CN115168149A - Abnormal application program detection method and system - Google Patents

Abnormal application program detection method and system Download PDF

Info

Publication number
CN115168149A
CN115168149A CN202210808727.7A CN202210808727A CN115168149A CN 115168149 A CN115168149 A CN 115168149A CN 202210808727 A CN202210808727 A CN 202210808727A CN 115168149 A CN115168149 A CN 115168149A
Authority
CN
China
Prior art keywords
application program
abnormal
program
name
login
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210808727.7A
Other languages
Chinese (zh)
Inventor
詹昌如
李玉文
卢超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Xuanwu Wireless Technology Co Ltd
Original Assignee
Guangzhou Xuanwu Wireless Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Xuanwu Wireless Technology Co Ltd filed Critical Guangzhou Xuanwu Wireless Technology Co Ltd
Priority to CN202210808727.7A priority Critical patent/CN115168149A/en
Publication of CN115168149A publication Critical patent/CN115168149A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3051Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/302Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a method and a system for detecting an abnormal application program, wherein the method comprises the following steps: when the user terminal is determined to log in the background, acquiring installation package information of a login application program at the user terminal; extracting an installation path of the login application program based on the installation package information; and determining that the login application program is an abnormal application program according to the installation path. The method can determine the name of the installation package by utilizing the installation path of the application program, determine whether the name of the installation package is in a cheating or abnormal application program list or not in a mapping mode, determine whether the application program is an abnormal application program or not, and determine whether a salesman cheats a tool to report information for outward investigation or not in a normal mode.

Description

Abnormal application program detection method and system
Technical Field
The present invention relates to the field of application detection technologies, and in particular, to a method and a system for detecting an abnormal application.
Background
With the development of economy, more and more industries introduce a fast selling mode to accelerate the sales of enterprise products. In order to facilitate enterprise management of the salesmen in charge of fast sales, the enterprise needs the salesmen to count attendance and check (examine and take pictures in the expedition store at the appointed time, and then upload the pictures added with the watermarks to the enterprise background for detection, wherein the watermarks include the information of the taking time, the place, the salesmen and the like) so that the enterprise can determine whether the salesmen executes the sales service.
The current background commonly used auditing method is to identify the watermark of the uploaded photo, compare the content of the watermark with the investigation content (store address, store information, investigation time and the like) which is responsible for the operator on the same day, and determine whether the operator executes the corresponding investigation service according to the comparison result.
However, the currently used auditing method has the following technical problems: due to the popularization of more and more image processing software and/or modifying software, different application programs are used for logging in a background of an enterprise, then watermarks are edited by self and added to pre-shot images, and the images are uploaded to the background, so that the effect of falseness and mistruth is achieved, the enterprise cannot accurately determine whether a salesman executes corresponding sales and investigation services, and the management difficulty of the enterprise is increased.
Disclosure of Invention
The invention provides a method and a system for detecting an abnormal application program.
A first aspect of an embodiment of the present invention provides a method for detecting an abnormal application program, where the method includes:
when the user terminal is determined to log in the background, acquiring installation package information of a login application program at the user terminal;
extracting an installation path of the login application program based on the installation package information;
and determining that the login application program is an abnormal application program according to the installation path.
In a possible implementation manner of the first aspect, the determining that the login application is an abnormal application according to the installation path includes:
extracting a program field corresponding to the name of the login application program from the installation path;
determining whether a preset name list contains program names corresponding to the program fields, wherein the preset name list is composed of name fields of cheating application programs listed in a network;
if the preset name list contains the program name corresponding to the program field, determining that the login application program is an abnormal application program;
and if the preset name list does not contain the program name corresponding to the program field, determining that the login application program is a normal application program.
In a possible implementation manner of the first aspect, the installation package information includes: an application name;
the extracting of the installation path of the login application program based on the installation package information comprises:
and searching the absolute path of the installation package in the link data of the log system of the user terminal by using the application program name to obtain the installation path.
In a possible implementation manner of the first aspect, after the step of determining that the logged-in application is an abnormal application according to the installation path, the method further includes:
counting the abnormal times of the login application program of the user terminal, which is determined as an abnormal application program, and calculating the corresponding abnormal frequency within the preset time by using the abnormal times;
and editing and generating an analysis report by adopting the abnormal frequency and the abnormal times so as to be checked by a manager at the background.
A second aspect of an embodiment of the present invention provides a system for detecting an abnormal application, where the system includes:
the acquisition module is used for acquiring installation package information of a login application program at the user terminal when the user terminal is determined to log in the background;
the extraction module is used for extracting the installation path of the login application program based on the installation package information;
and the determining module is used for determining the login application program as an abnormal application program according to the installation path.
In a possible implementation manner of the second aspect, the determining module is further configured to:
extracting a program field corresponding to the name of the login application program from the installation path;
determining whether a preset name list contains program names corresponding to the program fields, wherein the preset name list is composed of the name fields of the cheating application programs listed by the network;
if the preset name list contains the program name corresponding to the program field, determining that the login application program is an abnormal application program;
and if the preset name list does not contain the program name corresponding to the program field, determining that the login application program is a normal application program.
In a possible implementation manner of the second aspect, the installation package information includes: an application name;
the extraction module is further configured to:
and searching the absolute path of the installation package in the link data of the log system of the user terminal by using the application program name to obtain the installation path.
In a possible implementation manner of the second aspect, the system further includes:
the system comprises a counting module, a judging module and a judging module, wherein the counting module is used for counting the abnormal times of the login application program of the user terminal determined as an abnormal application program and calculating the corresponding abnormal frequency in the preset time length by utilizing the abnormal times;
and the tabulation module is used for editing and generating an analysis report by adopting the abnormal frequency and the abnormal times so as to be checked by a manager at a background.
Compared with the prior art, the method and the system for detecting the abnormal application program provided by the embodiment of the invention have the beneficial effects that: the method can determine the name of the installation package by utilizing the installation path of the application program, determine whether the name of the installation package is in a cheating or abnormal application program list or not in a mapping mode, determine whether the application program is an abnormal application program or not, and determine whether a salesman cheats a tool to report information for outward investigation or not in a normal mode.
Drawings
Fig. 1 is a flowchart illustrating a method for detecting an abnormal application according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for detecting an abnormal application according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a system for detecting an abnormal application according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
The current background commonly used auditing method is to identify the watermark of the uploaded photo, compare the content of the watermark with the investigation content (store address, store information, investigation time and the like) which is responsible for the operator on the same day, and determine whether the operator executes the corresponding investigation service according to the comparison result.
However, the currently used auditing method has the following technical problems: due to the popularization of more and more image processing software and/or modifying software, different application programs are used for logging in a background of an enterprise, then watermarks are edited by self and added to pre-shot images, and the images are uploaded to the background, so that the effect of falseness and mistruth is achieved, the enterprise cannot accurately determine whether a salesman executes corresponding sales and investigation services, and the management difficulty of the enterprise is increased.
In order to solve the above problem, a method for detecting an abnormal application provided in the embodiments of the present application will be described and explained in detail by the following specific embodiments.
Referring to fig. 1, a flowchart of a method for detecting an abnormal application according to an embodiment of the present invention is shown.
As an example, the method for detecting an abnormal application program may include:
s11, when the user terminal is determined to log in the background, acquiring installation package information of the login application program at the user terminal.
In an embodiment, a user can log in a background of an enterprise by logging in an application program of a user terminal, and acquire installation package information of the logged-in application program when the user logs in.
And S12, extracting an installation path of the login application program based on the installation package information.
In one embodiment, the installation package information may include various types of information of the application program, so that the underlying installation path of the application program can be determined according to various types of information underlying the application program, so as to determine whether the application program is abnormal or not by using the installation path.
In one embodiment, the installation package information includes: application name.
Wherein, as an example, step S12 may comprise the following sub-steps:
and S121, searching an absolute path of the installation package in the log system link data of the user terminal by using the application program name to obtain an installation path.
Specifically, installation package information of the login application is acquired through getpagename (). All the android mobile phone installation apps have a package name, such as: the mobile phone terminal Tencent QQ, the package name: com, tencent, mobileqq, the package name can be checked through the mobile phone system application 'file management', and then the absolute path of the application program is obtained through the installation package information to obtain the installation path.
And S13, determining the login application program as an abnormal application program according to the installation path.
In one embodiment, the installation path may be analyzed by a detection software algorithm to determine if the application is an anomalous or coordinate application.
Wherein, as an example, step S13 may comprise the following sub-steps:
s131, extracting a program field corresponding to the name of the login application program from the installation path.
S132, determining whether a preset name list contains the program name corresponding to the program field, wherein the preset name list is composed of the name fields of the cheating application programs listed in the network.
And S133, if the preset name list contains the program name corresponding to the program field, determining that the login application program is an abnormal application program.
And S134, if the preset name list does not contain the program name corresponding to the program field, determining that the login application program is a normal application program.
Specifically, the program field may be mapped to a predetermined name list to determine whether the predetermined name list contains the program name corresponding to the program field.
And if the preset name list comprises the program name corresponding to the program field, determining that the login application program is an abnormal application program, otherwise, determining that the login application program is a normal application program.
Optionally, if the predetermined name list does not include the program name corresponding to the program field, the corresponding cheating software name may also be obtained through program field search, and then the cheating software name is added to the cheating software name table, and the logged-in application is determined to be an abnormal application.
The name of the application program is determined through the installation path of the application program, and whether the application program is abnormal or is cheated is determined based on the name of the application program, so that the condition of false and mistrueness is avoided, and the accuracy rate of enterprise audit is improved.
In an embodiment, the administrator of the enterprise needs to audit the outbound investigation of each clerk, so as to facilitate the audit, wherein the method may further include, as an example:
s14, counting the abnormal times of the application program determined as the abnormal application program by the login of the user terminal, and calculating the corresponding abnormal frequency in the preset time length by using the abnormal times.
And S15, adopting the abnormal frequency and the abnormal times to edit and generate an analysis report for a backstage manager to check.
In one embodiment, if the logged-in application is determined to be a normal application, the critical information under normal conditions may be logged to a logging system. If the login application program is determined to be an abnormal application program, the package name path corresponding to the abnormal application program and key information for marking cheating abnormality can be recorded and uploaded to a log system for recording.
In actual use, the cheating software name can be integrated through the package name of the abnormal application program, and other data can be recorded through a log system, such as: and the terminal codes, the personnel names, the mobile phone numbers and the like determine the specific cheating personnel information and cheating scenes, and then, through big data analysis, a large-screen report is displayed to a superior for checking.
In an optional embodiment, a manager can check the condition of each person using the virtual software by using information of background statistics, whether the cheating software is installed and used can be clearly distinguished in the details, if the fact that only the cheating software is installed on the mobile phone of the user is identified, the suspicious degree of the system identifier is 'ordinary', and if the fact that the virtual software is installed on the mobile phone of the user and repeated display and visit pictures are found in the operation history record of the mobile phone of the user is identified, the suspicious degree of the system identifier is 'high-risk'.
And the background can also update and analyze the cheating analysis tools every day, so that people who install virtual software on the previous day and before can be checked on the same day, and then a report form is integrated through analysis and statistics, so that cheating and counterfeiting details of business personnel of each marketing organization level of an enterprise can be checked.
The similar display photo identification frequency is counted twice a month through cheating analysis, namely the engine can perform duplicate checking calculation analysis on the display photos in the last 60 days at a fixed time every month, the analysis result is generally output after 3 days, the efficiency is high, the timeliness is fast, and the discrimination efficiency is improved.
In addition, the cheating analysis statistics has important practical application aiming at counterfeit tracking and terminal duplicate checking of the patrol, the report form of the analysis statistics result is detailed, the timeliness is high, and the enterprise can conveniently check the cheating analysis statistics result in time.
Referring to fig. 2, an operation flow diagram of a method for detecting an abnormal application according to an embodiment of the present invention is shown.
For convenience of understanding, the introduction application APP of the mobile phone is used for description.
Specifically, a user logs in the system and enters cheating software algorithm logic before entering a home page, and the cheating software package name is analyzed and compared according to fields by analyzing an installation package path of a login application program and then determining the field of the application program corresponding to the installation package according to the installation package path. If the package path contains the cheating software package name, recording the package name path and key information for marking cheating abnormity, and uploading the key information to a log system for recording; if the cheating software package name does not exist, the fact that the user enters a home page through a login system is detected, and meanwhile, key information under normal conditions is recorded into a log system.
In this embodiment, an embodiment of the present invention provides a method for detecting an abnormal application program, which has the following beneficial effects: the method can determine the name of the installation package by utilizing the installation path of the application program, determine whether the name of the installation package is in a cheating or abnormal application program list or not in a mapping mode, determine whether the application program is an abnormal application program or not, and determine whether a salesman cheats a tool to report information for outward investigation or not in a normal mode.
An embodiment of the present invention further provides a system for detecting an abnormal application program, and referring to fig. 3, a schematic structural diagram of the system for detecting an abnormal application program according to an embodiment of the present invention is shown.
As an example, the detection system of the abnormal application program may include:
an obtaining module 301, configured to obtain installation package information of a login application at a user terminal when it is determined that the user terminal logs in a background;
an extracting module 302, configured to extract an installation path of the login application based on the installation package information;
and the determining module 303 is configured to determine that the login application program is an abnormal application program according to the installation path.
Optionally, the determining module is further configured to:
extracting a program field corresponding to the name of the login application program from the installation path;
determining whether a preset name list contains program names corresponding to the program fields, wherein the preset name list is composed of name fields of cheating application programs listed in a network;
if the preset name list contains the program name corresponding to the program field, determining that the login application program is an abnormal application program;
and if the preset name list does not contain the program name corresponding to the program field, determining that the login application program is a normal application program.
Optionally, the installation package information includes: the application name;
the extraction module is further configured to:
and searching the absolute path of the installation package in the link data of the log system of the user terminal by using the application program name to obtain the installation path.
Optionally, the system further comprises:
the system comprises a counting module, a judging module and a judging module, wherein the counting module is used for counting the abnormal times of the login application program of the user terminal determined as an abnormal application program and calculating the corresponding abnormal frequency in the preset time length by utilizing the abnormal times;
and the tabulation module is used for editing and generating an analysis report form by adopting the abnormal frequency and the abnormal times so as to be checked by a manager at a background.
It can be clearly understood by those skilled in the art that, for convenience and brevity, the specific working process of the system described above may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
Further, an embodiment of the present application further provides an electronic device, including: the system comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the detection method of the abnormal application program according to the embodiment.
Further, an embodiment of the present application also provides a computer-readable storage medium, where computer-executable instructions are stored, and the computer-executable instructions are configured to enable a computer to execute the method for detecting an abnormal application program according to the above embodiment.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.

Claims (10)

1. A method for detecting an abnormal application, the method comprising:
when the user terminal is determined to log in the background, acquiring installation package information of a login application program at the user terminal;
extracting an installation path of the login application program based on the installation package information;
and determining that the login application program is an abnormal application program according to the installation path.
2. The method for detecting an abnormal application program according to claim 1, wherein the determining that the login application program is an abnormal application program according to the installation path includes:
extracting a program field corresponding to the name of the login application program from the installation path;
determining whether a preset name list contains program names corresponding to the program fields, wherein the preset name list is composed of name fields of cheating application programs listed in a network;
if the preset name list contains the program name corresponding to the program field, determining that the login application program is an abnormal application program;
and if the preset name list does not contain the program name corresponding to the program field, determining that the login application program is a normal application program.
3. The method for detecting an abnormal application program according to claim 1, wherein the installation package information includes: an application name;
the extracting of the installation path of the login application program based on the installation package information comprises:
and searching the absolute path of the installation package in the link data of the log system of the user terminal by using the application program name to obtain the installation path.
4. The method for detecting an abnormal application program according to any one of claims 1 to 3, wherein after the step of determining that the logged-in application program is an abnormal application program according to the installation path, the method further comprises:
counting the abnormal times of the login application program of the user terminal, which is determined as an abnormal application program, and calculating the corresponding abnormal frequency within the preset time by using the abnormal times;
and editing and generating an analysis report by adopting the abnormal frequency and the abnormal times so as to be checked by a manager at the background.
5. A system for detecting an anomalous application, said system comprising:
the acquisition module is used for acquiring installation package information of a login application program at the user terminal when the user terminal is determined to log in the background;
the extraction module is used for extracting an installation path of the login application program based on the installation package information;
and the determining module is used for determining the login application program as an abnormal application program according to the installation path.
6. The anomalous application detection system of claim 5, wherein said determination module is further configured to:
extracting a program field corresponding to the name of the login application program from the installation path;
determining whether a preset name list contains program names corresponding to the program fields, wherein the preset name list is composed of name fields of cheating application programs listed in a network;
if the preset name list contains the program name corresponding to the program field, determining that the login application program is an abnormal application program;
and if the preset name list does not contain the program name corresponding to the program field, determining that the login application program is a normal application program.
7. The anomalous application detection system of claim 5 wherein said installation package information includes: an application name;
the extraction module is further configured to:
and searching the absolute path of the installation package in the link data of the log system of the user terminal by using the application program name to obtain the installation path.
8. The abnormal application detection system according to any one of claims 5 to 7, further comprising:
the system comprises a counting module, a judging module and a judging module, wherein the counting module is used for counting the abnormal times of the login application program of the user terminal determined as an abnormal application program and calculating the corresponding abnormal frequency in the preset time length by utilizing the abnormal times;
and the tabulation module is used for editing and generating an analysis report by adopting the abnormal frequency and the abnormal times so as to be checked by a manager at a background.
9. An electronic device, comprising: memory, processor and computer program stored on the memory and executable on the processor, characterized in that the processor implements the method for detecting an anomalous application program according to any one of the claims 1 to 4 when executing said program.
10. A computer-readable storage medium storing computer-executable instructions for causing a computer to perform the method for detecting an abnormal application program according to any one of claims 1 to 4.
CN202210808727.7A 2022-07-11 2022-07-11 Abnormal application program detection method and system Pending CN115168149A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210808727.7A CN115168149A (en) 2022-07-11 2022-07-11 Abnormal application program detection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210808727.7A CN115168149A (en) 2022-07-11 2022-07-11 Abnormal application program detection method and system

Publications (1)

Publication Number Publication Date
CN115168149A true CN115168149A (en) 2022-10-11

Family

ID=83492667

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210808727.7A Pending CN115168149A (en) 2022-07-11 2022-07-11 Abnormal application program detection method and system

Country Status (1)

Country Link
CN (1) CN115168149A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101561167B1 (en) * 2014-04-18 2015-10-20 순천향대학교 산학협력단 System and Method for Controlling Application Permission on the Android Mobile Platform
CN106971106A (en) * 2017-03-30 2017-07-21 维沃移动通信有限公司 A kind of method, mobile terminal and server for recognizing unauthorized applications
CN108491320A (en) * 2018-03-05 2018-09-04 平安普惠企业管理有限公司 Exception analysis method, device, computer equipment and the storage medium of application program
CN110347565A (en) * 2019-05-24 2019-10-18 平安科技(深圳)有限公司 A kind of exception analysis method and device, electronic equipment of application program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101561167B1 (en) * 2014-04-18 2015-10-20 순천향대학교 산학협력단 System and Method for Controlling Application Permission on the Android Mobile Platform
CN106971106A (en) * 2017-03-30 2017-07-21 维沃移动通信有限公司 A kind of method, mobile terminal and server for recognizing unauthorized applications
CN108491320A (en) * 2018-03-05 2018-09-04 平安普惠企业管理有限公司 Exception analysis method, device, computer equipment and the storage medium of application program
CN110347565A (en) * 2019-05-24 2019-10-18 平安科技(深圳)有限公司 A kind of exception analysis method and device, electronic equipment of application program

Similar Documents

Publication Publication Date Title
US8886944B2 (en) Watermark to identify leak source
US10147025B2 (en) Visual indicator status recognition
CN113489713B (en) Network attack detection method, device, equipment and storage medium
CN113765881A (en) Method and device for detecting abnormal network security behavior, electronic equipment and storage medium
CN114077525A (en) Abnormal log processing method and device, terminal equipment, cloud server and system
US10496842B1 (en) Multi-pronged file anomaly detection based on violation counts
CN111553137B (en) Report generation method and device, storage medium and computer equipment
CN110598008A (en) Data quality inspection method and device for recorded data and storage medium
CN116545709A (en) Sensitive data tracing method, device and equipment
CN115292163A (en) Application program detection method and device and computer readable storage medium
CN117010013A (en) Risk management method and device and computer equipment
CN111371757A (en) Malicious communication detection method and device, computer equipment and storage medium
CN112347457A (en) Abnormal account detection method and device, computer equipment and storage medium
CN114003568A (en) Data processing method and related device
CN112433936A (en) Test method, test device and storage medium
CN116881979A (en) Method, device and equipment for detecting data safety compliance
CN115168149A (en) Abnormal application program detection method and system
CN111241547A (en) Detection method, device and system for unauthorized vulnerability
CN108257011B (en) Drop list processing method and device
JP5851311B2 (en) Application inspection device
CN115600201A (en) User account information safety processing method for power grid system software
CN108053510A (en) Intelligent attendance system and method
CN113704825A (en) Database auditing method, device and system and computer storage medium
CN112446011A (en) Watermark identification and error code copyright judgment method
CN111831698A (en) Data auditing method, system and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20221011