version decision condition;
The method further includes following steps before the step S1:
S01, the legal Android application build legal copy Android application information table provided based on Android application developers;
S02, setting are for screening the first decision condition, second for screening the application of old version Android that legal Android is applied Decision condition and the third decision condition applied for screening pirate Android;Wherein,
First decision condition is as follows: a1, Apply Names are identical;B1, the packet name of Android application installation package are identical;C1, version Information is identical;D1, signing certificate are identical;
Second decision condition is as follows: a2, Apply Names are identical;B2, the packet name of Android application installation package are identical;C2, version Information is different;D2, signing certificate are identical;
The third decision condition is as follows: a3, Apply Names are similar;B3, the packet name of Android application installation package are similar;D3, signature Certificate is different;E, legal Android to be monitored applies the code similarity applied with doubtful Android not less than the code similarity set Threshold value;F, legal Android to be monitored applies the text file similarity applied with doubtful Android not less than the text file phase set Like degree threshold value;G, legal Android to be monitored applies the image file similarity applied with doubtful Android literary not less than the image of setting Part similarity threshold.
2. piracy Android application discriminating method according to claim 1, which is characterized in that according to input in the step S3 Screening conditions filter out from Android application information table and answered with legal Android to be monitored using associated all doubtful Androids With the step of include:
The application of the Apply Names of legal Android application to be monitored, setting is monitored into keyword as search condition in Android application Retrieved in information table in similar with Apply Names Android application, or application recommended information include the Apply Names and/or The Android application definition retrieved is the doubtful peace of legal Android application to be monitored by the Android application of the application monitoring keyword Zhuo Yingyong.
3. piracy Android application discriminating method according to claim 2, which is characterized in that according to setting in the step S3 Android application version decision condition legal application, old edition application and the pirate application in doubtful Android application are carried out one by one The step of examination includes:
Decompiling is carried out to legal Android application to be monitored and all doubtful Android applications, legal Android to be monitored is respectively obtained and answers Packet name, signing certificate, Apply Names, resource file, configuration file and smali file and the doubtful Android application of each money Packet name, signing certificate, Apply Names, resource file, configuration file and smali file;
By Apply Names, packet name, signing certificate, resource file, configuration file and the smali file of legal Android application to be monitored With Apply Names, packet name, signing certificate, resource file, configuration file and the smali file of the doubtful Android application of each money respectively into Row compares;
Such as Apply Names, packet name, version information, signing certificate and certain a doubtful Android application of legal Android application to be monitored Apply Names, packet name, version information, signing certificate respectively correspond identical, then it is to be monitored for determining that this doubtful Android is applied The legal copy of legal Android application;
Apply Names, packet name, signing certificate and the Apply Names of the doubtful Android application of certain money of legal Android application such as to be monitored, Packet name, signing certificate correspond to identical, and the version of the version information of legal Android application to be monitored and this doubtful Android application Information is different, then determines that this doubtful Android applies the old version for this Android application to be monitored;
Apply Names, packet name, signing certificate and the Apply Names of the doubtful Android application of certain money of legal Android application such as to be monitored, Packet name, signing certificate are different, then carry out similarity analysis to legal Android application to be monitored and this doubtful Android application, Based on application similarity analysis result and combine preset pirate Android application decision condition to this doubtful Android application whether Belong to pirate application and carries out comprehensive analysis.
4. piracy Android application discriminating method according to claim 3, which is characterized in that Android application similarity analysis packet Include text file similarity analysis, code similarity analysis and image file similarity analysis;
It is described to include: to the step of legal Android application to be monitored and this doubtful Android application progress similarity analysis
Legal Android to be monitored, which is calculated, by the first calculating formula of similarity applies each file applied with this doubtful Android Similarity and code similarity;Wherein
First calculating formula of similarity is as follows: Xi=(1-J/D) * 100%;
XiIndicate that one of file of legal Android application to be monitored is similar to the documents of this doubtful Android application Degree;
I indicates the reference number of a document sequence of Android application;
J indicates the edit operation times that need to be carried out from source string to target string;
D indicates file size;
The similarity value of each pair of file of two Android application and the similarity of each pair of file are calculated according to the first similarity formula The average value of value is applied the average value of similarity value calculated as legal Android to be monitored and this doubtful Android application Text file similarity and code similarity.
5. piracy Android application discriminating method according to claim 4, which is characterized in that described to legal Android to be monitored Using and this doubtful Android application carry out similarity analysis the step of further include:
Legal Android to be monitored, which is calculated, by the second calculating formula of similarity applies the image file applied with this doubtful Android Similarity;Wherein
Second calculating formula of similarity is as follows: X2=(1-H0/ 10) * 100%;
X2Indicate the image similarity between legal Android application to be monitored and this doubtful Android application;
H0Indicate each image file of average Hamming distance value, i.e., legal Android application to be monitored and this doubtful Android application Hamming distance value average value.
6. piracy Android application discriminating method according to claim 5, which is characterized in that average Hamming distance value H0Meter Calculation process includes the following steps:
The contrast images of first image file and this doubtful Android application of legal Android application to be monitored will be used to characterize First Hamming distance value of the similarity of file is set as H1, H is to be incremented by variable, and the value of H is defaulted as 0;
The contrast images file of first image file of legal Android application to be monitored and the application of doubtful Android is reduced respectively To the dimension of picture of 8*8, to after the minification the first image file and contrast images file carry out ashing processing respectively;
