Application interface detection method and device for forgery attack

Abstract

The present invention provides a method and device for detecting an application interface of a counterfeit attack, wherein the method includes: obtaining a screenshot of the application interface of the type to be detected during the operation of the device; calculating the characteristic value of the screenshot of the application interface of the type to be detected; The characteristic value of the screenshot of the application interface of the type, and the relationship between the pre-stored target application interface and the characteristic value of all types, and the preliminary detection result of determining whether the application interface of the type to be detected is an application interface of a forgery attack; the target application interface is an application of the type to be detected The interface is an application interface that wants to implement an interface forgery attack; it receives the final detection result of the application interface of the type to be detected based on the preliminary detection result feedback from the user. The above technical solution improves the accuracy rate of the application interface detection of forgery attacks, thereby improving network security.

Description

technical field [0001] The invention relates to the technical field of network security detection, in particular to a method and device for detecting an application interface of a counterfeit attack. Background technique [0002] In recent years, with the rapid development of the mobile Internet, more and more smart terminal devices have entered people's lives. Among them, smart phones are the most widely used. Smart phones carry the needs of all aspects of people's lives. Almost every mobile phone has installed Applications such as WeChat, mobile QQ, Alipay, and bank mobile client terminals contain a variety of user private information, making them easy targets for attackers. [0003] Interface forgery attack is a type of phishing attack. Malicious applications deceive users by displaying information input interfaces similar to other legitimate applications, obtain account names, passwords and other information entered by users, and send messages through various methods suc...

AI Technical Summary

Problems solved by technology

[0004] Interface forgery attacks attack by displaying an interface similar to the target application interface. Whether it is the interface for attack or the target application interface, there are many options for implementation, such as Activity, floating window, dialog box, etc., but the existing detection The technology mainly detects attacks that use the Activity to cover the target Activity interface. It is mainly based on the similarity of the Activity interface screenshots or the function call characteristics when the Activity is switched. It lacks detection capabilities for other types of forged interfaces, so there will be some leaks. report

In addition, some solutions use offline detection to determine whether the tested application contains an interface similar to the target application, and automatically judge the tested application that contains a similar interface as a malicious application. However, in practice, some applications imitate the interface of mainstream applications. Design, but there is no interface hijacking behavior, so the judgment of the result in the absence of user judgment is likely to cause false positives

[0005] In summary, the accuracy of the existing application interface detection of forgery attacks is low

Images