Unlock instant, AI-driven research and patent intelligence for your innovation.

Repackaged application detection method, rule base construction method and related device

A detection method and detection device technology, which are applied in computer security devices, instruments, computing and other directions, can solve problems such as inability to detect directly, and achieve the effects of efficient detection, high accuracy and high inspiration

Active Publication Date: 2022-08-09
WUHAN ANTIY MOBILE SECURITY
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, at present, malicious detection is generally carried out through package name, program name, class name, and code. These methods can only detect general repackaged applications, but cannot directly detect repackaged applications generated by third-party packaging tools (for example, SDK) application

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Repackaged application detection method, rule base construction method and related device
  • Repackaged application detection method, rule base construction method and related device
  • Repackaged application detection method, rule base construction method and related device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0057] figure 2 It is a flow chart of the repackaged application detection method according to the method embodiment 1 of the present invention. see figure 2 , in this embodiment, the method includes:

[0058] Step S202, when there is *-Digest-Manifest-Main-Attributes digest data in the *.SF digest file under the META-INF signature folder in the apk compressed package information of the current repackaged application, it is judged that the current repackaged application is Repackaged apps generated by third-party packaging tools.

[0059] It can be seen from the above technical solutions that the current repackaged application detection method of the present embodiment determines whether there is *-Digest-Manifest- Main-Attributes summary data can successfully detect whether the current repackaged application is generated by a third-party packaging tool. This detection method is simple to implement, efficient in detection, high in inspiration, high in accuracy, and has al...

Embodiment 2

[0068] image 3 It is a flow chart of the method for constructing a repackaged application rule base according to the method embodiment 2 of the present invention. see image 3 , in this embodiment, the method includes:

[0069] Step S302, in a plurality of known repackaged applications, the repackaged applications with the same number of malicious classes, the same signature algorithm, the same malicious behavior, the same malicious class attribute, and the same signature file attribute are classified into one category;

[0070] Among multiple known repackaged applications, repackaged applications with the same number of malicious classes, the same signature algorithm, the same malicious behavior, the same malicious class attributes, and the same signature file attributes are classified into the same class, and repackaged applications of the same type are created by the same Generated by a third-party packaging tool with the same *-Digest-Manifest-Main-Attributes summary da...

Embodiment 3

[0082] Figure 4 It is a flow chart of the repackaged application detection method according to the third embodiment of the method of the present invention. see Figure 4 , in this embodiment, the method includes:

[0083] Step S402, when *-Digest-Manifest-Main-Attributes digest data exists in the *.SF digest file under the META-INF signature folder in the apk compressed package information of the application to be detected, extract the *-Digest of the application to be detected -Manifest-Main-Attributes summary data;

[0084] Step S404, when the *-Digest-Manifest-Main-Attributes summary data of the application to be detected matches the repackaged application rule base constructed by the repackaged application rule base construction method in the above method embodiment 2, it is judged that the application to be detected is It is a repackaged application generated by a third-party packaging tool.

[0085] It can be seen from the above technical solutions that the repackag...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the present application provide a repackaged application detection method, a rule base construction method, and a related device, which belong to the technical field of Android systems. The repackaged application detection method includes: when there is *-Digest-Manifest-Main-Attributes digest data in the *.SF digest file under the META-INF signature folder in the apk compressed package information of the current repackaged application, determine The current repackaged application is a repackaged application generated by a third-party packaging tool. This application can detect repackaged applications generated by third-party packaging tools through the *‑Digest‑Manifest‑Main‑Attributes summary data, which is simple to implement, efficient in detection, highly enlightening, and highly accurate, with almost no missed or false detections. Since the *‑Digest‑Manifest‑Main‑Attributes summary data of the repackaged applications generated in the same batch are the same, this detection method is suitable for batch detection.

Description

technical field [0001] The present invention relates to the technical field of Android systems, and more particularly, to a method for detecting a repackaged application, a method for constructing a rule base, and a related device. Background technique [0002] With the rapid development of the mobile Internet, due to the convenience of portability, excellent performance, and rich functions (such as instant messaging, office processing, online games, etc.) of smart terminals (such as smart phones, tablets, etc.), the sales of smart terminals have grown rapidly. At present, China's mobile Internet users have exceeded 800 million. In 2015, Google Play has exceeded 1.4 million applications. Various third-party application markets in China also have a large number of mobile applications. These applications bring great convenience to people, but also bring great hidden dangers and risks to information security. [0003] Among all malicious applications, repackaged applications g...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/14G06F21/56
CPCG06F21/14G06F21/566G06F21/565G06F2221/033
Inventor 张吟邰靖宇潘宣辰
Owner WUHAN ANTIY MOBILE SECURITY