The gray scale of each pixel of first image file of ashed processing and the average gray of 64 pixels are calculated, by The gray scale of each pixel under one image file is compared one by one with the average gray of 64 pixels, according to comparison result First character matrix of the 8*8 form that building is made of number 0 and number 1;
The gray scale of each pixel of the contrast images file of the doubtful Android application and the average gray of 64 pixels are calculated, it will The gray scale of each pixel under the contrast images file and the average gray of 64 pixels are compared one by one, are tied according to comparing Second character matrix of the 8*8 form that fruit building is made of number 0 and number 1;
First character matrix number identical with coordinate position in the second character matrix is compared one by one, judges this to number It is whether identical, it is such as different, then by H1Value add 1;
Accumulative H1Value;
It repeats the above steps, successively obtains H1。。。。。。HNValue;
To H1To HNValue be weighted and averaged, obtain H0
H0Calculation formula it is as follows:
Wherein, N indicates the quantity of the image file of legal Android application to be monitored and the application of doubtful Android.
7. a kind of piracy Android application discrimination system, which is characterized in that the system comprises:
Android application channel monitors system, for acquiring the basic letter that each money Android is applied from major Android application channel website Breath downloads Android application installation package from related download source according to the application download address in Android application essential information;
Android application data store center, for Android application channel monitoring system acquisition Android application essential information and under The Android application installation package of load carries out centrally stored;
Android application database, the legal Android including being provided based on Android application developers are answered using constructed legal Android The application of magnanimity Android is based on for receiving the magnanimity Android application data from Android application data store center with information table Data building includes Apply Names, using the Android application information table of recommended information and version information;
Android application difference analysis system, for selecting from the legal Android application information table of Android application database wait supervise Legal Android application is surveyed, is filtered out from the Android application information table according to the screening conditions of input and is answered with legal Android to be monitored With associated all doubtful Android applications, and according to the Android application version decision condition of setting in doubtful Android application Legal application, old edition application and pirate application screened one by one;
Wherein, the Android application version decision condition of the setting includes determining item for screening the first of legal Android application Part, the second decision condition for screening the application of old version Android and the third for screening pirate Android application determine item Part;Wherein,
First decision condition is as follows: a1, Apply Names are identical;B1, the packet name of Android application installation package are identical;C1, version Information is identical;D1, signing certificate are identical;
Second decision condition is as follows: a2, Apply Names are identical;B2, the packet name of Android application installation package are identical;C2, version Information is different;D2, signing certificate are identical;
The third decision condition is as follows: a3, Apply Names are similar;B3, the packet name of Android application installation package are similar;D3, signature Certificate is different;E, legal Android to be monitored applies the code similarity applied with doubtful Android not less than the code similarity set Threshold value;F, legal Android to be monitored applies the text file similarity applied with doubtful Android not less than the text file phase set Like degree threshold value;G, legal Android to be monitored applies the image file similarity applied with doubtful Android literary not less than the image of setting Part similarity threshold.
8. piracy Android application discrimination system according to claim 7, which is characterized in that the Android application channel monitoring System includes being laid in domestic and international different zones, is designed using distributed structure/architecture, is pacified for acquiring from Android application channel website The first server cluster of tall and erect application page information is laid in domestic and international different zones, is designed using distributed structure/architecture, is used for root The Android application download address crawled according to the first server cluster from respective downloaded source downloading Android application installation package the Two server clusters.
9. piracy Android application discrimination system according to claim 8, which is characterized in that the Android application differentiation point Analysis system includes:
Selecting module, for selecting legal Android application to be monitored from legal Android application information table, according to the screening of input Condition is filtered out with legal Android to be monitored from Android application information table using associated all doubtful Android applications;
Android application decompilation module, for being carried out to legal Android application installation package to be monitored and doubtful Android application installation package Decompiling, respectively obtain the packet name of legal Android application to be monitored, signing certificate, Apply Names, resource file, configuration file and Smali file and the packet name of doubtful Android application, signing certificate, Apply Names, resource file, configuration file and smali text Part;
Android application similarity analysis module, for according to the first calculating formula of similarity calculate legal Android to be monitored apply with The similarity and code similarity of each file of doubtful Android application, and for being calculated according to the second calculating formula of similarity Legal copy Android to be monitored applies the image file similarity applied with doubtful Android;
Android application version determination module, for legal copy/old version Android application decision condition referring to setting to doubtful peace Legal application, old edition application in Zhuo Yingyong are screened, and based on the offer of Android application similarity analysis module wait supervise Legal Android is surveyed to apply text file similarity, code similarity and the image file similarity applied with doubtful Android and combine The pirate Android application decision condition of setting screens the pirate application in the application of doubtful Android.
CN201510075472.8A 2015-02-12 2015-02-12 A kind of piracy Android application discriminating method and pirate Android application discrimination system Active CN105989251B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510075472.8A CN105989251B (en) 2015-02-12 2015-02-12 A kind of piracy Android application discriminating method and pirate Android application discrimination system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510075472.8A CN105989251B (en) 2015-02-12 2015-02-12 A kind of piracy Android application discriminating method and pirate Android application discrimination system

Publications (2)

Publication Number Publication Date
CN105989251A CN105989251A (en) 2016-10-05
CN105989251B true CN105989251B (en) 2019-03-29

Family

ID=57042109

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510075472.8A Active CN105989251B (en) 2015-02-12 2015-02-12 A kind of piracy Android application discriminating method and pirate Android application discrimination system

Country Status (1)

Country Link
CN (1) CN105989251B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106548074A (en) * 2016-12-09 2017-03-29 江苏通付盾科技有限公司 Application program analyzing monitoring method and system
CN106919844B (en) * 2017-02-14 2019-08-02 暨南大学 A kind of android system vulnerability of application program detection method
CN107220527A (en) * 2017-04-18 2017-09-29 努比亚技术有限公司 One kind application discriminating method and application management equipment
CN109002441A (en) * 2017-06-06 2018-12-14 阿里巴巴集团控股有限公司 Determination method, the exception of Apply Names similarity apply detection method and system
CN109583157A (en) * 2017-09-29 2019-04-05 卓望数码技术(深圳)有限公司 A kind of long-range trace protecting method of APP and system
CN110610066B (en) * 2018-06-15 2022-08-09 武汉安天信息技术有限责任公司 Counterfeit application detection method and related device
CN110362729A (en) * 2019-07-03 2019-10-22 杭州安恒信息技术股份有限公司 Non- restocking risk APP search method based on search engine
CN111046316B (en) * 2019-12-16 2023-03-21 北京智游网安科技有限公司 Application on-shelf state monitoring method, intelligent terminal and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222199A (en) * 2011-06-03 2011-10-19 奇智软件(北京)有限公司 Method and system for identifying identification of application program
CN102779257A (en) * 2012-06-28 2012-11-14 奇智软件(北京)有限公司 Security detection method and system of Android application program
CN103324697A (en) * 2013-06-07 2013-09-25 北京掌汇天下科技有限公司 Method for removing copycatting applications in android application search and based on icon contrast
CN104123493A (en) * 2014-07-31 2014-10-29 百度在线网络技术(北京)有限公司 Method and device for detecting safety performance of application program
CN104133832A (en) * 2014-05-15 2014-11-05 腾讯科技(深圳)有限公司 Pirate application identification method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222199A (en) * 2011-06-03 2011-10-19 奇智软件(北京)有限公司 Method and system for identifying identification of application program
CN102779257A (en) * 2012-06-28 2012-11-14 奇智软件(北京)有限公司 Security detection method and system of Android application program
CN103324697A (en) * 2013-06-07 2013-09-25 北京掌汇天下科技有限公司 Method for removing copycatting applications in android application search and based on icon contrast
CN104133832A (en) * 2014-05-15 2014-11-05 腾讯科技(深圳)有限公司 Pirate application identification method and device
CN104123493A (en) * 2014-07-31 2014-10-29 百度在线网络技术(北京)有限公司 Method and device for detecting safety performance of application program

Also Published As

Publication number Publication date
CN105989251A (en) 2016-10-05

Similar Documents

Publication Publication Date Title
CN105989251B (en) A kind of piracy Android application discriminating method and pirate Android application discrimination system
US9178899B2 (en) Detecting automated site scans
CN103493061B (en) For the method and apparatus tackling Malware
US11570211B1 (en) Detection of phishing attacks using similarity analysis
US10097360B2 (en) Automated test to tell computers and humans apart
Sun et al. DroidEagle: Seamless detection of visually similar Android apps
CN108509775B (en) Malicious PNG image identification method based on machine learning
US9032085B1 (en) Identifying use of software applications
US9584543B2 (en) Method and system for web integrity validator
CN104486140B (en) It is a kind of to detect device and its detection method that webpage is held as a hostage
JP2019526137A (en) System and method for identifying matching content
JP2019527444A (en) System and method for identifying matching content
CN103279710B (en) Method and system for detecting malicious codes of Internet information system
Suarez-Tangil et al. Stegomalware: Playing hide and seek with malicious components in smartphone apps
CN111163095B (en) Network attack analysis method, network attack analysis device, computing device, and medium
US20190222587A1 (en) System and method for detection of attacks in a computer network using deception elements
AU2012211490A1 (en) Systems and methods for identifying associations between malware samples
Siby et al. {WebGraph}: Capturing advertising and tracking information flows for robust blocking
CN111163094B (en) Network attack detection method, network attack detection device, electronic device, and medium
CN106302515B (en) A kind of method and apparatus of web portal security protection
CN110334301B (en) Page restoration method and device
Demir et al. On the Similarity of Web Measurements Under Different Experimental Setups
CN113254984A (en) Webpage monitoring method and device, storage medium and equipment
Bartoli et al. How phishing pages look like?
US20110191853A1 (en) Security techniques for use in malicious advertisement management

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant