CN111898126B - Android repackaging application detection method based on dynamically acquired user interface - Google Patents
Android repackaging application detection method based on dynamically acquired user interface Download PDFInfo
- Publication number
- CN111898126B CN111898126B CN202010516031.8A CN202010516031A CN111898126B CN 111898126 B CN111898126 B CN 111898126B CN 202010516031 A CN202010516031 A CN 202010516031A CN 111898126 B CN111898126 B CN 111898126B
- Authority
- CN
- China
- Prior art keywords
- layout
- application
- interface
- similarity
- android
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3664—Environments for testing or debugging software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
Abstract
The invention discloses an Android repackaging application detection method based on a dynamically acquired user interface, which comprises the steps of firstly, automatically traversing all visual interfaces of an application to be detected in a depth mode by using ADB and uiautomator2 to obtain a layout file corresponding to each interface; and abstracting the layout file into a layout tree represented by a tree structure, filtering out control attributes without any information gain, and only keeping key attributes representing the state and the function of the control attributes, so that each android application can be represented as a layout tree set. And then, calculating the similarity between the two layout trees by using a tree structure similarity comparison algorithm DTW-ACS based on the multidimensional sequence, and further calculating the similarity between the layout tree sets by using a Hungarian algorithm, namely the similarity between the two Android applications. And finally, judging whether the application pair is a repackaging application pair or not through threshold comparison. The method has good accuracy, noise immunity, code confusion resistance and code encryption resistance in the aspect of detection of Android repackaging application.
Description
Technical Field
The invention belongs to the field of trusted software and malicious software detection, and particularly relates to an Android repackaging application detection method based on a dynamically acquired user interface.
Background
Android is used as an operating system platform, and an attacker repacks Android applications and publishes the Android applications to the market in order to obtain illegal benefits, which brings huge threats to an Android system and users. In the past, most research has focused on code similarity detection, which involves billions of opcodes and thus consumes a significant amount of time, and repackaging applications can avoid detection by obfuscating or encrypting the code.
The repackaging detection method based on User Interface (UI) characteristics has the performance of resisting code confusion and code encryption. However, although the detection algorithm for obtaining the layout characteristics based on the static method is high in detection speed, sufficient effective information cannot be obtained, and meanwhile, the detection algorithm is susceptible to the influence of noise files and low in detection accuracy.
Some methods based on dynamically acquiring UI features are noise resistant, however how to acquire more user interfaces while more efficiently abstracting layout features becomes a difficulty that needs to be addressed at present.
Besides the above described repacking detection method, some researchers have also proposed an android repacking active defense technology based on information asymmetry, which may cause an application program to be repacked to operate abnormally, resulting in a repacking failure. However, according to the method, the bottom android system needs to be modified, and meanwhile, the plug-in needs to be installed by the user, so that the technical difficulty is high, and the user experience is poor.
Disclosure of Invention
The invention aims to: the invention aims to solve the defects in the prior art and provides an Android repackaging application detection method based on a dynamically acquired user interface. The method comprises the steps that an interface in the Android application comprises a layout structure and content which is filled in the layout structure and is pushed by a server side, the content which is pushed by the server side is changed in the interface, and the layout structure cannot be changed, so that the layout of all visual interfaces in the Android application running process is extracted in a dynamic mode to serve as the characteristics of the Android application. Generally, an Android application comprises a plurality of visual interfaces, each interface corresponds to an xml layout file and comprises a plurality of controls; to facilitate comparison between layout files, the present invention abstracts the layout files of the interface into a layout tree. Through the method, the layout tree set consisting of the layout trees can be obtained to uniquely identify one Android application, so that the similarity between the Android applications is converted into the problem of similarity calculation between the layout tree sets, the similarity between the two layout tree sets is calculated, the similarity between each layout tree of the layout tree sets is calculated by adopting DTW-ACS, and further the similarity of the layout tree sets is solved by adopting Hungarian algorithm.
The technical scheme is as follows: the invention discloses an Android repackaging application detection method based on a dynamically acquired user interface, which comprises the following steps of:
(1) Obtaining layout files corresponding to all visual interfaces of each application
Performing automatic depth traversal on the interface of the application to be detected by using ADB and uiautomator2 to obtain a layout file corresponding to a visual interface, and filtering a repeated interface and a noise interface;
(2) Abstracting each layout file into a layout tree
Abstracting the layout file into a tree structure, so that the layout file can represent the layout hierarchical structure of the layout file to the maximum extent, meanwhile, filtering out control attributes without any information gain, and only keeping key attributes representing the state and the function of the control attributes to obtain a feature set consisting of a layout tree;
(3) Calculating similarity between Android applications
Calculating the similarity between two layout trees by using a tree structure similarity comparison algorithm (DTW-ACS) based on a multi-dimensional sequence, converting the similarity calculation between the layout tree sets into the maximum matching problem of bipartite graphs, calculating the similarity between the layout tree sets by using a Hungarian algorithm, wherein the obtained similarity is the similarity between different Android applications;
(4) Repackaging application determination
Through experimental analysis, a threshold value of the similarity (for example, the optimal threshold value is 0.76) is determined, and the application pair larger than the threshold value is determined as a repackaged application pair.
Further, the specific method for acquiring the layout files corresponding to all the visual interfaces of each application in step (1) includes:
(1.1) installing an application; after the PC terminal is connected with the Android device, installing the application to be detected through the ADB, and then starting the application to enter an initial interface, namely a home page of the application to be detected;
(1.2) a capture interface; dumping an XML layout file corresponding to the current interface through the uiautomator2, extracting coordinates of all interactive controls, constructing a coordinate set, and recording the position of a first non-traversed coordinate element in the set;
(1.3) element checking; judging whether the current coordinate set has elements which are not traversed, if yes, executing the step (1.5); if not, executing the step (1.4);
(1.4) determining a home page; judging whether the current interface is an initial interface or not, if so, executing the step (1.7); if not, returning to the upper level interface and continuing to execute the step (1.3);
(1.5) deeply traversing the interface; traversing elements in a coordinate set corresponding to the current interface from the marking position, clicking the corresponding control coordinate to jump to a next-level page, and adding 1 to the marking position;
(1.6) judging the weight of the interface; judging whether the interface after the jump is traversed or not, if so, returning to the previous level interface, and executing the step (1.3); if not, returning to the step (1.2);
(1.7) uninstalling the application; exit the application and uninstall the application using the ADB.
Further, in the step (3), each application to be detected is represented by a feature set composed of a plurality of layout trees, and the similarity between different applications corresponds to the similarity between the respective layout tree sets.
The calculation formula of the similarity SimT between the two layout trees S and T is as follows:
the DADis is the distance between two trees obtained through DTW-ACS, | S |, | T | is the length of the multidimensional sequence set corresponding to the two layout trees S and T respectively, and max (| S |, | T |) is the length of the larger multidimensional sequence set;
then the layout tree set S A And S B The similarity between the two Android applications is as follows:
wherein S A ∩S B For the maximum number of matches, | S, of the two sets found by the Hungarian algorithm A |,|S B And | is the length of the two sets, respectively.
Has the advantages that: according to the method, the layout file corresponding to the user visual interface in the running process is extracted as the detection characteristic through dynamic execution of the Android application, the method has better anti-noise performance compared with a method for statically acquiring the layout characteristic, meanwhile, the structure of the characteristic fingerprint is completely independent of an analysis code, and the method has good code encryption resistance and code confusion resistance.
Drawings
FIG. 1 is a frame diagram of the present invention;
FIG. 2 is a schematic flow chart of an automatic deep traversal interface according to the present invention;
FIG. 3 is a DTW-ACS pseudo-code flow of the present invention;
FIG. 4 is a flow chart of the Hungarian algorithm used by the present invention;
FIG. 5 is a partial layout file extracted from an android application in an embodiment;
FIG. 6 is a diagram of an interface and its corresponding layout tree in the "Do Credit card" application in an embodiment;
FIG. 7 is a diagram of an interface and its corresponding layout tree in the "Credit card transacting" application in an embodiment;
FIG. 8 is another interface and its corresponding layout tree in the "Do Credit card" application of an embodiment;
FIG. 9 is another interface and its corresponding layout tree in the "Credit card transacting" application in an embodiment.
Detailed Description
The technical solution of the present invention is described in detail below, but the scope of the present invention is not limited to the embodiments.
As shown in fig. 1, according to the Android repackaging application detection method based on the dynamically obtained user interface, the layout of the application interface is abstracted into a layout tree capable of representing the content and the spatial hierarchy of the application interface, and the key attributes of the layout control are retained through a filter; then, a Tree similarity comparison method based on a multi-dimensional sequence is used for similarity comparison of the layout trees, and sequence dimensions and space dimensions are comprehensively considered, so that the method is more effective than the prior art such as a Tree-Edit algorithm, a path set algorithm, a sequence traversal sequence and the like. The method can be used for traversing to the application interface as much as possible by a user interface depth automatic traversal method based on the interactive control.
The specific process of the invention is as follows:
step one, capturing the operation interfaces as much as possible in the android application. In the embodiment, a visual interface in the Android application running process is captured by using a user interface depth traversal method based on an interaction control, and a specific implementation flow is shown in fig. 2. The detailed steps are as follows:
a) And (5) installing the application. After the PC terminal is connected with the Android device, the application is installed through the ADB, and then the application is started to enter an initial interface, namely a home page of the application;
b) The interface is captured. Dumping an XML layout file corresponding to the current interface through the uiautomator2, extracting coordinates of all interactive controls, constructing a coordinate set, and recording the position of a first non-traversed coordinate element in the set;
c) And (5) element checking. Judging whether the current coordinate set has non-traversed elements or not, and if so, executing the step e); if not, executing step d);
d) And (5) judging a home page. Judging whether the current interface is an initial interface or not, if so, executing the step g); otherwise, returning to the upper level interface and continuing to execute the step c);
e) And (6) deeply traversing the interface. Traversing elements in a coordinate set corresponding to the current interface from the marked position, clicking a corresponding control coordinate to jump to the next level of interface, and adding 1 to the marked position;
f) And judging the weight of the interface. Judging whether the interface after the jump is traversed or not, if so, returning to the previous level interface, and executing the step c); if not, returning to the step b) to continue executing;
g) And (5) unloading the application. Exit the application and uninstall the application using the ADB.
In the above process, when performing steps (b) and (f), the noise interface introduced is filtered by:
1) And (3) filtering a system interface: and filtering out a system popup frame interface belonging to Android and a system status display column.
2) Filtering the traversed interface: and judging whether the activity and the layout tree corresponding to the current interface exist in the page set or not.
3) Other application interface filtering: and judging whether the application package name of the current interface is the same as the tested application or not.
4) And (3) WebView control filtering: and only retaining the information of the native control in the WebView control, and simultaneously directly filtering the interface corresponding to the WebViewActivity.
5) And (3) filtering an advertisement interface: the advertisement interface in the common application has the character descriptions of "advertisement", "skip", "close", "skip advertisement", "close advertisement", etc., so that the traversal of the partial page and the extraction of layout content can be skipped according to the characteristics in the application automation execution process.
And step two, calculating the similarity between the two interfaces. The similarity between interfaces is calculated by using a tree structure similarity comparison algorithm (DTW-ACS) based on a multidimensional sequence, wherein the pseudo code of the algorithm is shown in FIG. 3, and the process is as follows:
2.1 generating a layout tree. Each node in the layout file corresponding to the user visual interface has a hierarchical structure and 18 key attributes, which are respectively class, index, text, resource-id, package, content-desc, checkable, checked, clickable, enabled, focusable, focused, scrollable, long-clickable, password, selected, visual-to-user and bound.
A layout tree is extracted from a layout file, and nodes in the layout tree include an element and several attributes. Where the value of the "class" attribute represents a layout view type, such as "Button", "TextView", etc., which is then considered the most important attribute as an element in the tree node.
Regarding the attributes of the elements, in order to reduce the amount of calculation and improve the accuracy of detection, the embodiment filters out the attributes that may introduce noise through a filter, and the specific process of the filter is as follows:
1) The filter 1: the visible-to-user attribute is filtered. The visible-to-user attribute represents whether the layout control is visible to the user, and when the value of the layout control is false, the layout control is marked as a hidden control and is not displayed on a user visual interface. Therefore, the layout control with the attribute of false is directly filtered and is not used as a node of the layout tree.
2) And (3) a filter 2: some properties of the layout control do not provide accurate information for the detection of repackaging. Instead, these attributes can introduce noise in the similarity comparison process of the layout tree, resulting in errors in the repackaging detection. We therefore exclude these attributes, including the "index", "text", "resource-id", "package", "content-desc", "bounds", "password" attributes.
After filtering, only the most critical properties are retained, including the properties representing the view control state: "checked", "enabled", "focused", and "selected", represent attributes of the function: "clickable", "checkable", "focusable", "long-clickable", and "scrollable". The comparison of the nodes of the tree in step 2.2 is considered to be identical nodes when the elements and attributes of both nodes are equal.
2.2 similarity comparison between layout trees. For the comparison of tree similarity, this embodiment uses a tree structure similarity comparison algorithm (DTW-ACS) based on a multidimensional sequence to complete the comparison, and regards the tree structure as a multidimensional data structure having a sequential dimension and a spatial dimension, where the sequential dimension is in the vertical direction and the spatial dimension is in the horizontal direction. While a tree can be abstracted into sequences with common prefixes.
The DTW-ACS algorithm comprises the following specific processes:
then the similarity SimT between the two layout trees S and T is calculated as:
the DADis is the distance between two trees obtained through DTW-ACS, | S |, | T | are the lengths of the multidimensional sequence sets corresponding to the two layout trees S and T respectively, and max (| S |, | T |) is the length of the larger multidimensional sequence set.
And step three, calculating the similarity between different applications. Each application can be represented by a layout tree set comprising a plurality of layout trees, similarity calculation between different applications is converted into a maximum matching problem for solving bipartite graphs, then the solution is carried out by using Hungarian algorithm, a specific flow is shown in FIG. 4, and the similarity of the applications solved by two layout tree sets is as follows:
wherein S A ∩S B For the maximum number of matches, | S, of the two sets found by the Hungarian algorithm A |,|S B And | is the length of the two sets respectively.
The embodiment is as follows:
two financial applications downloaded in the pea pod market: "Do Credit card" and "Credit card transaction" are examples.
The method comprises the following steps: the layout files corresponding to all visual interfaces in the running process of the two applications are captured through an automatic testing tool, and due to the fact that the number of the layout files is large, a part of the layout files are given here as shown in fig. 5.
Step two: calculating similarity between two layout trees
For the layout tree in which the visualization interface is abstracted, two interfaces are taken as an example, as shown in fig. 6 and 7.
An interface and a corresponding layout tree in the application of 'handling credit cards' (the layout file of xml corresponding to the interface is com. You. W. Credit. View. Activity. MainActivity _0_1. Xml);
an interface in the application of 'credit card transaction' and a layout tree corresponding to the interface (the layout file corresponding to the interface is com.
The similarity of the layout trees corresponding to the two interfaces is calculated to be 1.0 through DTW-ACS. As can be seen from the appearance of the interface in the figure, the appearance of the interface of the 'credit card handling' is very similar to that of the 'credit card handling' application interface, only the colors of some layout controls are changed, but the overall layout structure of the interface is not changed, so that the extracted layout tree is also identical. Therefore, the similarity was also calculated to be 1.0 by DTW-ACS.
The similarity between the other two interfaces is calculated as follows. Another interface and its corresponding layout tree in the "card handling" application (the interface corresponding xml layout file is com. You. Credit. View. Activity. Main activity _2_1. Xml), and another interface and its corresponding layout tree in the "card handling" application (the interface corresponding xml layout file is com. You. Credit. View. Activity. Main activity _4_1. Xml).
As shown in fig. 8 and 9, the similarity of the layout trees corresponding to the two interfaces is calculated to be 0.85 by DTW-ACS. As can be seen from the appearance of the interface in the figure, the appearance of the interface of the 'credit card handling' is very similar to that of the 'credit card handling' application interface, only certain layout control positions are changed, but the overall layout structure of the interface is not changed, so that the extracted layout tree is also very similar.
Step three: calculating similarity of a pair of applications
And finally, for the feature sets of the application of 'handling credit cards' and 'transacting credit cards' the similarity obtained by Hungarian algorithm is 0.97, and the similarity is greater than a similarity judgment threshold value of 0.76. The set of applications is therefore a repackaged application pair. It can assist in verifying that the set of applications is a repackaged application from the appearance, layout, and name of the Activity component.
Claims (3)
1. An Android repackaging application detection method based on a dynamically acquired user interface is characterized by comprising the following steps: the method comprises the following steps:
(1) Obtaining layout files corresponding to all visual interfaces of each application
Performing automatic depth traversal on the interface of the application to be detected by using the ADB and the uiautomator2 to obtain a layout file corresponding to a visual interface, and filtering a repeated interface and a noise interface;
(2) Abstracting each layout file into a layout tree
Abstracting the layout file into a tree structure, so that the layout file can represent the layout hierarchical structure of the layout file to the maximum extent, meanwhile, filtering out control attributes without any information gain, and only keeping key attributes representing the state and the function of the control attributes to obtain a feature set consisting of a layout tree;
(3) Calculating similarity between Android applications
Calculating the similarity between two layout trees by using a tree structure similarity comparison algorithm (DTW-ACS) based on a multi-dimensional sequence, converting the similarity calculation between the layout tree sets into the maximum matching problem of bipartite graphs, calculating the similarity between the layout tree sets by using a Hungarian algorithm, wherein the obtained similarity is the similarity between different Android applications;
(4) Repackaging application decisions
And determining a threshold value of the similarity, and judging the application pairs larger than the threshold value as repackaging application pairs.
2. The Android repackaging application detection method based on dynamically obtained user interface of claim 1, characterized in that: the specific method for acquiring the layout files corresponding to all the visual interfaces of each application in the step (1) is as follows:
(1.1) installing an application; after the PC end is connected with the Android equipment, installing the application to be detected through the ADB, and then starting the application to enter an initial interface, namely a home page of the application to be detected;
(1.2) a capture interface; dumping an XML layout file corresponding to the current interface through the uiautomator2, extracting coordinates of all interactive controls, constructing a coordinate set, and recording the position of a first non-traversed coordinate element in the set;
(1.3) element checking; judging whether the current coordinate set has elements which are not traversed, if yes, executing the step (1.5); if not, executing the step (1.4);
(1.4) determining a home page; judging whether the current interface is an initial interface or not, if so, executing the step (1.7); if not, returning to the upper level interface and continuing to execute the step (1.3);
(1.5) deeply traversing the interface; traversing elements in a coordinate set corresponding to the current interface from the marked position, clicking a corresponding control coordinate to jump to a next level page, and adding 1 to the marked position;
(1.6) judging the weight of the interface; judging whether the interface after the jump is traversed or not, if so, returning to the previous level interface, and executing the step (1.3); if not, returning to the step (1.2);
(1.7) offloading the application; exit the application and uninstall the application using the ADB.
3. The Android repackaging application detection method based on dynamically obtained user interface of claim 1, characterized in that: in the step (3), each application to be detected is represented by a layout tree feature set formed by a plurality of layout trees, the similarity between different applications corresponds to the similarity between the respective layout trees,
the calculation formula of the similarity SimT between the S and T of different layout trees is as follows:
then the layout tree set S A And S B The similarity between the two Android applications is as follows:
wherein S A ∩S B For the maximum number of matches, | S, of the two sets found by the Hungarian algorithm A |,|S B And | is the length of the two sets, respectively.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010516031.8A CN111898126B (en) | 2020-06-09 | 2020-06-09 | Android repackaging application detection method based on dynamically acquired user interface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010516031.8A CN111898126B (en) | 2020-06-09 | 2020-06-09 | Android repackaging application detection method based on dynamically acquired user interface |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111898126A CN111898126A (en) | 2020-11-06 |
| CN111898126B true CN111898126B (en) | 2022-11-08 |
Family
ID=73206656
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010516031.8A Active CN111898126B (en) | 2020-06-09 | 2020-06-09 | Android repackaging application detection method based on dynamically acquired user interface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111898126B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112487437B (en) * | 2020-11-17 | 2023-04-18 | 北京航空航天大学 | Android counterfeit application detection method and device based on user interface characteristics |
| CN112799955B (en) * | 2021-02-08 | 2023-09-26 | 腾讯科技(深圳)有限公司 | Method and device for detecting model change, storage medium and electronic equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107169323B (en) * | 2017-05-11 | 2020-09-15 | 南京大学 | Android application repacking detection method based on layout cluster map |
| CN109933976B (en) * | 2017-12-15 | 2023-05-09 | 深圳Tcl工业研究院有限公司 | Android application similarity detection method, mobile terminal and storage device |
| CN109815699B (en) * | 2018-12-24 | 2023-06-20 | 南京大学 | Android software repackaging detection method based on interface icon features |
-
2020
- 2020-06-09 CN CN202010516031.8A patent/CN111898126B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111898126A (en) | 2020-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yakura et al. | Malware analysis of imaged binary samples by convolutional neural network with attention mechanism | |
| JP6860070B2 (en) | Analytical equipment, log analysis method and analysis program | |
| CN109918892B (en) | Verification code generation method and device, storage medium and computer equipment | |
| CN109753800A (en) | Merge the Android malicious application detection method and system of frequent item set and random forests algorithm | |
| CN111639337B (en) | Unknown malicious code detection method and system for massive Windows software | |
| CN105205397B (en) | Rogue program sample sorting technique and device | |
| CA2957674C (en) | Testing insecure computing environments using random data sets generated from characterizations of real data sets | |
| JP7115552B2 (en) | Analysis function imparting device, analysis function imparting method and analysis function imparting program | |
| Liang et al. | A behavior-based malware variant classification technique | |
| Yang et al. | Detecting android malware by applying classification techniques on images patterns | |
| CN108985064B (en) | Method and device for identifying malicious document | |
| CN106096411A (en) | A kind of Android malicious code family classification method based on bytecode image clustering | |
| CN108734012A (en) | Malware recognition methods, device and electronic equipment | |
| RU91213U1 (en) | SYSTEM OF AUTOMATIC COMPOSITION OF DESCRIPTION AND CLUSTERING OF VARIOUS, INCLUDING AND MALIMENTAL OBJECTS | |
| CN111898126B (en) | Android repackaging application detection method based on dynamically acquired user interface | |
| CN105184160A (en) | API object calling relation graph based method for detecting malicious behavior of application program in Android mobile phone platform | |
| CN115033894B (en) | Software component supply chain safety detection method and device based on knowledge graph | |
| CN115658080A (en) | Method and system for identifying open source code components of software | |
| CN114844689A (en) | Website logic vulnerability detection method and system based on finite-state machine | |
| Chew et al. | ESCAPADE: Encryption-type-ransomware: System call based pattern detection | |
| CN109670311A (en) | Malicious code analysis and detection method based on high-level semantics | |
| CN112817877A (en) | Abnormal script detection method and device, computer equipment and storage medium | |
| CN111291377A (en) | Application vulnerability detection method and system | |
| Cheers et al. | A novel approach for detecting logic similarity in plagiarised source code | |
| Vahedi et al. | Cloud based malware detection through behavioral entropy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |