CN112016606A - Detection method, device and equipment for application program APP and storage medium - Google Patents
Detection method, device and equipment for application program APP and storage medium Download PDFInfo
- Publication number
- CN112016606A CN112016606A CN202010844945.7A CN202010844945A CN112016606A CN 112016606 A CN112016606 A CN 112016606A CN 202010844945 A CN202010844945 A CN 202010844945A CN 112016606 A CN112016606 A CN 112016606A
- Authority
- CN
- China
- Prior art keywords
- detected
- app
- image
- certificate
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 38
- 238000000034 method Methods 0.000 claims abstract description 44
- 238000004364 calculation method Methods 0.000 claims abstract description 24
- 238000009434 installation Methods 0.000 claims description 52
- 230000008569 process Effects 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 6
- 238000004422 calculation algorithm Methods 0.000 description 16
- 238000013507 mapping Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 239000011159 matrix material Substances 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Multimedia (AREA)
- Life Sciences & Earth Sciences (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method, a device, equipment and a storage medium for detecting an application program APP, wherein the method comprises the following steps: acquiring an image to be detected of an APP to be detected and information of a certificate to be detected matched with the APP to be detected; calculating the image similarity between the image to be detected and each original image in the original image database; determining a target positive version APP according to the calculation result of the image similarity; and determining the application type of the APP to be detected according to the comparison result of the certificate information to be detected and the legal certificate information of the target legal APP. The technical scheme of the embodiment of the invention can solve the limitation of the existing APP detection method and improve the accuracy and reliability of the APP detection method.
Description
Technical Field
The embodiment of the invention relates to information and network security technologies, in particular to a method, a device, equipment and a storage medium for detecting an application program APP.
Background
With the rapid development of the internet industry, the number of events for illegal people to use the internet to make a crime is increasing, and the perfection of information and network security technology is very important.
In recent years, cases of fraud with counterfeit Applications (APPs) in the internet have become very common. The existing crime modes generally comprise two modes, wherein the first mode is to obtain an installation package file of a legal APP, and reversely modify the obtained installation package file to obtain a counterfeit APP; the second method is to extract the picture file in the genuine installation package file and the configuration file of the placement position of each module in a User Interface (UI), reset the signature of the installation package file, and change the certificate information of the installation package file to obtain the counterfeited APP. The signature of the counterfeit installation package file obtained in the first mode is consistent with the signature of the legal installation package file, but the certificate information in the installation package file is changed; compared with the genuine installation package file, the signature and the certificate information of the counterfeit installation package file obtained in the second mode are changed.
The existing method for detecting the APP generally compares the signature and the certificate information of the installation package file corresponding to the APP to be detected with the signature and the certificate information of the installation package file corresponding to the legal APP. And if the signature corresponding to the APP to be detected is consistent with the signature corresponding to the legal version APP, but the certificate information is inconsistent, taking the APP to be detected as a counterfeit APP. However, there is a hole in this detection method: if treat that the APP is counterfeit APP, but treat that the signature that the APP corresponds is inconsistent with the signature that the positive version APP corresponds to, certificate information is inconsistent, then current detection method will be unable to judge treat whether treat that the APP is counterfeit APP.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, a device, and a storage medium for detecting an APP of an application program, which can solve the limitations of the existing method for detecting an APP and improve the accuracy and reliability of the method for detecting an APP.
In a first aspect, an embodiment of the present invention provides a method for detecting an APP, where the method includes:
acquiring an image to be detected of an APP to be detected and information of a certificate to be detected matched with the APP to be detected;
calculating the image similarity between the image to be detected and each original image in the original image database;
determining a target positive version APP according to the calculation result of the image similarity;
and determining the application type of the APP to be detected according to the comparison result of the certificate information to be detected and the legal certificate information of the target legal APP.
In a second aspect, an embodiment of the present invention further provides an apparatus for detecting an application APP, where the apparatus includes:
the information acquisition module is used for acquiring an image to be detected of the APP to be detected and information of the certificate to be detected matched with the APP to be detected;
the image similarity calculation module is used for calculating the image similarity between the image to be detected and each original image in the original image database;
the target positive version APP determining module is used for determining a target positive version APP according to the calculation result of the image similarity;
and the application type determining module is used for determining the application type of the APP to be detected according to the comparison result of the certificate information to be detected and the certificate information of the target copyright APP.
