CN106713246A - Method and apparatus for detecting application program page hijacking, and mobile terminal - Google Patents
Method and apparatus for detecting application program page hijacking, and mobile terminal Download PDFInfo
- Publication number
- CN106713246A CN106713246A CN201510790695.2A CN201510790695A CN106713246A CN 106713246 A CN106713246 A CN 106713246A CN 201510790695 A CN201510790695 A CN 201510790695A CN 106713246 A CN106713246 A CN 106713246A
- Authority
- CN
- China
- Prior art keywords
- page
- target pages
- application program
- information
- pages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Navigation (AREA)
Abstract
The invention provides a method and apparatus for detecting application program page hijacking, and a mobile terminal, and relates to the field of communication. The problems that a hijacked page cannot be effectively detected, the efficiency is relatively low and that the operation efficiency of an application program is affected in the prior art are solved. The method comprises the following steps: when a first application program operates, if a target page displayed at the most front end of the first application program is the same as or similar to the page in an activated state, extracting packet name information of the target page, wherein the page in the activated state is a page that is about to be displayed in the first application program; determining whether the target page is a hijacked page or a suspicious hijacked page according to the packet name information of the target page; if the target page is the suspicious hijacked page, extracting application feature information of the target page according to the packet name information of the target page; and determining whether the target page is the hijacked page according to the application feature information of the target page. The scheme of the invention effectively detects the hijacked page and improves the accuracy and the detection efficiency.
Description
Technical field
The present invention relates to the communications field, detection method, device that more particularly to a kind of application program page is kidnapped
And mobile terminal.
Background technology
With intelligent mobile terminal explosive increase, intelligent mobile terminal is faced, and security issues become increasingly urgent,
Such as Malware, harassing call, refuse messages, privacy are stolen, Pagejack is gone fishing, and are not only made vast
The interests of user suffer a loss, while the business for having a strong impact on company is carried out and brand image.
With developing rapidly for mobile terminal internet, intelligent mobile terminal increases, evil on mobile terminal
Meaning program code is threatened and also gradually increased.Current user by intelligent mobile terminal APP (Application,
Application program) paid, transfer accounts it is more and more universal, but user using these APP when need to be input into account
Number, the sensitive information such as password, when this allows for that rogue program is counterfeit to kidnap the APP interfaces that user uses,
An interface for striking resemblances can be forged, the basic None- identified of domestic consumer is true and false.When user is forging boundary
After face input account, password, user profile just can be uploaded to rogue program by rogue program with quiet
Server, so as to steal the sensitive information such as account, password, identity information of user, or even can inveigle user
Using the page of personation transfer accounts waiting and operate, cause the interests of user to be lost.
Currently for the detection method of intelligent mobile terminal APP Pagejacks, the main means for using are to sentence
With the presence or absence of in the advance white and black list for building, foundation judges the disconnected characteristic information for extracting the page
As a result, determine whether be held as a hostage in the APP pages.Such as, when target pages are displayed in screen foremost,
Acquisition is currently at the characteristic information of the page of state foremost;According to acquired characteristic information, institute is judged
Whether the page for stating the state foremost that is currently at meets default security feature;If it is not, then determining system
There is Pagejack risk.
Such scheme can be on the premise of operating system mechanism not be changed, directly by extending system letter
Several modes are realized, realized simple and convenient.But, the page and original APP of current rogue program personation
The page it is basically identical, it might even be possible to the page of original APP is directly replicated, so as to cause rogue program
Kidnap the page consistent with the feature of original APP pages, it is impossible to be identified by way of aspect ratio pair.
Meanwhile, target pages feature needs to compare with all APP page features, and this is more for the page
For large-scale application, the operational efficiency of APP can be directly affected, and Pagejack detection efficiency it is same compared with
It is low.Also there is a problem of that blacklist storehouse complete or collected works cannot be built.
The content of the invention
The technical problem to be solved in the present invention is to provide detection method, the device that a kind of application program page is kidnapped
And mobile terminal, solve prior art cannot effective detection kidnap the page, it is less efficient, and APP can be influenceed
The problem of operational efficiency.
In order to solve the above technical problems, embodiments of the invention provide the detection that a kind of application program page is kidnapped
Method, including:
When the first application program is run, if first application program be displayed in target pages foremost with
The page being active is same page or similar pages, then extract the bag name information of the target pages,
The page that is active is the page that will be shown in first application program;
Bag name information according to the target pages, determines whether the target pages are to kidnap the page or can
Doubt and kidnap the page;
If the target pages are the suspicious abduction page, the bag name information extraction institute according to the target pages
State the application characteristic information of target pages;
Application characteristic information according to the target pages, determines whether the target pages are to kidnap the page.
Wherein, the bag name information according to the target pages, determines whether the target pages are abduction
The page or the suspicious abduction page, including:
The bag name information of the target pages is compared with the bag name information of first application program;
If the bag name information of the target pages is consistent with the bag name information of first application program, it is determined that
The target pages are the suspicious abduction page, otherwise, it determines the target pages are the abduction page.
Wherein, the application characteristic information according to the target pages, determine the target pages whether be
The page is kidnapped, including:
The application characteristic information of the target pages is entered with the application characteristic information of first application program
Row is compared;
If the application characteristic information of the application characteristic information of the target pages and first application program is not
Unanimously, it is determined that the target pages are to kidnap the page, otherwise, it determines the target pages are described first
The original page of application program.
Wherein, the application feature letter of target pages described in the bag name information extraction according to the target pages
Breath includes:
Bag name information according to the target pages reversely extracts the progress information and/or number of the target pages
Word certificate.
Wherein, if first application program is displayed in target pages foremost and is active
The page be same page or similar pages, then extract the target pages bag name information before, the inspection
Survey method also includes:
Extract the page feature information of the target pages, and by the page feature information of the target pages with
The page feature information of the page being active is compared, and the page feature information is included extremely
A kind of few page feature;
If having at least one page feature with described in activation in the page feature information of the target pages
The page feature of the page of state is consistent, it is determined that the target pages are with the page that is active
Same page;
If having at least one page feature with described in activation in the page feature information of the target pages
The page feature of the page of state is similar features, it is determined that the target pages are active with described
The page is similar pages.
Wherein, the page feature information for extracting the target pages, and by the page of the target pages
Before characteristic information is compared with the page feature information of the page being active, the detection
Method also includes:
Extract the page feature information of all pages of the first application program and preserved, the page is special
Reference breath includes one or more in bag name, layout, color, control title and the content of pages of the page.
Wherein, the page feature information for extracting the target pages, and by the page of the target pages
Before characteristic information is compared with the page feature information of the page being active, the detection
Method also includes:
The state of the page that will be shown in first application program is set to state of activation, it is described will
The page of display is the page that first application program is being called or will be entered by returning to function
The page.
In order to solve the above technical problems, embodiments of the invention also provide the inspection that a kind of application program page is kidnapped
Device is surveyed, including:
First extraction module, for when the first application program is run, if first application program is displayed in
Target pages foremost are same page or similar pages with the page being active, then extract described
Target pages bag name information, the page being active be first application program in will show
The page for showing;
First determining module, for the bag name information according to the target pages, determines that the target pages are
No is the abduction page or the suspicious abduction page;
Second extraction module, if being the suspicious abduction page for the target pages, according to the page object
The application characteristic information of target pages described in the bag name information extraction in face;
Second determining module, for the application characteristic information according to the target pages, determines the page object
Whether face is to kidnap the page.
Wherein, first determining module includes:
First comparing unit, for by the bag of the bag name information of the target pages and first application program
Name information is compared;
First determining unit, if the bag of bag name information and first application program for the target pages
Name information is consistent, it is determined that the target pages are the suspicious abduction page, otherwise, it determines the target pages
To kidnap the page.
Wherein, second determining module includes:
Second comparing unit, for by the application characteristic information of the target pages and first application program
Application characteristic information compare;
Second determining unit, if for the application characteristic information and first application program of the target pages
Application characteristic information it is inconsistent, it is determined that the target pages for kidnap the page, otherwise, it determines the mesh
The mark page is the original page of the first application program.
Wherein, second extraction module includes:
First extraction unit, the target pages are reversely extracted for the bag name information according to the target pages
Progress information and/or digital certificate.
Wherein, the detection means also includes:
3rd extraction module, the page feature information for extracting the target pages, and by the page object
The page feature information in face is compared with the page feature information of the page being active, described
Page feature information includes at least one page feature;
3rd determining module, if special for there is at least one page in the page feature information of the target pages
Levy consistent with the page feature of the page being active, it is determined that the target pages and the place
In the state of activation page be same page;
4th determining module, if special for there is at least one page in the page feature information of the target pages
It is similar features to levy with the page feature of the page being active, it is determined that the target pages with
The page that is active is for similar pages.
Wherein, the detection means also includes:
4th extraction module, the page feature information for extracting all pages of the first application program is gone forward side by side
Row is preserved, and the page feature information is included in bag name, layout, color, control title and the page of the page
One or more in appearance.
Wherein, the detection means also includes:
Setup module, for the state of the page that will be shown in first application program to be set into activation
State, the page that will show is the page that first application program is being called or by returning to work(
The page that will can enter.
In order to solve the above technical problems, embodiments of the invention also provide a kind of mobile terminal, including:As above
The detection means that the described application program page is kidnapped.
Above-mentioned technical proposal has the beneficial effect that:
The detection method that the application program page of the embodiment of the present invention is kidnapped, runs in the first application program first
When, if the first application program is displayed in target pages foremost and the page being active is same page
Face or similar pages, then extract the bag name information of target pages, wherein the page being active is first
The page that will be shown in application program;Then the bag name information according to target pages, determines that target pages are
No is the abduction page or the suspicious abduction page;If target pages are the suspicious abduction page, according to target pages
Registration information extraction target pages application characteristic information, and according to the application characteristic information of target pages,
Determine whether target pages are to kidnap the page.The application characteristic information that the method passes through reversely extraction target pages,
Can effectively realize kidnapping target pages the detection of situation, improve the accuracy and detection efficiency of detection, solve
Prior art of having determined cannot effective detection kidnap the page, it is less efficient, and APP operational efficiency can be influenceed
Problem.
Brief description of the drawings
Fig. 1 is the detection method flow chart that the application program page of the present invention is kidnapped;
Fig. 2 is the flow chart of the specific embodiment of detection method one that the application program page of the present invention is kidnapped;
Fig. 3 is the structural representation of the detection means that the application program page of the present invention is kidnapped.
Specific embodiment
To make the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with attached
Figure and specific embodiment are described in detail.
As shown in figure 1, the detection method that a kind of application program page of the embodiment of the present invention is kidnapped, including:
Step 101, when the first application program is run, if first application program is displayed in foremost
Target pages are same page or similar pages with the page being active, then extract the target pages
Bag name information, the page that is active is the page that will be shown in first application program.
Here, if it is same page or phase to be displayed in target pages foremost and the page being active
Like the page, then the target pages are likely to be the page being held as a hostage, it is necessary to pass through following step to target pages
Further detected.
Step 102, the bag name information according to the target pages, determines whether the target pages are abduction
The page or the suspicious abduction page.
Step 103, if the target pages are the suspicious abduction page, the bag name according to the target pages
The application characteristic information of target pages described in information extraction.
Step 104, the application characteristic information according to the target pages, determine the target pages whether be
Kidnap the page.
Here, by reversely extracting the application characteristic information of target pages, effectively target pages can be determined whether
To kidnap the page.
The detection method that the application program page of the embodiment of the present invention is kidnapped, runs in the first application program first
When, if the first application program is displayed in target pages foremost and the page being active is same page
Face or similar pages, then extract the bag name information of target pages, wherein the page being active is first
The page that will be shown in application program;Then the bag name information according to target pages, determines that target pages are
No is the abduction page or the suspicious abduction page;If target pages are the suspicious abduction page, according to target pages
Registration information extraction target pages application characteristic information, and according to the application characteristic information of target pages,
Determine whether target pages are to kidnap the page.The application characteristic information that the method passes through reversely extraction target pages,
Can effectively realize kidnapping target pages the detection of situation, improve the accuracy and detection efficiency of detection, solve
Prior art of having determined cannot effective detection kidnap the page, it is less efficient, and APP operational efficiency can be influenceed
Problem.
Preferably, the step of above-mentioned steps 102 can include:
Step 1021, by the bag name information of the bag name information of the target pages and first application program
Compare;
Step 1022, if the bag name information of the bag name information of the target pages and first application program
Unanimously, it is determined that the target pages are the suspicious abduction page, otherwise, it determines the target pages are abduction
The page.
Here, the bag name information of all pages of the first application program should be with the first application program of current operation
Bag name it is consistent, if the bag name information of target pages is inconsistent with the bag information of the first application program, can
Determine that the target pages are the abduction page forged;If the bag name information of target pages and the first application program
Bag name information is consistent, it is likely that be that target pages replicate the original page of the first application program completely, therefore
Determine target pages for it is suspicious abduction the page, it is necessary to further be detected to target pages.
Now, compare with the bag name information of the first application program by by the bag name information of target pages,
Can further detect whether target pages are to kidnap the page, it is ensured that the accuracy and validity of detection, improve
Detection efficiency.
Preferably, the step of above-mentioned steps 104 can include:
Step 1041, by the application of the application characteristic information of the target pages and first application program
Characteristic information is compared;
Step 1042, if the application of the application characteristic information of the target pages and first application program
Characteristic information is inconsistent, it is determined that the target pages are the abduction page, otherwise, it determines the target pages
It is the original page of the first application program.
Here, the application characteristic information of all pages of the first application program should also be answered with the first of current operation
Application characteristic information with program is consistent, if the application characteristic information of target pages differs with the first application program
Cause, then can determine that target pages to kidnap the page;If the application characteristic information of target pages and first applies journey
Sequence is consistent, because kidnapping the page can not completely replicate the application characteristic information of the page, therefore can determine that page object
Face is the original page of the first application program.
Now, it is consistent in the bag name information of target pages and the bag name information of the first application program, determine target
When the page is for the suspicious abduction page, by answering the application characteristic information of target pages and the first application program
Further compared with characteristic information, can effective detection target pages whether be kidnap the page, it is ensured that inspection
The accuracy and validity of survey, improve detection efficiency.
Specifically, the step of above-mentioned steps 103 can include:
Bag name information according to the target pages reversely extracts the progress information and/or number of the target pages
Word certificate.
Now, the progress information and/or number of target pages can be reversely extracted according to the bag name information of target pages
Word certificate, so as to be carried out by by the progress information and/or digital certificate of target pages and the first application program
Compare, can effectively determine whether target pages are to kidnap the page, improve the accuracy of detection.
Wherein, in Android Android device, its APK store path is in/data/app ,/system/app
Read right is each provided with to arbitrary user with/tri- files of system/priv-app, it is not necessary to System Privileges
Just can read application related information.
Certain APK in/data/app, the process letter of/system/app and/tri- files of system/priv-app
Breath is as follows:
ls-al/data/app
-rw-r--r--system system 7376902 1970-01-13 14:07 NewsArticle-3.6.apk
-rw-r--r--system system 10317590 1970-01-13 14:07 cleanmaster.apk
-rw-r--r--system system 13857237 2015-04-30 14:07 com.ali.money.shield-
2.apk
ls-al/system/app
-rw-r--r--root root 18938 2015-04-23 09:56 AntHalService.apk
-rw-r--r--root root 585808 2015-04-23 09:56 Antispam.apk
-rw-r--r--root root 16361 2015-04-23 09:56 ApplicationsProvider.apk
ls-al/system/priv-app
-rw-r--r--root root 1473168 2015-04-23 09:56 AuthManager.apk
-rw-r--r--root root 428407 2015-04-23 09:56 Backup.apk
-rw-r--r--root root 15674 2015-04-23 09:56 BackupRestoreConfirmation.apk
Now, the progress information of the APK can be directly read in three files.
Certainly, the system equipment of read right is not provided for other, application is read again after System Privileges can be obtained
Relevant information.
Preferably, before above-mentioned steps 101, the detection method can also include:
Step 1001, extracts the page feature information of the target pages, and by the page of the target pages
Region feature information is compared with the page feature information of the page being active, and the page is special
Reference breath includes at least one page feature;
Step 1002, if having at least one page feature and institute in the page feature information of the target pages
The page feature for stating the page being active is consistent, it is determined that the target pages are with described in activation
Status page is same page;
Step 1003, if having at least one page feature and institute in the page feature information of the target pages
The page feature for stating the page being active is similar features, it is determined that the target pages and the place
In the state of activation page be similar pages.
Now, carried out with the page feature being active by obtaining the page feature information of target pages
Compare, can effective detection current page whether with the page being active be same page or similar pages,
It is probably to mesh when kidnapping the page with target pages so as to judge whether target pages are probably the abduction page
The mark page is further detected.Wherein, it is same page in target pages and the page being active
Or during similar pages, target pages are likely to be the page being held as a hostage.
Further, the page feature information of the page, before above-mentioned steps 1001, institute are extracted for convenience
Stating detection method can also include:
Step 1004, extracts the page feature information of all pages of the first application program and is preserved,
In bag name of the page feature information including the page, layout, color, control title and content of pages one
Plant or several.
Now, by extracting the page feature information of all pages of the first application program in advance and being preserved,
Subsequent step is facilitated to the extraction of page feature information and is called, so as to optimize processing mode, improve
Treatment effeciency.
Specifically, the page feature information of extraction can be preserved in the way of following form, feature is formed
Storehouse, extracts and calls to facilitate:
| The page | Page feature information |
| The page 1 | Feature 1, feature 2, feature 3 ... |
| The page 2 | Feature 1, feature 2, feature 3 ... |
| The page 3 | Feature 1, feature 2, feature 3 ... |
| The page 4 | Feature 1, feature 2, feature 3 ... |
| .... | .... |
Preferably, before above-mentioned steps 1001, the detection method can also include:
Step 1005, the state of the page that will be shown in first application program is set to activate shape
State, the page that will show is the page that first application program is being called or by returning to function
The page that will enter.
Here, the page that the first application program can called or by returning to the page that function will enter
State of activation is set to, other page setups are frozen state, convenient to distinguish and the state of activation page is carried
Take.For example, the invoking page 2 of the page 1, the page 2 is to be displayed on foremost, now sets the page 2
State is state of activation, and the state of other pages is frozen state.
Now, by setting the page status that will be shown in advance for state of activation, facilitate follow-up to activation
The extraction of status page and call, so as to further optimize processing mode, improve treatment effeciency.
Embodiment is implemented to of the invention one below to be illustrated below:
As shown in Fig. 2 the detection method that the application program page of the embodiment of the present invention is kidnapped, including:
Step 201, extracts the page feature information of all pages of the first application program and is preserved, and is formed
Feature database.
Here, the page feature information of extraction includes bag name, layout, color, control title and the page of the page
Face content etc..
Step 202, is set to state of activation, i.e., by the state of the page that will be shown in the first application program
The page of display is referred to that the first application program is being called or by returning to the page that function will enter.
Step 203, in the first application program operation phase, extracts each and is displayed in page object foremost
The page feature information in face, the page feature information with the page being active is compared.
Step 204, whether the comparison result for judging above-mentioned steps 203 is target pages and be active
The page be same page or similar pages.
Step 205, if the judged result of above-mentioned steps 204 is yes, extracts the application bag name of target pages
Information, and jump to step 207.
Here, if having at least one page feature in the page feature information of target pages and being active
The page it is consistent or similar, it is determined that target pages to be active the page for same page or similar page
Face.
Step 206, if the judged result of above-mentioned steps 204 is no, it is determined that target pages are the first application
The original page of program, does not find Pagejack, detection of end.
Step 207, the application bag name information of target pages is compared with the bag name information of the first application program
It is right.
Step 208, judge above-mentioned steps 207 comparison result whether be target pages application bag name information
Bag name information with the first application program is consistent.
Step 209, if the judged result of above-mentioned steps 208 is yes, it is determined that target pages are suspicious abduction
The page, and jump to step 211.
Step 210, if the judged result of above-mentioned steps 208 is no, it is determined that target pages are the abduction page,
Detection of end.
Step 211, the bag name information according to target pages reversely extracts the application characteristic information of target pages,
And the application characteristic information of target pages is compared with the application characteristic information of the first application program.
Here, progress information, digital certificate etc. are included using characteristic information.
Step 212, judge above-mentioned steps 211 comparison result whether be target pages application characteristic information
It is consistent with the first application program.
Step 213, if the judged result of above-mentioned steps 212 is no, it is determined that target pages are the abduction page,
Detection of end.
Step 214, if the judged result of above-mentioned steps 212 is yes, it is determined that target pages are the first application
The original page of program, does not find Pagejack, detection of end.
The detection method that the application program page of the embodiment of the present invention is kidnapped, by reversely extracting target pages
Using characteristic information, can effectively realize kidnapping target pages the detection of situation, improve the accuracy of detection
And detection efficiency, solve prior art cannot effective detection kidnap the page, it is less efficient, and can influence
The problem of APP operational efficiency.
As shown in figure 3, embodiments of the invention also provide the detection means that a kind of application program page is kidnapped,
Including:
First extraction module, for when the first application program is run, if first application program is displayed in
Target pages foremost are same page or similar pages with the page being active, then extract described
Target pages bag name information, the page being active be first application program in will show
The page for showing;
First determining module, for the bag name information according to the target pages, determines that the target pages are
No is the abduction page or the suspicious abduction page;
Second extraction module, if being the suspicious abduction page for the target pages, according to the page object
The application characteristic information of target pages described in the bag name information extraction in face;
Second determining module, for the application characteristic information according to the target pages, determines the page object
Whether face is to kidnap the page.
The detection means that the application program page of the embodiment of the present invention is kidnapped, by reversely extracting target pages
Using characteristic information, can effectively realize kidnapping target pages the detection of situation, improve the accuracy of detection
And detection efficiency, solve prior art cannot effective detection kidnap the page, it is less efficient, and can influence
The problem of APP operational efficiency.
Preferably, first determining module can include:
First comparing unit, for by the bag of the bag name information of the target pages and first application program
Name information is compared;
First determining unit, if the bag of bag name information and first application program for the target pages
Name information is consistent, it is determined that the target pages are the suspicious abduction page, otherwise, it determines the target pages
To kidnap the page.
Preferably, second determining module can include:
Second comparing unit, for by the application characteristic information of the target pages and first application program
Application characteristic information compare;
Second determining unit, if for the application characteristic information and first application program of the target pages
Application characteristic information it is inconsistent, it is determined that the target pages for kidnap the page, otherwise, it determines the mesh
The mark page is the original page of the first application program.
Preferably, second extraction module can include:
First extraction unit, the target pages are reversely extracted for the bag name information according to the target pages
Progress information and/or digital certificate.
Further, the detection means can also include:
3rd extraction module, the page feature information for extracting the target pages, and by the page object
The page feature information in face is compared with the page feature information of the page being active, described
Page feature information includes at least one page feature;
3rd determining module, if special for there is at least one page in the page feature information of the target pages
Levy consistent with the page feature of the page being active, it is determined that the target pages and the place
In the state of activation page be same page;
4th determining module, if special for there is at least one page in the page feature information of the target pages
It is similar features to levy with the page feature of the page being active, it is determined that the target pages with
The page that is active is for similar pages.
Further, the detection means can also include:
4th extraction module, the page feature information for extracting all pages of the first application program is gone forward side by side
Row is preserved, and the page feature information is included in bag name, layout, color, control title and the page of the page
One or more in appearance.
Further, the detection means can also include:
Setup module, for the state of the page that will be shown in first application program to be set into activation
State, the page that will show is the page that first application program is being called or by returning to work(
The page that will can enter.
The detection means that the application program page of the embodiment of the present invention is kidnapped, by reversely extracting target pages
Using characteristic information, can effectively realize kidnapping target pages the detection of situation, improve the accuracy of detection
And detection efficiency, solve prior art cannot effective detection kidnap the page, it is less efficient, and can influence
The problem of APP operational efficiency.
It should be noted that the detection means that the application program page is kidnapped is to realize that electronic equipment is determined with above-mentioned
The corresponding device of method of position, all implementations are applied to the device wherein in above method embodiment
Embodiment in, can also reach same technique effect.
Because the detection means that the application program page of the embodiment of the present invention is kidnapped is applied to mobile terminal, therefore,
The embodiment of the present invention additionally provides a kind of mobile terminal, including:Application program as described in above-mentioned embodiment
The detection means of Pagejack.Wherein, the realization reality of the detection means that the above-mentioned application program page is kidnapped
Example is applied suitable for the embodiment of the mobile terminal, identical technique effect can be also reached.Shifting of the invention
Dynamic terminal such as can be mobile phone, panel computer mobile electronic device.
The above is the preferred embodiment of the present invention, it is noted that for the common skill of the art
For art personnel, on the premise of principle of the present invention is not departed from, some improvements and modifications can also be made,
These improvements and modifications also should be regarded as protection scope of the present invention.
Claims (15)
1. the detection method that a kind of application program page is kidnapped, it is characterised in that including:
When the first application program is run, if first application program be displayed in target pages foremost with
The page being active is same page or similar pages, then extract the bag name information of the target pages,
The page that is active is the page that will be shown in first application program;
Bag name information according to the target pages, determines whether the target pages are to kidnap the page or can
Doubt and kidnap the page;
If the target pages are the suspicious abduction page, the bag name information extraction institute according to the target pages
State the application characteristic information of target pages;
Application characteristic information according to the target pages, determines whether the target pages are to kidnap the page.
2. detection method according to claim 1, it is characterised in that described according to the page object
The bag name information in face, determines whether the target pages are to kidnap the page or the suspicious abduction page, including:
The bag name information of the target pages is compared with the bag name information of first application program;
If the bag name information of the target pages is consistent with the bag name information of first application program, it is determined that
The target pages are the suspicious abduction page, otherwise, it determines the target pages are the abduction page.
3. detection method according to claim 1, it is characterised in that described according to the page object
The application characteristic information in face, determines whether the target pages are to kidnap the page, including:
The application characteristic information of the target pages is entered with the application characteristic information of first application program
Row is compared;
If the application characteristic information of the application characteristic information of the target pages and first application program is not
Unanimously, it is determined that the target pages are to kidnap the page, otherwise, it determines the target pages are described first
The original page of application program.
4. detection method according to claim 1, it is characterised in that described according to the page object
The application characteristic information of target pages includes described in the bag name information extraction in face:
Bag name information according to the target pages reversely extracts the progress information and/or number of the target pages
Word certificate.
5. detection method according to claim 1, it is characterised in that if first application
Program display is same page or similar pages in target pages foremost and the page being active,
Before then extracting the bag name information of the target pages, the detection method also includes:
Extract the page feature information of the target pages, and by the page feature information of the target pages with
The page feature information of the page being active is compared, and the page feature information is included extremely
A kind of few page feature;
If having at least one page feature with described in activation in the page feature information of the target pages
The page feature of the page of state is consistent, it is determined that the target pages are with the page that is active
Same page;
If having at least one page feature with described in activation in the page feature information of the target pages
The page feature of the page of state is similar features, it is determined that the target pages are active with described
The page is similar pages.
6. detection method according to claim 5, it is characterised in that the extraction page object
The page feature information in face, and the page feature information of the target pages is active with described
Before the page feature information of the page is compared, the detection method also includes:
Extract the page feature information of all pages of the first application program and preserved, the page is special
Reference breath includes one or more in bag name, layout, color, control title and the content of pages of the page.
7. detection method according to claim 5, it is characterised in that the extraction page object
The page feature information in face, and the page feature information of the target pages is active with described
Before the page feature information of the page is compared, the detection method also includes:
The state of the page that will be shown in first application program is set to state of activation, it is described will
The page of display is the page that first application program is being called or will be entered by returning to function
The page.
8. the detection means that a kind of application program page is kidnapped, it is characterised in that including:
First extraction module, for when the first application program is run, if first application program is displayed in
Target pages foremost are same page or similar pages with the page being active, then extract described
Target pages bag name information, the page being active be first application program in will show
The page for showing;
First determining module, for the bag name information according to the target pages, determines that the target pages are
No is the abduction page or the suspicious abduction page;
Second extraction module, if being the suspicious abduction page for the target pages, according to the page object
The application characteristic information of target pages described in the bag name information extraction in face;
Second determining module, for the application characteristic information according to the target pages, determines the page object
Whether face is to kidnap the page.
9. detection means according to claim 8, it is characterised in that the first determining module bag
Include:
First comparing unit, for by the bag of the bag name information of the target pages and first application program
Name information is compared;
First determining unit, if the bag of bag name information and first application program for the target pages
Name information is consistent, it is determined that the target pages are the suspicious abduction page, otherwise, it determines the target pages
To kidnap the page.
10. detection means according to claim 8, it is characterised in that the second determining module bag
Include:
Second comparing unit, for by the application characteristic information of the target pages and first application program
Application characteristic information compare;
Second determining unit, if for the application characteristic information and first application program of the target pages
Application characteristic information it is inconsistent, it is determined that the target pages for kidnap the page, otherwise, it determines the mesh
The mark page is the original page of the first application program.
11. detection means according to claim 8, it is characterised in that the second extraction module bag
Include:
First extraction unit, the target pages are reversely extracted for the bag name information according to the target pages
Progress information and/or digital certificate.
12. detection means according to claim 8, it is characterised in that the detection means also includes:
3rd extraction module, the page feature information for extracting the target pages, and by the page object
The page feature information in face is compared with the page feature information of the page being active, described
Page feature information includes at least one page feature;
3rd determining module, if special for there is at least one page in the page feature information of the target pages
Levy consistent with the page feature of the page being active, it is determined that the target pages and the place
In the state of activation page be same page;
4th determining module, if special for there is at least one page in the page feature information of the target pages
It is similar features to levy with the page feature of the page being active, it is determined that the target pages with
The page that is active is for similar pages.
13. detection means according to claim 12, it is characterised in that the detection means is also wrapped
Include:
4th extraction module, the page feature information for extracting all pages of the first application program is gone forward side by side
Row is preserved, and the page feature information is included in bag name, layout, color, control title and the page of the page
One or more in appearance.
14. detection means according to claim 12, it is characterised in that the detection means is also wrapped
Include:
Setup module, for the state of the page that will be shown in first application program to be set into activation
State, the page that will show is the page that first application program is being called or by returning to work(
The page that will can enter.
A kind of 15. mobile terminals, it is characterised in that including:As described in claim any one of 8-14
The detection means that the application program page is kidnapped.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510790695.2A CN106713246B (en) | 2015-11-17 | 2015-11-17 | A kind of detection method, device and mobile terminal that the application program page is kidnapped |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510790695.2A CN106713246B (en) | 2015-11-17 | 2015-11-17 | A kind of detection method, device and mobile terminal that the application program page is kidnapped |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106713246A true CN106713246A (en) | 2017-05-24 |
| CN106713246B CN106713246B (en) | 2019-08-13 |
Family
ID=58933326
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510790695.2A Active CN106713246B (en) | 2015-11-17 | 2015-11-17 | A kind of detection method, device and mobile terminal that the application program page is kidnapped |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106713246B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107992745A (en) * | 2017-11-29 | 2018-05-04 | 暨南大学 | Kidnap countermeasure in a kind of interface based on Android platform |
| CN108108618A (en) * | 2017-12-28 | 2018-06-01 | 中国信息通信研究院 | The application interface detection method and device of forgery attack |
| CN108234469A (en) * | 2017-12-28 | 2018-06-29 | 江苏通付盾信息安全技术有限公司 | Mobile terminal application safety protecting method, apparatus and system |
| CN109543407A (en) * | 2018-10-19 | 2019-03-29 | 北京奇虎科技有限公司 | A kind of hold-up interception method and device that Activity is kidnapped |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082792A (en) * | 2010-12-31 | 2011-06-01 | 成都市华为赛门铁克科技有限公司 | Phishing webpage detection method and device |
| CN102737183A (en) * | 2012-06-12 | 2012-10-17 | 腾讯科技(深圳)有限公司 | Method and device for webpage safety access |
| CN103780659A (en) * | 2012-10-25 | 2014-05-07 | 中国电信股份有限公司 | Method for processing webpage address inputted by mobile subscriber and wireless application protocol gateway |
-
2015
- 2015-11-17 CN CN201510790695.2A patent/CN106713246B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082792A (en) * | 2010-12-31 | 2011-06-01 | 成都市华为赛门铁克科技有限公司 | Phishing webpage detection method and device |
| CN102737183A (en) * | 2012-06-12 | 2012-10-17 | 腾讯科技(深圳)有限公司 | Method and device for webpage safety access |
| CN103780659A (en) * | 2012-10-25 | 2014-05-07 | 中国电信股份有限公司 | Method for processing webpage address inputted by mobile subscriber and wireless application protocol gateway |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107992745A (en) * | 2017-11-29 | 2018-05-04 | 暨南大学 | Kidnap countermeasure in a kind of interface based on Android platform |
| CN108108618A (en) * | 2017-12-28 | 2018-06-01 | 中国信息通信研究院 | The application interface detection method and device of forgery attack |
| CN108234469A (en) * | 2017-12-28 | 2018-06-29 | 江苏通付盾信息安全技术有限公司 | Mobile terminal application safety protecting method, apparatus and system |
| CN108108618B (en) * | 2017-12-28 | 2021-05-25 | 中国信息通信研究院 | Application interface detection method and device for counterfeiting attack |
| CN109543407A (en) * | 2018-10-19 | 2019-03-29 | 北京奇虎科技有限公司 | A kind of hold-up interception method and device that Activity is kidnapped |
| CN109543407B (en) * | 2018-10-19 | 2024-04-05 | 三六零科技集团有限公司 | Activity hijacking interception method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106713246B (en) | 2019-08-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3165019B1 (en) | Method and apparatus of notifying of smishing | |
| CN103886025B (en) | The display methods and device of picture in webpage | |
| CN104966053A (en) | Face recognition method and recognition system | |
| CN106713246A (en) | Method and apparatus for detecting application program page hijacking, and mobile terminal | |
| CN111866270B (en) | Application program control method and device and electronic equipment | |
| US9124623B1 (en) | Systems and methods for detecting scam campaigns | |
| CN102981902A (en) | Intelligent mobile terminal and screen protection method based on same | |
| CN104572650A (en) | Method and device for realizing browser intelligent reading and terminal comprising device | |
| WO2014131306A1 (en) | Method and system for detecting network link | |
| CN104751086A (en) | Terminal anti-theft method | |
| EP3176719A1 (en) | Methods and devices for acquiring certification document | |
| CN105975554B (en) | Big data searching method and device based on mobile terminal | |
| CN102521569A (en) | Method and system for identifying identity card by using smart phone and mobile phone | |
| CN105391860A (en) | Method and apparatus for processing communication request | |
| CN106789973B (en) | Page security detection method and terminal equipment | |
| CN105376636B (en) | Fill in method, householder method, smart television and the intelligent mobile terminal of identifying code | |
| CN116707965A (en) | Threat detection method and device, storage medium and electronic equipment | |
| CN107992745A (en) | Kidnap countermeasure in a kind of interface based on Android platform | |
| WO2019217462A1 (en) | System and method for detecting a malicious file using image analysis prior to execution of the file | |
| CN103475673A (en) | Phishing website recognizing method and device and client side | |
| CN106709337A (en) | Malicious bundled software processing method and apparatus | |
| CN112307464A (en) | Fraud identification method and device and electronic equipment | |
| CN105847012A (en) | Method for inputting verification information | |
| CN111859356B (en) | Application program login method and device | |
| CN104751087A (en) | Terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |