Method and device for identifying virus APK
First Claim
Patent Images
1. A method for identifying virus Android application package file (APK), comprising:
- presetting a virus database comprising virus characteristic codes, wherein the presetting the virus database further including;
scanning an executable file in a source APK,extracting specific data from the executable file in the source APK,determining whether the specific data contain virus information, wherein the specific data include header information of the executable file, constants in a constant pool of the executable file, or operation instructions in the executable file,in response to a determination that the specific data in the executable file contain virus information, generating the virus characteristic codes, wherein the generating the virus characteristic codes further comprises;
generating the virus characteristic codes using an instruction set in a classes.dex file and a JAR file in the source APK,generating the virus characteristic codes using a specific opcode in the classes.dex file and the JAR file in the source APK and a character string or wildcard of its operand, orgenerating the virus characteristic codes using the instruction set in the classes.dex file in the source APK, the specific opcode in the classes.dex file in the source APK and the character string or wildcard of its operand, andstoring the generated virus characteristic codes to the virus database;
detecting that a designated file in a target APK contains at least one of the generated virus characteristic codes; and
determining that the target APK is a virus APK.
0 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are a method and a device for identifying a virus APK. The method comprises: presetting a virus database comprising virus characteristic codes; detecting that a designated file in a target Android installation package APK contains at least one of the virus characteristic codes; and determining that the target Android installation package APK is a virus APK. In the application, the virus APK and a variation thereof can be rapidly, accurately and effectively identified, thereby improving the security of an APK application.
-
Citations
15 Claims
-
1. A method for identifying virus Android application package file (APK), comprising:
-
presetting a virus database comprising virus characteristic codes, wherein the presetting the virus database further including; scanning an executable file in a source APK, extracting specific data from the executable file in the source APK, determining whether the specific data contain virus information, wherein the specific data include header information of the executable file, constants in a constant pool of the executable file, or operation instructions in the executable file, in response to a determination that the specific data in the executable file contain virus information, generating the virus characteristic codes, wherein the generating the virus characteristic codes further comprises; generating the virus characteristic codes using an instruction set in a classes.dex file and a JAR file in the source APK, generating the virus characteristic codes using a specific opcode in the classes.dex file and the JAR file in the source APK and a character string or wildcard of its operand, or generating the virus characteristic codes using the instruction set in the classes.dex file in the source APK, the specific opcode in the classes.dex file in the source APK and the character string or wildcard of its operand, and storing the generated virus characteristic codes to the virus database; detecting that a designated file in a target APK contains at least one of the generated virus characteristic codes; and determining that the target APK is a virus APK. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A device for identifying virus Android application package file (APK), comprising:
-
a processor; and a memory communicatively coupled to the processor and storing instructions upon execution by the processor cause the device to; preset a virus database comprising a virus characteristic codes, wherein instructions upon execution by the processor cause the device to preset a virus database further comprises instructions that upon execution by the processor further cause the device to; scan an executable file in a source APK; extract specific data from the executable file in the source APK; determine whether the specific data contain virus information, wherein the specific data include header information of the executable file, constants in a constant pool of the executable file, or operation instructions in the executable file, in response to a determination that the specific data in the executable file contain virus information, generate the virus characteristic codes according to the specific data, wherein generating the virus characteristic codes further comprises; generating the virus characteristic codes using an instruction set in a classes.dex file and a JAR file in the source APK, generating the virus characteristic codes using a specific opcode in the classes.dex file and the JAR file in the source APK and a character string or wildcard of its operand, or generating the virus characteristic codes using the instruction set in the classes.dex file in the source APK, the specific opcode in the classes.dex file in the source APK and the character string or wildcard of its operand, and store the generated virus characteristic codes to the virus database; detect whether a designated file in a target APK contains at least one of the generated virus characteristic codes; and determine that the target APK is a virus APK when the designated file in the target APK contains at least one of the virus characteristic code. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium which stores the computer program comprising computer readable code, and running of said computer readable code on a computing device causes said device to carry out a method for identifying virus Android application package file (APK), said method comprising:
-
presetting a virus database comprising virus characteristic codes, wherein the presetting the virus database further including; scanning an executable file in a source APK, extracting specific data from the executable file in the source APK, determining whether the specific data contain virus information, wherein the specific data include header information of the executable file, constants in a constant pool of the executable file, or operation instructions in the executable file, in response to a determination that the specific data in the executable file contain virus information, generating the virus characteristic codes, wherein the generating the virus characteristic codes further comprises; generating the virus characteristic codes using an instruction set in a classes.dex file and a JAR file in the source APK, generating the virus characteristic codes using a specific opcode in the classes.dex file and the JAR file in the source APK and a character string or wildcard of its operand, or generating the virus characteristic codes using the instruction set in the classes.dex file in the source APK, the specific opcode in the classes.dex file in the source APK and the character string or wildcard of its operand, and storing the generated virus characteristic codes to the virus database; detecting that a designated file in a target APK contains at least one of the virus characteristic codes; and determining that the target APK is a virus APK.
-
Specification