In a third aspect, an embodiment of the present invention further provides a computer device, where the computer device includes:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement a detection method for an application APP provided by any embodiment of the invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the computer program implements a method for detecting an APP according to any embodiment of the present invention.
According to the technical scheme, the image similarity between the image to be detected of the APP to be detected and the information of the certificate to be detected matched with the APP to be detected is calculated, the target positive version APP is determined according to the calculation result of the image similarity, the application type of the APP to be detected is determined according to the comparison result of the information of the certificate to be detected and the positive version certificate information of the target positive version APP, the similarity between the image to be detected and the positive version image and the comparison result of the certificate information are combined, the application type of the APP to be detected is determined, the limitation of the existing APP detection method can be solved, and the accuracy and the reliability of the APP detection method are improved.
Drawings
Fig. 1 is a flowchart of a detection method for an application APP according to a first embodiment of the present invention;
fig. 2 is a flowchart of a detection method for an application APP according to a second embodiment of the present invention;
fig. 3 is a structural diagram of a detection apparatus for an application APP in a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device in the fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a method for detecting an APP of an application according to an embodiment of the present invention, where this embodiment is applicable to a case of identifying whether the APP belongs to a counterfeit APP, and the method may be executed by a detection apparatus for the APP of the application, where the apparatus may be implemented by software and/or hardware, and may be generally integrated in a computer device, and specifically includes the following steps:
and step 110, acquiring an image to be detected of the APP to be detected and information of the certificate to be detected matched with the APP to be detected.
And the image to be detected is a software interface image in the running process of the APP to be detected. The certificate information to be detected can be related certificate information of the APP to be detected. In this step, optionally, the APP to be detected may be installed in a mobile terminal (e.g., a mobile phone, a tablet computer, etc.), the APP to be detected is operated in a manual mode, and a response interface of the APP to be detected under different operations is subjected to screenshot or photographing to obtain at least one image to be detected.
In an implementation manner of the embodiment of the present invention, acquiring information of a certificate to be detected, which is matched with an APP to be detected, may include: acquiring an installation package file matched with the APP to be detected; and extracting the information of the certificate to be detected from the installation package file.
If the APP to be detected is applied to the Android system, an Android Application Package (APK) corresponding to the APP to be detected is obtained, and the obtained APK file is used as an installation package file matched with the APP to be detected; if the APP to be detected is applied to the iOS (iPhone Operation System), an apple Application package (IPA) corresponding to the APP to be detected is obtained, and the obtained IPA file is used as an installation package file matched with the APP to be detected. The embodiment of the invention does not limit the type of the application system of the APP to be detected and the format of the installation package file. The certificate information to be detected may include, but is not limited to: the creating time, the owner, the publisher, the validity period starting time, the deadline, the certificate fingerprint and the like of the APP to be detected.
In this embodiment, before the image to be detected of the APP to be detected and the certificate information to be detected are obtained, a plurality of original APPs can be obtained at first, and each original APP, a plurality of original images corresponding to each original APP and the mapping relationship between each original APP and each original image corresponding to each original APP are stored in an original image database. The positive image is a software interface image in the running process of the positive APP. When detecting that there is new positive version APP to go online, can also save new positive version APP to and many new positive version images that new positive version APP corresponds in positive version database, in order to update positive version database.
In an embodiment of the present invention, before acquiring an image to be detected of an APP to be detected and information of a certificate to be detected that matches the APP to be detected, the method may further include: acquiring the legal certificate information of each legal image in a legal image database; and establishing a legal certificate database according to the legal certificate information of each legal image.
The positive version image database can be used for storing related images of various types of positive versions APP, such as software interface images and the like. The legal certificate information is also the relevant certificate information of the legal APP corresponding to each legal image.
After a certain original image is acquired in an original image database, the original APP corresponding to the original image can be obtained according to the mapping relation between each original image and each original APP in the original image database, then the installation package file matched with the original APP is acquired, the original certificate information corresponding to the original APP is extracted from the installation package file, and the original APP, the original certificate information corresponding to the original APP and the mapping relation between the original APP and the corresponding original certificate information are stored in an original certificate database. By analogy, the legal certificate database can be constructed by the legal certificate information of the legal APP corresponding to each legal image and the legal APP.
It should be noted that, when it is detected that the original image database is updated, the new original APP added to the original image database and the corresponding new original certificate information are stored in the original certificate database, so as to update the original certificate database.
And 120, calculating the image similarity between the image to be detected and each original image in the original image database.
In this step, optionally, the image SIMilarity between the image to be detected and each original image in the original image database may be determined by calculating a Structural SIMilarity metric (SSIM) between the image to be detected and each original image in the original image database. The larger the SSIM value between the image to be detected and the original image is, the higher the image similarity between the image to be detected and the original image is. Alternatively, the image similarity may also be calculated by using a method such as a gray histogram or a neural network, and the embodiment of the present invention does not limit the calculation method of the image similarity.
And step 130, determining a target positive version APP according to the calculation result of the image similarity.
In this embodiment, optionally, after calculating the SSIM value between the image to be detected and each of the original images through step 120, the corresponding original image when the SSIM value is greater than the preset measurement value is taken as the target image. And obtaining a target original APP corresponding to the target image according to the mapping relation between the original images and the original APPs in the original image database. The number of the target images can be multiple, and the number of the target positive APPs corresponding to the target images can also be multiple.
And 140, determining the application type of the APP to be detected according to the comparison result of the certificate information to be detected and the legal certificate information of the target legal APP.
In this step, optionally, the legal certificate information corresponding to the target legal APP is obtained according to the mapping relationship between each legal APP and each legal certificate information in the legal certificate database.
In this embodiment, under the condition that it is determined that the certificate information to be detected and the certificate information of the copyright are not consistent, it is determined that the application type of the APP to be detected is a counterfeit APP.
The number of the target positive APPs can be one or more. When the number of the target positive versions APP is one, comparing the information of the certificate to be detected with the positive version certificate information of the target positive versions APP, and if the positive version certificate information of the target positive versions APP is consistent with the information of the certificate to be detected, determining that the application type of the APP to be detected is the positive version APP; otherwise, determining the application type of the APP to be detected as the counterfeit APP.
When the number of the target positive APPs is multiple, comparing the information of the certificate to be detected with the positive certificate information of each target positive APP, and if the positive certificate information of one target positive APP is consistent with the information of the certificate to be detected, determining that the application type of the APP to be detected is the positive APP; otherwise, when the positive certificate information of all the target positive APPs is inconsistent with the certificate information to be detected, determining that the application type of the APP to be detected is the counterfeit APP.
Therefore, the APP detection method provided by the embodiment of the invention does not need to detect the APP by using the signature and the certificate information of the APP, but firstly determines the target legal version APP according to the image similarity graph, and determines whether the APP to be detected is the counterfeit APP by combining the comparison result of the certificate information to be detected and the legal version certificate information of the target legal version APP, so that whether the APP to be detected is the counterfeit APP can be accurately identified, and the method is also suitable for the APP detection scene with different signature and certificate information, thereby improving the accuracy and reliability of APP detection, and reducing the social hazard caused by the counterfeit APP by the fraudulent owner.
According to the technical scheme, the image similarity between the image to be detected of the APP to be detected and the information of the certificate to be detected matched with the APP to be detected is calculated, the target positive version APP is determined according to the calculation result of the image similarity, the application type of the APP to be detected is determined according to the comparison result of the information of the certificate to be detected and the positive version certificate information of the target positive version APP, the similarity between the image to be detected and the positive version image and the comparison result of the certificate information are combined, the application type of the APP to be detected is determined, the limitation of the existing APP detection method can be solved, and the accuracy and the reliability of the APP detection method are improved.
Example two
The embodiment provides an implementation manner for calculating image similarity between an image to be detected and each original image in the original image database on the basis of the first embodiment, and the same or corresponding terms as those in the embodiment are explained, and are not repeated in this embodiment. Fig. 2 is a flowchart of a detection method for an application APP according to a second embodiment of the present invention, in this embodiment, a technical solution of this embodiment may be combined with one or more methods in the solutions of the foregoing embodiments, and in this embodiment, as shown in fig. 2, a method according to an embodiment of the present invention may further include:
In an implementation manner of the embodiment of the present invention, acquiring an image to be detected of an APP to be detected includes: acquiring an installation package file matched with the APP to be detected; starting the installation package file to run through an installation package running program or installation package running equipment; and in the operation process of the installation package file, intercepting at least one software interface image of the APP to be detected as an image to be detected.
The installation package running program may be a program that allows the installation package to run, such as an android simulator. The installation package running device may be a hardware device or the like, such as a smart phone or a tablet computer, which can specifically install and apply the installation package. The obtained installation package file takes the APK file as an example, and the APK file can be started to run through an android simulator matched with the APK file or a corresponding intelligent terminal device of an android system. And in the running process of the APK file, automatically intercepting at least one software interface image of the APP to be detected through an android simulator or intelligent terminal equipment.
From this, through installation package operation program or installation package operation equipment to installation package file start-up operation, need not manual operation and wait to detect APP, can realize waiting to detect the automation of image acquisition process, improve and wait to detect APP's detection efficiency.
In this embodiment, before acquiring the to-be-detected image of the to-be-detected APP and the to-be-detected certificate information matched with the to-be-detected APP, the method may further include: calculating an image hash value of each legal image in a legal image database; and constructing a positive image database according to the image hash value of each positive image.
The image hash value of each original image can be calculated through an average hash algorithm, a perceptual hash algorithm or a differential hash algorithm, and the image hash value corresponding to each original image is stored in an original image database. When the image hash value is stored, the mapping relationship between the image hash value and each original image or the original APP corresponding to the original image can be stored at the same time.
And step 220, calculating the image hash value of the image to be detected.
In this embodiment, optionally, the image hash value of the image to be detected is calculated by using an average hash algorithm, and the specific calculation process is as follows:
s221, scaling the size of the image to be detected into 8 × 8 to obtain 64 pixel points;
s222, converting the image to be detected into a single-channel gray-scale image by adopting an average value method to obtain an 8 x 8 integer matrix;
specifically, according to the RGB values of the pixels, the Gray value Gray after the conversion of the pixels is obtained, R represents the red component corresponding to the pixels, G represents the green component corresponding to the pixels, and B represents the blue component corresponding to the pixels, wherein: gray ═ R + G + B)/3.
S223, calculating the average value of the gray values of all the pixel points in the 8 x 8 integer matrix;
s224, traversing the gray value of each pixel point in the 8-by-8 integer matrix, comparing each gray value with the average value, marking the pixel point as 1 when the gray value of a certain pixel point is greater than or equal to the average value, and marking the pixel point as 0 when the gray value of a certain pixel point is less than the average value to obtain a binary Hash value of the image to be detected;
and S225, converting the binary hash value of the image to be detected into a hexadecimal hash value.
And step 230, traversing and calculating the Hamming distance between the image hash value of the image to be detected and the image hash value of each legal image.
In this step, a hamming distance between the hexadecimal hash value of the image to be detected and the hexadecimal hash value of each original image is optionally calculated.
And 240, determining the target original image according to the numerical relationship between the Hamming distance between the image hash value of the image to be detected and the image hash value of each original image and a preset threshold value.
In the step, the Hamming distance between the image hash value of the image to be detected and the image hash value of each legal image is compared with a preset threshold value. And if a certain Hamming distance is smaller than a preset threshold value, taking the legal copy image corresponding to the Hamming distance as a target legal copy image.
When the Hamming distance between the image hash value of the image to be detected and the image hash value of a certain legal image is smaller than a preset threshold value, the similarity between the image to be detected and the legal image is high. The preset threshold may be set to 5, and the specific value is preset in practical situations, which is not limited in this embodiment.
And step 250, determining a target positive plate APP according to the target positive plate image.
In the step, a target original APP corresponding to the target original image is obtained according to the mapping relation between the original images and the original APPs in the original image database.
And step 260, determining the application type of the APP to be detected according to the comparison result of the certificate information to be detected and the legal certificate information of the target legal APP.
According to the technical scheme, the image hash value of the image to be detected is calculated by obtaining the image to be detected of the APP to be detected and the information of the certificate to be detected matched with the APP to be detected, the Hamming distance between the image hash value of the image to be detected and the image hash value of each positive image is calculated in a traversing mode, the target positive image is determined according to the numerical relation between the Hamming distance between the image hash value of the image to be detected and the image hash value of each positive image and the preset threshold value, then the target positive APP is determined according to the target positive image, the application type of the APP to be detected is determined according to the comparison result of the information of the certificate to be detected and the positive certificate information of the target positive APP, the limitation of the existing APP detection method can be solved, and the accuracy and the reliability of the APP detection method are improved.
In order to better introduce the technical solutions provided by the embodiments of the present invention, the embodiments of the present invention may refer to the following implementation manners:
step 1: and collecting a large number of installation package files of the legal-version APP, and extracting legal-version certificate information from each legal-version installation package file. A large number of genuine APPs and corresponding genuine certificate information constitute a genuine certificate database.
Wherein, the extracted certificate information mainly comprises: creation time, owner, publisher, expiration start time, expiration time, and certificate fingerprint. The certificate fingerprint includes: message Digest Algorithm value (Message Digest Algorithm, MD5), Secure Hash Algorithm value (Secure Hash Algorithm 1, SHA1), Secure Hash Algorithm value (Secure Hash Algorithm 256, SHA256), signature Algorithm name and version, and the like.
Step 2: and (2) starting and operating a large number of installation package files of the legal APP collected in the step (1) by using a simulator or mobile hardware equipment, intercepting at least one software interface picture in the operation process of each installation package file, and taking the software interface picture as a legal image of the legal APP. Calculating an image hash value of each intercepted original image by using a hash algorithm (such as an average hash algorithm, a perception hash algorithm or a difference hash algorithm) and storing the original image of each original APP and the corresponding image hash value in an original image database.
And step 3: and (3) extracting the information of the certificate to be detected of the APP to be detected by adopting the mode of the step 1.
And 4, step 4: and (3) starting and operating the installation package file of the APP to be detected by adopting the mode of the step (2) by using a simulator or mobile hardware equipment, intercepting at least one software interface picture in the operation process of the installation package file of the APP to be detected, and taking the software interface picture as an image to be detected of the APP to be detected. And (3) calculating an image hash value of the intercepted image to be detected by adopting the hash algorithm in the step (2), and storing the image to be detected and the corresponding image hash value.
And 5: and calculating the image similarity between the image to be detected and each original image in each original image database according to the image hash value of the image to be detected and the image hash value of each original image. And if the similarity between the image to be detected and a certain original image is higher, but the corresponding certificate information is inconsistent, determining the APP to be detected as the counterfeit APP.
The method provided by the embodiment of the invention can solve the limitation of the existing APP detection method and improve the accuracy and reliability of the APP detection method.
EXAMPLE III
Fig. 3 is a structural diagram of an apparatus for detecting an application APP according to a third embodiment of the present invention, where the apparatus includes: the system comprises an information acquisition module 310, an image similarity calculation module 320, a target copyright APP determination module 330 and an application type determination module 340.
The information obtaining module 310 is configured to obtain an image to be detected of an APP to be detected and information of a certificate to be detected matched with the APP to be detected; the image similarity calculation module 320 is used for calculating the image similarity between the image to be detected and each original image in the original image database; a target positive version APP determining module 330, configured to determine a target positive version APP according to a calculation result of the image similarity; and the application type determining module 340 is configured to determine the application type of the APP to be detected according to a comparison result between the certificate information to be detected and the certificate information of the target genuine APP.
According to the technical scheme, the image similarity between the image to be detected of the APP to be detected and the information of the certificate to be detected matched with the APP to be detected is calculated, the target positive version APP is determined according to the calculation result of the image similarity, the application type of the APP to be detected is determined according to the comparison result of the information of the certificate to be detected and the positive version certificate information of the target positive version APP, the similarity between the image to be detected and the positive version image and the comparison result of the certificate information are combined, the application type of the APP to be detected is determined, the limitation of the existing APP detection method can be solved, and the accuracy and the reliability of the APP detection method are improved.
On the basis of the foregoing embodiments, the detection apparatus for the application APP further includes:
the first hash value calculation module is used for calculating the image hash value of each original image in the original image database;
the positive layout database construction module is used for constructing a positive layout database according to the image hash value of each positive image;
the system comprises a positive certificate information acquisition module, a positive certificate information acquisition module and a positive certificate information acquisition module, wherein the positive certificate information acquisition module is used for acquiring the positive certificate information of each positive image in a positive image database;
and the legal certificate database construction unit is used for constructing a legal certificate database according to the legal certificate information of each legal image.
On the basis of the foregoing embodiments, the information obtaining module 310 may include:
the installation package file acquisition unit is used for acquiring the installation package file matched with the APP to be detected;
the operation unit is used for starting the operation of the installation package file through an installation package operation program or installation package operation equipment;
the intercepting unit is used for intercepting at least one software interface image of the APP to be detected as the image to be detected in the operation process of the installation package file;
and the extraction unit is used for extracting the certificate information to be detected from the installation package file.
The image similarity calculation module 320 may include:
the second hash value calculation unit is used for calculating the image hash value of the image to be detected;
and the Hamming distance calculation unit is used for traversing and calculating the Hamming distance between the image hash value of the image to be detected and the image hash value of each legal image.
The target copyright APP determination module 330 may include:
the target original image determining unit is used for determining a target original image according to the numerical relationship between the Hamming distance between the image hash value of the image to be detected and the image hash value of each original image and a preset threshold value;
and the target positive plate APP determining unit is used for determining a target positive plate APP according to the target positive plate image.
The application type determining module 340 may include:
and the counterfeit APP determining unit is used for determining that the application type of the APP to be detected is the counterfeit APP under the condition that the certificate information to be detected is determined not to be consistent with the certificate information of the original edition.
The detection device for the application program APP provided by the embodiment of the invention can execute the detection method for the application program APP provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
Example four
Fig. 4 is a schematic structural diagram of a computer apparatus according to a fourth embodiment of the present invention, as shown in fig. 4, the computer apparatus includes a processor 410, a memory 420, an input device 430, and an output device 440; the number of the processors 410 in the computer device may be one or more, and one processor 410 is taken as an example in fig. 4; the processor 410, the memory 420, the input device 430 and the output device 440 in the computer apparatus may be connected by a bus or other means, and the connection by the bus is exemplified in fig. 4.
The memory 420 serves as a computer-readable storage medium, and may be used to store software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to a detection method of an application APP in the embodiment of the present invention (for example, the information obtaining module 310, the image similarity calculation module 320, the target revision APP determination module 330, and the application type determination module 340 in a detection apparatus of an application APP). The processor 410 executes various functional applications and data processing of the computer device by executing software programs, instructions and modules stored in the memory 420, namely, the detection method of the application program APP is realized. That is, the program when executed by the processor implements:
acquiring an image to be detected of an APP to be detected and information of a certificate to be detected matched with the APP to be detected;
calculating the image similarity between the image to be detected and each original image in the original image database;
determining a target positive version APP according to the calculation result of the image similarity;
and determining the application type of the APP to be detected according to the comparison result of the certificate information to be detected and the legal certificate information of the target legal APP.
The memory 420 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 420 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, memory 420 may further include memory located remotely from processor 410, which may be connected to a computer device through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 430 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the computer apparatus, and may include a keyboard and a mouse, etc. The output device 440 may include a display device such as a display screen.
EXAMPLE five
Fifth, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method according to any embodiment of the present invention. Of course, the computer-readable storage medium provided in the embodiments of the present invention may perform related operations in the detection method for the APP according to any embodiment of the present invention. That is, the program when executed by the processor implements:
acquiring an image to be detected of an APP to be detected and information of a certificate to be detected matched with the APP to be detected;
calculating the image similarity between the image to be detected and each original image in the original image database;
determining a target positive version APP according to the calculation result of the image similarity;
and determining the application type of the APP to be detected according to the comparison result of the certificate information to be detected and the legal certificate information of the target legal APP.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the detection apparatus for an application APP, each unit and each module included in the detection apparatus are only divided according to functional logic, but are not limited to the above division as long as the corresponding function can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (11)
1. A detection method for an application program APP is characterized by comprising the following steps:
acquiring an image to be detected of an APP to be detected and information of a certificate to be detected matched with the APP to be detected;
calculating the image similarity between the image to be detected and each original image in the original image database;
determining a target positive version APP according to the calculation result of the image similarity;
and determining the application type of the APP to be detected according to the comparison result of the certificate information to be detected and the legal certificate information of the target legal APP.
2. The method according to claim 1, wherein before the obtaining of the image to be detected of the APP to be detected and the information of the certificate to be detected matched with the APP to be detected, the method further comprises:
calculating an image hash value of each positive image in the positive image database;
and constructing a positive image database according to the image hash value of each positive image.
3. The method according to claim 1, wherein before the obtaining of the image to be detected of the APP to be detected and the information of the certificate to be detected matched with the APP to be detected, the method further comprises:
acquiring the original certificate information of each original image in the original image database;
and constructing a legal certificate database according to the legal certificate information of each legal image.
4. The method according to claim 1, wherein the obtaining of the image to be detected of the APP to be detected comprises:
acquiring an installation package file matched with the APP to be detected;
starting the installation package file to run through an installation package running program or installation package running equipment;
and in the operation process of the installation package file, intercepting at least one software interface image of the APP to be detected as the image to be detected.
5. The method according to claim 1, wherein the obtaining of the certificate information to be detected matched with the APP to be detected includes:
acquiring an installation package file matched with the APP to be detected;
and extracting the information of the certificate to be detected from the installation package file.
6. The method according to claim 1, wherein the calculating of the image similarity between the image to be detected and each of the original images in the original image database comprises:
calculating an image hash value of the image to be detected;
and traversing and calculating the Hamming distance between the image hash value of the image to be detected and the image hash value of each legal image.
7. The method according to claim 1, wherein the determining a target positive version APP according to the calculation result of the image similarity comprises:
determining a target original image according to the numerical relationship between the Hamming distance between the image hash value of the image to be detected and the image hash value of each original image and a preset threshold value;
and determining the target positive plate APP according to the target positive plate image.
8. The method according to claim 1, wherein the determining the application type of the APP to be detected according to the comparison result between the certificate information to be detected and the certificate information of the target legal version APP includes:
and under the condition that the information of the certificate to be detected is not consistent with the information of the certificate of the legal version, determining that the application type of the APP to be detected is a counterfeit APP.
9. An apparatus for detecting an application APP, comprising:
the information acquisition module is used for acquiring an image to be detected of the APP to be detected and information of the certificate to be detected matched with the APP to be detected;
the image similarity calculation module is used for calculating the image similarity between the image to be detected and each original image in the original image database;
the target positive version APP determining module is used for determining a target positive version APP according to the calculation result of the image similarity;
and the application type determining module is used for determining the application type of the APP to be detected according to the comparison result of the certificate information to be detected and the certificate information of the target copyright APP.
10. A computer device, comprising:
one or more processors;
storage means for storing one or more programs;
the detection method of an application APP as claimed in any one of claims 1 to 8 when executed by the one or more programs such that the one or more processors execute the programs.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method for detection of an application APP as claimed in any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010844945.7A CN112016606A (en) | 2020-08-20 | 2020-08-20 | Detection method, device and equipment for application program APP and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010844945.7A CN112016606A (en) | 2020-08-20 | 2020-08-20 | Detection method, device and equipment for application program APP and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112016606A true CN112016606A (en) | 2020-12-01 |
Family
ID=73505349
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010844945.7A Pending CN112016606A (en) | 2020-08-20 | 2020-08-20 | Detection method, device and equipment for application program APP and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112016606A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023279890A1 (en) * | 2021-07-06 | 2023-01-12 | 北京锐安科技有限公司 | Image processing method and apparatus, electronic device, and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424402A (en) * | 2013-08-28 | 2015-03-18 | 卓易畅想(北京)科技有限公司 | Method and device for detecting pirated application program |
| CN104572821A (en) * | 2014-12-03 | 2015-04-29 | 深圳市腾讯计算机***有限公司 | Method and device for processing files |
| CN106557695A (en) * | 2015-09-25 | 2017-04-05 | 卓望数码技术(深圳)有限公司 | A kind of malicious application detection method and system |
| CN107038173A (en) * | 2016-02-04 | 2017-08-11 | 腾讯科技(深圳)有限公司 | Application query method and apparatus, similar application detection method and device |
| CN107766726A (en) * | 2016-08-16 | 2018-03-06 | 腾讯科技(深圳)有限公司 | Application security detection method and device |
| CN108154031A (en) * | 2018-01-17 | 2018-06-12 | 腾讯科技(深圳)有限公司 | Recognition methods, device, storage medium and the electronic device of camouflage applications program |
| CN108199830A (en) * | 2017-12-22 | 2018-06-22 | 沈阳通用软件有限公司 | Based on the legal method of the stringent management and control Android application programs of certificate |
| CN108416212A (en) * | 2018-03-01 | 2018-08-17 | 腾讯科技(深圳)有限公司 | Method for identifying application program and device |
| CN109635523A (en) * | 2018-11-29 | 2019-04-16 | 北京奇虎科技有限公司 | Application program detection method, device and computer readable storage medium |
| CN110704104A (en) * | 2019-10-14 | 2020-01-17 | 北京智游网安科技有限公司 | Application counterfeit detection method, intelligent terminal and storage medium |
-
2020
- 2020-08-20 CN CN202010844945.7A patent/CN112016606A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424402A (en) * | 2013-08-28 | 2015-03-18 | 卓易畅想(北京)科技有限公司 | Method and device for detecting pirated application program |
| CN104572821A (en) * | 2014-12-03 | 2015-04-29 | 深圳市腾讯计算机***有限公司 | Method and device for processing files |
| CN106557695A (en) * | 2015-09-25 | 2017-04-05 | 卓望数码技术(深圳)有限公司 | A kind of malicious application detection method and system |
| CN107038173A (en) * | 2016-02-04 | 2017-08-11 | 腾讯科技(深圳)有限公司 | Application query method and apparatus, similar application detection method and device |
| CN107766726A (en) * | 2016-08-16 | 2018-03-06 | 腾讯科技(深圳)有限公司 | Application security detection method and device |
| CN108199830A (en) * | 2017-12-22 | 2018-06-22 | 沈阳通用软件有限公司 | Based on the legal method of the stringent management and control Android application programs of certificate |
| CN108154031A (en) * | 2018-01-17 | 2018-06-12 | 腾讯科技(深圳)有限公司 | Recognition methods, device, storage medium and the electronic device of camouflage applications program |
| CN108416212A (en) * | 2018-03-01 | 2018-08-17 | 腾讯科技(深圳)有限公司 | Method for identifying application program and device |
| CN109635523A (en) * | 2018-11-29 | 2019-04-16 | 北京奇虎科技有限公司 | Application program detection method, device and computer readable storage medium |
| CN110704104A (en) * | 2019-10-14 | 2020-01-17 | 北京智游网安科技有限公司 | Application counterfeit detection method, intelligent terminal and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023279890A1 (en) * | 2021-07-06 | 2023-01-12 | 北京锐安科技有限公司 | Image processing method and apparatus, electronic device, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10324977B2 (en) | Searching method and apparatus | |
| CN109446061B (en) | Page detection method, computer readable storage medium and terminal device | |
| CN108491866B (en) | Pornographic picture identification method, electronic device and readable storage medium | |
| CN108579094B (en) | User interface detection method, related device, system and storage medium | |
| CN109116129B (en) | Terminal detection method, detection device, system and storage medium | |
| CA3018437C (en) | Optical character recognition utilizing hashed templates | |
| CN110675940A (en) | Pathological image labeling method and device, computer equipment and storage medium | |
| CN116168351B (en) | Inspection method and device for power equipment | |
| CN112668575B (en) | Key information extraction method and device, electronic equipment and storage medium | |
| Lai et al. | An improved block-based matching algorithm of copy-move forgery detection | |
| CN110895811B (en) | Image tampering detection method and device | |
| Chen et al. | Image splicing forgery detection using simplified generalized noise model | |
| Zhang et al. | Image splicing localization using noise distribution characteristic | |
| CN111428740A (en) | Detection method and device for network-shot photo, computer equipment and storage medium | |
| CN112016606A (en) | Detection method, device and equipment for application program APP and storage medium | |
| CN114417995A (en) | Pipe network risk early warning method and device, computer equipment and storage medium | |
| Belhedi et al. | Adaptive scene‐text binarisation on images captured by smartphones | |
| CN111552829A (en) | Method and apparatus for analyzing image material | |
| CN105825161A (en) | Image skin color detection method and system thereof | |
| CN115063614A (en) | Image matching method and device and electronic equipment | |
| CN114913518A (en) | License plate recognition method, device, equipment and medium based on image processing | |
| CN114693955A (en) | Method and device for comparing image similarity and electronic equipment | |
| CN108230538B (en) | Paper money identification method, device, equipment and storage medium | |
| CN113127863A (en) | Malicious code detection method and device, computer equipment and storage medium | |
| CN110929708A (en) | Method, equipment and storage medium for identifying national flag in Thai identity card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |