[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN104915600B - A kind of Android application securitys methods of risk assessment and device - Google Patents

A kind of Android application securitys methods of risk assessment and device Download PDF

Info

Publication number
CN104915600B
CN104915600B CN201510370083.8A CN201510370083A CN104915600B CN 104915600 B CN104915600 B CN 104915600B CN 201510370083 A CN201510370083 A CN 201510370083A CN 104915600 B CN104915600 B CN 104915600B
Authority
CN
China
Prior art keywords
mrow
msub
api
called
malice
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510370083.8A
Other languages
Chinese (zh)
Other versions
CN104915600A (en
Inventor
刘元安
范文浩
余小秋
吴帆
张洪光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201510370083.8A priority Critical patent/CN104915600B/en
Publication of CN104915600A publication Critical patent/CN104915600A/en
Application granted granted Critical
Publication of CN104915600B publication Critical patent/CN104915600B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a kind of Android application securitys methods of risk assessment and device, wherein, this method includes:All API events E that simultaneously statistics application program A is called in operation are monitored, the sum for all API events that note application program A is called in operation is n;Each called API events E is specified successivelyi;Calculate application program A and call API events EiFor the probability L (E maliciously calledi);Calculate application program A and call API events EiDuring maliciously to call event, malice influences I (E caused by callingi);Go out application program A and call API events EiInfluence it is expected R (Ei), and continue to specify next called API events;After all API events E were designated, the API event E called to eachiInfluence it is expected R (Ei) summation, the program that the is applied A horizontal R of overall riskA;By the horizontal R of application program A overall riskAWith risk threshold value R0It is compared, whether judge application program A security risk can receive.

Description

A kind of Android application securitys methods of risk assessment and device
Technical field
The present invention relates to mobile terminal software safe technical field, especially, is related to a kind of Android application securitys Methods of risk assessment and device.
Background technology
Android is the open source operating system based on Linux platform, be can be used in such as smart mobile phone, tablet personal computer etc. In mobile terminal, by mobile terminal device manufacturer and the extensive concern of user.It is rapid general with Android mobile terminal And the application program based on Android operation system also emerges in an endless stream.
However, due to the open characteristics of Android operation system, developer can arbitrarily develop Android platform On application program and be published to Android application programs market, without carrying out any security risk inspection.However, some Application program has the behavior for accessing sensitive resource, for example steals individual privacy data, consumption user rate, takes network traffics Deng;All there are potential risks in this kind of application program, once by malicious exploitation, will cause the loss of user.
In the prior art, software security risk investigation is all based on computer software.Due to Android mobile terminal Have any different in the computer the characteristics of, such as store substantial amounts of personal information, and the malicious application of Android mobile terminal is attacked Mode, the effect hit also have larger difference with computer, such as some Android mobile terminal malicious applications malice takes Network traffics etc., therefore the software security measurement model of computer terminal is not the application for being readily applicable to Android mobile terminal Program safety risk assessment.
Threatened and security risk side for Android application assessments malicious application for lacking in the prior art The problem of method, there has been no effective solution at present.
The content of the invention
Threatened and security risk side for Android application assessments malicious application for lacking in the prior art The problem of method, it is an object of the invention to propose a kind of Android application securitys methods of risk assessment and device, Neng Gouquan Face and effectively to Android application programs carry out security risk assessment, judge the security loss that application program may be brought Size, reference frame is provided to formulate security strategy.
Based on above-mentioned purpose, technical scheme provided by the invention is as follows:
According to an aspect of the invention, there is provided a kind of Android application securitys methods of risk assessment, including:
Under android system environment, Android application program A to be assessed are called, monitor simultaneously statistics application program A All API events E called in operation, the sum for all API events that note application program A is called in operation is n;
Each called API events E is specified successivelyi, wherein, i=1,2 ..., n;
To currently assigned API events Ei, calculate application program A and call API events EiFor the probability L maliciously called (Ei);
To currently assigned API events Ei, calculate application program A and call API events EiDuring maliciously to call event, dislike Meaning influences I (E caused by callingi);
Probability L (the E called according to malicei) with influenceing I (E caused by malice callingi), calculating application program A calling should API events EiInfluence it is expected R (Ei), and continue to specify next called API events;
After all API events E were designated, the API event E called to eachiInfluence it is expected R (Ei) ask With the program that the is applied A horizontal R of overall riskA, wherein RA=∑iR(Ei)=∑iL(Ei)×I(Ei);
By the horizontal R of application program A overall riskAWith risk threshold value R0It is compared, judges application program A safety wind Whether danger can receive.
Wherein, calculate application program A and call API events EiFor the probability L (E maliciously calledi) be:
Wherein, P (Ei| A is malicious application) it is that a malicious application occurs to call the bad thing of some sensitive API Part EiThe probability of generation, P (A is malicious application) be all statistics application program in an application program be malicious application The probability of program, P (Ei) it is some sensitive API adverse events of the calling of all application programs EiProbability.
Also, calculate application program A and call API events EiDuring maliciously to call event, malice influences I caused by calling (Ei) be:
Calculating subjective assessment caused by malice is called influences IS(Ei);
Calculating objective evaluation caused by malice is called influences IO(Ei);
Calculate the weight H that subjective assessment caused by malice is called influencesi(Ei);
Subjective assessment influences I according to caused by being called maliceS(Ei), malice call caused by objective evaluation influence IO(Ei)、 The weight H that subjective assessment caused by malice is called influencesi (Ei), calculating caused by malice is called influences I (Ei):
I(Ei)=Hi(Ei)×IS(Ei)+Wi(Ei)×IO(Ei)
Wherein, Wi(Ei)=1-Hi(Ei)。
Also, calculating subjective assessment caused by malice is called influences IS(Ei) be:
Establish subjective impact assessment scale set U, wherein U={ 1,2,3,4,5,6,7,8,9,10 };
It is required that m all subjective assessment persons calls API events to all n successively, from subjective impact assessment scale collection In the element for closing U, pick out corresponding evaluation numerical value respectively according to subjective experience, scored;
Rating matrix Score is established, and will be as follows in scoring write-in rating matrix Score:
Wherein, scorejiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, its In, 1≤scoreji≤ 10,1≤j≤m, 1≤i≤n;
According to rating matrix Score, calculating the subjective assessment of i-th of calling API event influences IS(Ei) be:
Meanwhile calculate objective evaluation influence I caused by malice is calledO(Ei) be;
Establish objective influence assessment scale set V, wherein V={ 1,2,3,4,5,6,7,8,9,10 };
To widely applying program sample to analyze, malicious application is counted operationally, call each API events time Several percentage;
Define malicious application and call and quantify harmful effect caused by each API events;
The percentage of each API event times is operationally called according to malicious application, is called with malicious application Quantify harmful effect caused by each API events, calculate each API events and be employed routine call to be adjusted by malicious application Probability M (Ei);
It is by the probability M (E of malicious application calling that each API events are employed into routine calli), apply mechanically objective influence Assessment scale set V, which is quantified as objective evaluation caused by malice is called, influences IO(Ei)。
Meanwhile calculate the weight H that subjective assessment caused by malice is called influencesj(Ei) be:
I is influenceed on the subjective assessment of i-th of calling API eventS(Ei) be normalized, obtain normalizing formula master See evaluation factor pji
Wherein, i=1,2 ... n;
Establish normalization rating matrix Score':
Wherein, score'jiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, Wherein, 1≤scoreji≤ 10,1≤j≤m, 1≤i≤n, and have pj1+pj2+…pjn=1;
According to normalization rating matrix Score', the weight H influenceed using Information Entropy calculating subjective assessmenti(Ei):
Wherein, 0≤Hi(Ei)≤1, i=1,2 ... n.
According to another aspect of the present invention, there is provided a kind of Android application securitys risk assessment device, bag Include:
Monitoring module, monitoring module call Android application program A to be assessed under android system environment, prison Depending on all API events E that simultaneously statistics application program A is called in operation, all API that application program A is called in operation are remembered The sum of event is n;
Pointer is called, calls pointer to specify each called API events E successivelyi, wherein, i=1,2 ..., n;
Probability evaluation entity, probability evaluation entity is to currently assigned API events Ei, calculate application program A and call the API Event EiFor the probability L (E maliciously calledi);
Computing module is influenceed, influences computing module to currently assigned API events Ei, calculate application program A and call the API Event EiDuring maliciously to call event, malice influences I (E caused by callingi);
It is expected assessment module, it is expected the probability L (E that assessment module is called according to malicei) with influenceing I caused by malice calling (Ei), calculate application program A and call API events EiInfluence it is expected R (Ei), and continue to specify next called API Event;
Summation module, summation module was after all API events E were designated, the API event called to each EiInfluence it is expected R (Ei) summation, the program that the is applied A horizontal R of overall riskA, wherein RA=∑iR(Ei)=∑iL(Ei)× I(Ei);
Discrimination module, discrimination module is by the horizontal R of application program A overall riskAWith risk threshold value R0It is compared, judges Whether application program A security risk can receive.
Wherein, probability evaluation entity calculates application program A and calls API events EiFor the probability L (E maliciously calledi) be:
Wherein, P (Ei| A is malicious application) it is that a malicious application occurs to call the bad thing of some sensitive API Part EiThe probability of generation, P (A is malicious application) be all statistics application program in an application program be malicious application The probability of program, P (Ei) it is some sensitive API adverse events of the calling of all application programs EiProbability.
Also, influenceing computing module also includes subjective impact computing module, objective influence computing module and subjective assessment shadow Weight computation module is rung, computing module calculating application program A is influenceed and calls API events EiDuring maliciously to call event, malice I (E are influenceed caused by callingi) be:
Subjective impact computing module is used to calculate subjective assessment influence I caused by malice is calledS(Ei);
Objective influence computing module, which is used for objective evaluation caused by calculating malice calling, influences IO(Ei);
Subjective impact weight computation module is used to calculate the weight H that subjective assessment caused by malice is called influencesi(Ei);
Influenceing computing module subjective assessment according to caused by being called malice influences IS(Ei), malice objective comments caused by calling It is fixing to ring IO(Ei), malice call caused by subjective assessment influence weight Hi(Ei), calculating caused by malice is called influences I (Ei):
I(Ei)=Hi(Ei)×IS(Ei)+Wi(Ei)×IO(Ei)
Wherein, Wi(Ei)=1-Hi(Ei)。
Also, subjective impact computing module, which calculates subjective assessment caused by malice is called, influences IS(Ei) be:
Establish subjective impact assessment scale set U, wherein U={ 1,2,3,4,5,6,7,8,9,10 };
It is required that m all subjective assessment persons calls API events to all n successively, from subjective impact assessment scale collection In the element for closing U, pick out corresponding evaluation numerical value respectively according to subjective experience, scored;
Rating matrix Score is established, and will be as follows in scoring write-in rating matrix Score:
Wherein, scorejiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, its In, 1≤scoreji≤ 10,1≤j≤m, 1≤i≤n;
According to rating matrix Score, calculating the subjective assessment of i-th of calling API event influences IS(Ei) be:
Meanwhile objective influence computing module calculates objective evaluation influence I caused by malice is calledO(Ei) be;
Establish objective influence assessment scale set V, wherein V={ 1,2,3,4,5,6,7,8,9,10 };
To widely applying program sample to analyze, malicious application is counted operationally, call each API events time Several percentage;
Define malicious application and call and quantify harmful effect caused by each API events;
The percentage of each API event times is operationally called according to malicious application, is called with malicious application Quantify harmful effect caused by each API events, calculate each API events and be employed routine call to be adjusted by malicious application Probability M (Ei);
It is by the probability M (E of malicious application calling that each API events are employed into routine calli), apply mechanically objective influence Assessment scale set V, which is quantified as objective evaluation caused by malice is called, influences IO(Ei)。
Meanwhile subjective impact weight computation module calculates the weight H that subjective assessment caused by malice is called influencesj(Ei) be:
I is influenceed on the subjective assessment of i-th of calling API eventS(Ei) be normalized, obtain normalizing formula master See evaluation factor pji
Wherein, i=1,2 ... n;
Establish normalization rating matrix Score':
Wherein, score'jiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, Wherein, 1≤scoreji≤ 10,1≤j≤m, 1≤i≤n, and have pj1+pj2+…pjn=1;
According to normalization rating matrix Score', the weight H influenceed using Information Entropy calculating subjective assessmenti(Ei):
Wherein, 0≤Hi(Ei)≤1, i=1,2 ... n.
From the above it can be seen that the mode that technical scheme provided by the invention is combined by using subjectiveness and objectiveness Calculate the influence of Malware and be combined with the probability of Malware and the risk of loss of application program is assessed, fill up At present in the vacancy of Android application security evaluation areas;Information entropy theory is used simultaneously, to the peace of application program Full blast is nearly assessed, avoid using single subjectivity and objective method and caused by one-sidedness and limitation.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to institute in embodiment The accompanying drawing needed to use is briefly described, it should be apparent that, drawings in the following description are only some implementations of the present invention Example, for those of ordinary skill in the art, on the premise of not paying creative work, can also be obtained according to these accompanying drawings Obtain other accompanying drawings.
Fig. 1 is the flow chart according to a kind of Android application securitys methods of risk assessment of the embodiment of the present invention;
Fig. 2 is the structure chart according to a kind of Android application securitys risk assessment device of the embodiment of the present invention.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with the embodiment of the present invention Accompanying drawing, the technical scheme in the embodiment of the present invention is further carried out it is clear, complete, describe in detail, it is clear that it is described Embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, this area The every other embodiment that those of ordinary skill is obtained, belongs to the scope of protection of the invention.
According to one embodiment of present invention, there is provided a kind of Android application securitys methods of risk assessment.
As shown in figure 1, the Android application security methods of risk assessments provided according to embodiments of the present invention include:
Step S101, under android system environment, Android application program A to be assessed are called, monitors and counts All API events E that application program A is called in operation, remember the total of all API events that application program A is called in operation Number is n;
Step S103, each called API events E is specified successivelyi, wherein, i=1,2 ..., n;
Step S105, to currently assigned API events Ei, calculate application program A and call API events EiMaliciously to call Probability L (Ei);
Step S107, to currently assigned API events Ei, calculate application program A and call API events EiMaliciously to call During event, malice influences I (E caused by callingi);
Step S109, the probability L (E called according to malicei) with influenceing I (E caused by malice callingi), calculate using journey Sequence A calls API events EiInfluence it is expected R (Ei), and continue to specify next called API events;
Step S111, after all API events E were designated, the API event E called to eachiThe influence phase Hope R (Ei) summation, the program that the is applied A horizontal R of overall riskA, wherein RA=∑iR(Ei)=∑iL(Ei)×I(Ei);
Step S113, by the horizontal R of application program A overall riskAWith risk threshold value R0It is compared, judges application program A Security risk whether can receive.
Technical scheme is used by the application security risk assessment proposed by the present invention to Android:With using journey Sequence and the API of android system direct interaction are analysis center, by calculating the risk of loss of each API adverse events respectively, And then calculate the risk of loss of whole application program.
When application program is run in systems, corresponding API can be called to complete set function.For some sensitive work( The API of energy is referred to as adverse events Ei, for example, sending the API of short message, the API for obtaining phone number etc..One application program has Multiple adverse events, and think that each adverse events independently occurs.Therefore, by calculating each adverse events Influence it is expected R (Ei), then weight, it can obtain the horizontal R of overall risk of whole application programA
Wherein, calculate application program A and call API events EiFor the probability L (E maliciously calledi) be:
Wherein, P (Ei| A is malicious application) it is that a malicious application occurs to call the bad thing of some sensitive API Part EiThe probability of generation, P (A is malicious application) be all statistics application program in an application program be malicious application The probability of program, P (Ei) it is some sensitive API adverse events of the calling of all application programs EiProbability.
The Bayesian formula deformed during above formula.Otherwise it is normal or it is malice for application program A, and this Two events are mutual exclusions.In the case of sensitive API is employed routine call, it always by malicious application call or It is applied normally routine call.And required L (Ei) represent the called event E of sensitive APIiUnder conditions of generation, application program A It is the probability of malicious application, has complied fully with the condition of Bayesian formula.
Also, calculate application program A and call API events EiDuring maliciously to call event, malice influences I caused by calling (Ei) be:
Calculating subjective assessment caused by malice is called influences IS(Ei);
Calculating objective evaluation caused by malice is called influences IO(Ei);
Calculate the weight H that subjective assessment caused by malice is called influencesi(Ei);
Subjective assessment influences I according to caused by being called maliceS(Ei), malice call caused by objective evaluation influence IO(Ei)、 The weight H that subjective assessment caused by malice is called influencesi(Ei), calculating caused by malice is called influences I (Ei):
I(Ei)=Hi(Ei)×IS(Ei)+Wi(Ei)×IO(Ei)
Wherein, Wi(Ei)=1-Hi(Ei)。
R (E it is expected in the influence of adverse eventsi) by the probability L (E of adverse eventsi) and adverse events influence I (Ei) common Determine.Possibility L (the E of adverse eventsi) calculated with Bayesian formula.Influence I (the E of adverse eventsi) include two Point:The influence of the adverse events of subjective assessment and the influence of the adverse events of objective evaluation.The shadow of the adverse events of subjective assessment Ring that rule of thumb subjective judgement obtains by expert, the influences of the adverse events of objective evaluation by the real data in real world according to Assessment rules obtain;And information entropy theory is utilized, calculate the influence of the adverse events of subjective assessment and the bad thing of objective evaluation Influence I (E of the influence of part in adverse eventsi) in weight.
Also, calculating subjective assessment caused by malice is called influences IS(Ei) be:
Establish subjective impact assessment scale set U, wherein U={ 1,2,3,4,5,6,7,8,9,10 };
It is required that m all subjective assessment persons calls API events to all n successively, from subjective impact assessment scale collection In the element for closing U, pick out corresponding evaluation numerical value respectively according to subjective experience, scored;
Rating matrix Score is established, and will be as follows in scoring write-in rating matrix Score:
Wherein, scorejiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, its In, 1≤scoreji≤ 10,1≤j≤m, 1≤i≤n;
According to rating matrix Score, calculating the subjective assessment of i-th of calling API event influences IS(Ei) be:
The influence I of the adverse events of subjective assessmentSIt is that adverse events are determined to the understanding of importance of event according to expert The method of influence value.The more commonly used analytic approach that has levels in the subjective assessment method studied at present, this method need to ask Topic is divided into many indexs, is compared with 1-9 scales two-by-two by expert or analysis personnel for these indexs and is sent structure ratio Compared with judgment matrix.Number selection of the 1-9 scaling laws for index is often unsuitable excessive, but the number of sensitive API adverse events Comparatively amount is more than comparison, conventional 1-9 scaling laws are not to be applicable very much expert's subjective assessment of the invention.Therefore, will borrow Reflect and expert carries out 1-9 scales in improved AHP method.
Influence for the adverse events of subjective assessment, we are calculated using expert analysis mode mechanism, in order to unified, expert The influence value scope of scoring is become between 1~10 by 1~9.And because the quantity of sensitive API adverse events is in the majority, and exist Venture influence caused by some sensitive API adverse events is identical, thus herein to all sensitive API subjectivity assignment when, The influence value that expert provides scores completely by rule of thumb, as long as think reasonable, it is allowed to provide multiple identicals scorings.For example assume There is m sensitive API, expert thinks wherein m1(m1<M) individual API venture influence is consistent, then for this m1Individual sensitive API Expert can provide same venture influence value.
U={ 1,2,3,4,5,6,7,8,9,10 } is an intersection of expert analysis mode in the present embodiment, and expert is empirically The size that adverse events are lost by rogue program calling caused by possible is assessed, assigns 1~10 some value respectively.
Meanwhile calculate objective evaluation influence I caused by malice is calledO(Ei) be;
Establish objective influence assessment scale set V, wherein V={ 1,2,3,4,5,6,7,8,9,10 };
To widely applying program sample to analyze, malicious application is counted operationally, call each API events time Several percentage;
Define malicious application and call and quantify harmful effect caused by each API events;
The percentage of each API event times is operationally called according to malicious application, is called with malicious application Quantify harmful effect caused by each API events, calculate each API events and be employed routine call to be adjusted by malicious application Probability M (Ei);
It is by the probability M (E of malicious application calling that each API events are employed into routine calli), apply mechanically objective influence Assessment scale set V, which is quantified as objective evaluation caused by malice is called, influences IO(Ei)。
The influence I of the adverse events of objective evaluationO(Ei) determination be entirely derived from objective reality, be according to real world The information of middle acquisition determines the method for influence value.The malicious act of malicious application is often carried out under the driving of interests , therefore malicious application author can be made to make a profit maximum, called most API often for user's in general Venture influence loss and maximum.Based on this, can be drawn by analyzing the API Calls situations of Android malicious applications The objective risk influence value of sensitive API adverse events.The advantages of objective risk influence value determines is to fully rely on observation data to sentence It is disconnected, do not disturbed by human factor, objective, just evaluation can be made.
The percentage of API situations can be called by analyzing a large amount of malicious application samples, is then formulated accordingly Rule defines the objective influence of each API adverse events.Specific rules are as follows, and wherein M represents that API is called by malicious application Percentage:
(1) if M >=90%, objective risk influence value I is definedO(Ei)=10;
(2) if 90%>M >=80%, then define objective risk influence value IO(Ei)=9;
(3) if 80%>M >=70%, then define objective risk influence value IO(Ei)=8;
(4) if 70%>M >=60%, then define objective risk influence value IO(Ei)=7;
(5) if 60%>M >=50%, then define objective risk influence value IO(Ei)=6;
(6) if 50%>M >=40%, then define objective risk influence value IO(Ei)=5;
(7) if 40%>M >=30%, then define objective risk influence value IO(Ei)=4;
(8) if 30%>M >=20%, then define objective risk influence value IO(Ei)=3;
(9) if 20%>M >=10%, then define objective risk influence value IO(Ei)=2;
(10) if 10%>M >=0, then define objective risk influence value IO(Ei)=1;
In the present embodiment, the objective influence assessment scale set V of API adverse events is set to evaluate with subjective impact Scale set U is identical, to be corresponded.For some API, by counting its percentage called by malicious application Than checking that rule sees which section percentage falls in, then its IO(Ei) it is defined as the value of respective bins.
Meanwhile calculate the weight H that subjective assessment caused by malice is called influencesj(Ei) be:
I is influenceed on the subjective assessment of i-th of calling API eventS(Ei) be normalized, obtain normalizing formula master See evaluation factor pji
Wherein, i=1,2 ... n;
Establish normalization rating matrix Score':
Wherein, score'jiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, Wherein, 1≤scoreji≤ 10,1≤j≤m, 1≤i≤n, and have pj1+pj2+…pjn=1;
According to normalization rating matrix Score', the weight H influenceed using Information Entropy calculating subjective assessmenti(Ei):
Wherein, 0≤Hi(Ei)≤1, i=1,2 ... n.
The determination of objective risk influence value has advantage, and there is also shortcoming, shortcoming is it easily by the shadow of sample data difference Ring, cause to produce error during objective assignment.Expert is subjective, and the shortcomings that determining venture influence value is easily to be influenceed by subjective factor, Estimator often determines importance according to the subjective desire of itself, is easily influenceed by personalogy factor.
To weaken the interference of subjective factor, while the problem of in order to weaken objective factor error, this paper presents subjective and The objective method being combined determines the venture influence value of application behavior, that is, the venture influence value of sensitive API.First Calculate to be in danger using mode described previously and influence subjective value and venture influence objective value, then according to expert analysis mode matrix, utilize Comentropy adjusts venture influence subjective value and the proportion shared by venture influence objective value, draws the venture influence of Optimum Synthesis Value.
For the rating matrix Score of expert, the element score of matrixjiAll between 1~10.To scorejiData Obtain normalizing the formula subjective assessment factor p when being normalizedji, it is clear that there is pj1+pj2+…pjn=1, wherein, i=1, 2,…n。
Each row of Score' after treated show also assessment of the m expert for some API influence value, in fact It also reflects the probability that some API is maliciously called.For above-mentioned Score', if expert is to API venture influence value assignment Differ larger, i.e. pj1+pj2+…pjn=1 difference is larger, then illustrates that expert is inconsistent for the view of API values, expert Subjective assignment do not have very strong convincingness, expert's subjectivity assignment should be weakened in the proportion shared by integrated risk influence value; On the contrary, if assignment difference is smaller, illustrate that expert is more consistent for the view of API values, the data that expert provides have Higher convincingness, it should played a crucial role in overall merit.Therefore, the master set herein using Information Entropy come assessment experts It serve as a lookout relative importance of the dangerous influence value in integrated risk influence value.
Hi(Ei) bigger, show that assessment contribution of the expert to i-th of API venture influence value is bigger;On the contrary, Hi(Ei) smaller, Show that assessment contribution of the expert to i-th of API venture influence value is smaller.Therefore the venture influence value that expert's subjectivity assignment obtains exists Weight in integrated risk influence value is Hi(Ei), comparatively, the weights for the venture influence value that objective data obtains are:
Wi(Ei)=1-Hi(Ei)
Wi(Ei) it is big then show that objective data obtains risk of loss value is relatively important and contribution greatly.
According to another embodiment of the invention, there is provided a kind of Android application securitys risk assessment device.
As shown in Fig. 2 the Android application security risk assessment devices provided according to embodiments of the present invention include:
Monitoring module 21, monitoring module 21 call Android application programs to be assessed under android system environment A, monitor that all API events E that simultaneously statistics application program A is called in operation, note application program A are called all in operation The sum of API events is n;
Pointer 22 is called, calls pointer 22 to specify each called API events E successivelyi, wherein, i=1,2 ..., n;
Probability evaluation entity 23, probability evaluation entity 23 is to currently assigned API events Ei, calculate application program A and call API events EiFor the probability L (E maliciously calledi);
Computing module 24 is influenceed, influences computing module 24 to currently assigned API events Ei, calculate application program A and call API events EiDuring maliciously to call event, malice influences I (E caused by callingi);
It is expected assessment module 25, it is expected the probability L (E that assessment module 25 is called according to malicei) with malice call caused by Influence I (Ei), calculate application program A and call API events EiInfluence it is expected R (Ei), and continue to specify next be called API events;
Summation module 26, summation module 26 was after all API events E were designated, the API called to each Event EiInfluence it is expected R (Ei) summation, the program that the is applied A horizontal R of overall riskA, wherein RA=∑iR(Ei)=∑iL (Ei)×I(Ei);
Discrimination module 27, discrimination module 27 is by the horizontal R of application program A overall riskAWith risk threshold value R0It is compared, Whether judge application program A security risk can receive.
Wherein, probability evaluation entity calculates application program A and calls API events EiFor the probability L (E maliciously calledi) be:
Wherein, P (Ei| A is malicious application) it is that a malicious application occurs to call the bad thing of some sensitive API Part EiThe probability of generation, P (A is malicious application) be all statistics application program in an application program be malicious application The probability of program, P (Ei) it is some sensitive API adverse events of the calling of all application programs EiProbability.
Also, influenceing computing module also includes subjective impact computing module, objective influence computing module and subjective assessment shadow Weight computation module is rung, computing module calculating application program A is influenceed and calls API events EiDuring maliciously to call event, malice I (E are influenceed caused by callingi) be:
Subjective impact computing module is used to calculate subjective assessment influence I caused by malice is calledS(Ei);
Objective influence computing module, which is used for objective evaluation caused by calculating malice calling, influences IO(Ei);
Subjective impact weight computation module is used to calculate the weight H that subjective assessment caused by malice is called influencesi(Ei);
Influenceing computing module subjective assessment according to caused by being called malice influences IS(Ei), malice objective comments caused by calling It is fixing to ring IO(Ei), malice call caused by subjective assessment influence weight Hi(Ei), calculating caused by malice is called influences I (Ei):
I(Ei)=Hi(Ei)×IS(Ei)+Wi(Ei)×IO(Ei)
Wherein, Wi(Ei)=1-Hi(Ei)。
Also, subjective impact computing module, which calculates subjective assessment caused by malice is called, influences IS(Ei) be:
Establish subjective impact assessment scale set U, wherein U={ 1,2,3,4,5,6,7,8,9,10 };
It is required that m all subjective assessment persons calls API events to all n successively, from subjective impact assessment scale collection In the element for closing U, pick out corresponding evaluation numerical value respectively according to subjective experience, scored;
Rating matrix Score is established, and will be as follows in scoring write-in rating matrix Score:
Wherein, scorejiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, its In, 1≤scoreji≤ 10,1≤j≤m, 1≤i≤n;
According to rating matrix Score, calculating the subjective assessment of i-th of calling API event influences IS(Ei) be:
Meanwhile objective influence computing module calculates objective evaluation influence I caused by malice is calledO(Ei) be;
Establish objective influence assessment scale set V, wherein V={ 1,2,3,4,5,6,7,8,9,10 };
To widely applying program sample to analyze, malicious application is counted operationally, call each API events time Several percentage;
Define malicious application and call and quantify harmful effect caused by each API events;
The percentage of each API event times is operationally called according to malicious application, is called with malicious application Quantify harmful effect caused by each API events, calculate each API events and be employed routine call to be adjusted by malicious application Probability M (Ei);
It is by the probability M (E of malicious application calling that each API events are employed into routine calli), apply mechanically objective influence Assessment scale set V, which is quantified as objective evaluation caused by malice is called, influences IO(Ei)。
Meanwhile subjective impact weight computation module calculates the weight H that subjective assessment caused by malice is called influencesj(Ei) be:
I is influenceed on the subjective assessment of i-th of calling API eventS(Ei) be normalized, obtain normalizing formula master See evaluation factor pji
Wherein, i=1,2 ... n;
Establish normalization rating matrix Score':
Wherein, score'jiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, Wherein, 1≤scoreji≤ 10,1≤j≤m, 1≤i≤n, and have pj1+pj2+…pjn=1;
According to normalization rating matrix Score', the weight H influenceed using Information Entropy calculating subjective assessmenti(Ei):
Wherein, 0≤Hi(Ei)≤1, i=1,2 ... n.
In summary, by means of the technical solution of the present invention, the mode meter being combined by using subjectiveness and objectiveness Calculate the influence of Malware and be combined with the probability of Malware and the risk of loss of application program is assessed, fill up At present in the vacancy of Android application security evaluation areas;Information entropy theory is used simultaneously, to the safety of application program Risk is assessed, avoid using single subjectivity and objective method and caused by one-sidedness and limitation.

Claims (8)

  1. A kind of 1. Android application securitys methods of risk assessment, it is characterised in that including:
    Under android system environment, Android application program A to be assessed are called, monitors and counts the application program A All API events E called in operation, the sum for making all API events that the application program A calls in operation is n;
    Each called described API events E is specified successivelyi, wherein, i=1,2 ..., n;
    To the currently assigned API events Ei, calculate the application program A and call API events EiFor the probability maliciously called L(Ei);
    To the currently assigned API events Ei, calculate the application program A and call API events EiMaliciously to call event When, the malice influences I (E caused by callingi);
    Probability L (the E called according to the malicei) with influenceing I (E caused by malice callingi), calculate and described apply journey Sequence A calls API events EiInfluence it is expected R (Ei), and continue to specify next called API events;
    After all API events E were designated, the API event E called to eachiInfluence it is expected R (Ei) ask With the program that the is applied A horizontal R of overall riskA, wherein RA=∑iR(Ei)=∑iL(E)i×I(E)i
    By the horizontal R of overall risk of the application program AAWith risk threshold value R0It is compared, judges the peace of the application program A Whether full blast can nearly receive;
    Wherein, calculate the application program A and call API events EiFor the probability L (E maliciously calledi) be:
    Wherein, P (Ei| A is malicious application) it is that a malicious application occurs to call some sensitive API adverse events Ei The probability of generation, P (A is malicious application) be all statistics application program in an application program be malicious application Probability, P (Ei) it is some sensitive API adverse events of the calling of all application programs EiProbability.
  2. 2. a kind of Android application securitys methods of risk assessment according to claim 1, it is characterised in that calculate The application program A calls API events EiDuring maliciously to call event, the malice influences I (E caused by callingi) be:
    Calculating subjective assessment caused by the malice is called influences IS(Ei);
    Calculating objective evaluation caused by the malice is called influences IO(Ei);
    Calculate the weight H that subjective assessment caused by the malice is called influencesi(Ei);
    Subjective assessment influences I according to caused by being called the maliceS(Ei), the malice call caused by objective evaluation influence IO (Ei), the malice call caused by subjective assessment influence weight Hi(Ei), calculating caused by the malice is called influences I (Ei):
    I(Ei)=Hi(Ei)×IS(Ei)+Wi(Ei)×IO(Ei)
    Wherein, the Wi(Ei)=1-Hi(Ei)。
  3. 3. a kind of Android application securitys methods of risk assessment according to claim 2, it is characterised in that calculate Subjective assessment influences I caused by the malice is calledS(Ei) be:
    Establish subjective impact assessment scale set U, wherein U={ 1,2,3,4,5,6,7,8,9,10 };
    It is required that m all subjective assessment persons calls API events to all n successively, from the subjective impact assessment scale collection In the element for closing U, pick out corresponding evaluation numerical value respectively according to subjective experience, scored;
    Rating matrix Score is established, and will be as follows in the scoring write-in rating matrix Score:
    Wherein, scorejiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, wherein, 1 ≤scoreji≤ 10,1≤j≤m, 1≤i≤n;
    According to the rating matrix Score, calculating the subjective assessment of i-th of calling API event influences IS(Ei) be:
    <mrow> <msub> <mi>I</mi> <mi>S</mi> </msub> <mrow> <mo>(</mo> <msub> <mi>E</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>=</mo> <mfrac> <mrow> <msub> <mi>score</mi> <mrow> <mn>1</mn> <mi>i</mi> </mrow> </msub> <mo>+</mo> <msub> <mi>score</mi> <mrow> <mn>2</mn> <mi>i</mi> </mrow> </msub> <mo>+</mo> <mo>...</mo> <msub> <mi>score</mi> <mrow> <mi>m</mi> <mi>i</mi> </mrow> </msub> </mrow> <mi>m</mi> </mfrac> </mrow>
    Meanwhile calculate objective evaluation influence I caused by the malice is calledO(Ei) be:
    Establish objective influence assessment scale set V, wherein V={ 1,2,3,4,5,6,7,8,9,10 };
    To widely applying program sample to analyze, count malicious application operationally, call each API event times Percentage;
    Define the malicious application and call and quantify harmful effect caused by each API events;
    The percentage of each API event times and the malicious application are operationally called according to the malicious application Call and quantify harmful effect caused by each API events, it is to be answered by the malice to calculate each API events to be employed routine call With the probability M (E of routine calli);
    Probability M (the E that each API events are employed into routine call to be called by the malicious applicationi), it is described objective to apply mechanically Influence assessment scale set V and be quantified as objective evaluation influence I caused by the malice is calledO(Ei)。
  4. 4. a kind of Android application securitys methods of risk assessment according to claim 3, it is characterised in that calculate The weight H that subjective assessment caused by the malice is called influencesj(Ei) be:
    I is influenceed on the subjective assessment of described i-th calling API eventS(Ei) be normalized, obtain normalizing formula master See evaluation factor pji
    <mrow> <msub> <mi>p</mi> <mrow> <mi>j</mi> <mi>i</mi> </mrow> </msub> <mo>=</mo> <mfrac> <mrow> <msub> <mi>score</mi> <mrow> <mi>j</mi> <mi>i</mi> </mrow> </msub> </mrow> <mrow> <msub> <mi>score</mi> <mrow> <mi>j</mi> <mn>1</mn> </mrow> </msub> <mo>+</mo> <msub> <mi>score</mi> <mrow> <mi>j</mi> <mn>2</mn> </mrow> </msub> <mo>+</mo> <mn>...</mn> <msub> <mi>score</mi> <mrow> <mi>j</mi> <mi>n</mi> </mrow> </msub> </mrow> </mfrac> </mrow>
    Wherein, i=1,2 ... n;
    Establish normalization rating matrix Score':
    Wherein, score'jiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, wherein, 1≤scoreji≤ 10,1≤j≤m, 1≤i≤n, and have pj1+pj2+…pjn=1;
    According to the normalization rating matrix Score', the weight H that the subjective assessment influences is calculated using Information Entropyi(Ei):
    <mrow> <msub> <mi>H</mi> <mi>i</mi> </msub> <mrow> <mo>(</mo> <msub> <mi>E</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>=</mo> <mo>-</mo> <mfrac> <mn>1</mn> <mrow> <mi>ln</mi> <mi> </mi> <mi>m</mi> </mrow> </mfrac> <munderover> <mo>&amp;Sigma;</mo> <mrow> <mi>j</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>m</mi> </munderover> <msub> <mi>p</mi> <mrow> <mi>j</mi> <mi>i</mi> </mrow> </msub> <mi>ln</mi> <mi> </mi> <msub> <mi>p</mi> <mrow> <mi>j</mi> <mi>i</mi> </mrow> </msub> </mrow>
    Wherein, 0≤Hi(Ei)≤1, i=1,2 ... n.
  5. A kind of 5. Android application securitys risk assessment device, it is characterised in that including:
    Monitoring module, the monitoring module call Android application program A to be assessed under android system environment, prison Depending on and count all API events E that the application program A calls in operation, make what the application program A was called in operation The sum of all API events is n;
    Pointer is called, the calling pointer specifies each called described API events E successivelyi, wherein, i=1,2 ..., n;
    Probability evaluation entity, the probability evaluation entity is to the currently assigned API events Ei, calculate the application program A and adjust With API events EiFor the probability L (E maliciously calledi);
    Computing module is influenceed, the influence computing module is to the currently assigned API events Ei, calculate the application program A and adjust With API events EiDuring maliciously to call event, the malice influences I (E caused by callingi);
    It is expected assessment module, the probability L (E for it is expected assessment module and being called according to the malicei) call and cause with the malice Influence I (Ei), calculate the application program A and call API events EiInfluence it is expected R (Ei), and continue specified next Called API events;
    Summation module, the summation module was after all API events E were designated, the API called to each Event EiInfluence it is expected R (Ei) summation, the program that the is applied A horizontal R of overall riskA, wherein RA=∑iR(Ei)=∑iL (Ei)×I(Ei);
    Discrimination module, the discrimination module is by the horizontal R of overall risk of the application program AAWith risk threshold value R0It is compared, Whether judge the security risk of the application program A can receive;
    Wherein, the probability evaluation entity calculates the application program A and calls API events EiFor the probability L (E maliciously calledi) For:
    Wherein, P (Ei| A is malicious application) it is that a malicious application occurs to call some sensitive API adverse events Ei The probability of generation, P (A is malicious application) be all statistics application program in an application program be malicious application Probability, P (Ei) it is some sensitive API adverse events of the calling of all application programs EiProbability.
  6. 6. a kind of Android application securitys risk assessment device according to claim 5, it is characterised in that described Influenceing computing module also includes subjective impact computing module, objective influence computing module, calculates mould with subjective assessment weighing factor Block, the influence computing module calculate the application program A and call API events EiDuring maliciously to call event, the malice I (E are influenceed caused by callingi) be:
    The subjective impact computing module is used to calculate subjective assessment influence I caused by the malice is calledS(Ei);
    The objective influence computing module is used to calculate objective evaluation influence I caused by the malice is calledO(Ei);
    The subjective impact weight computation module is used to calculate the weight H that subjective assessment caused by the malice is called influencesi (Ei);
    Influence computing module subjective assessment according to caused by being called the malice influences IS(Ei), the malice call cause Objective evaluation influence IO(Ei), the malice call caused by subjective assessment influence weight Hi(Ei), calculate the malice and adjust I (E are influenceed caused byi):
    I(Ei)=Hi(Ei)×IS(Ei)+Wi(Ei)×IO(Ei)
    Wherein, the Wi(Ei)=1-Hi(Ei)。
  7. 7. a kind of Android application securitys risk assessment device according to claim 6, it is characterised in that described Subjective impact computing module, which calculates subjective assessment caused by the malice is called, influences IS(Ei) be:
    Establish subjective impact assessment scale set U, wherein U={ 1,2,3,4,5,6,7,8,9,10 };
    It is required that m all subjective assessment persons calls API events to all n successively, from the subjective impact assessment scale collection In the element for closing U, pick out corresponding evaluation numerical value respectively according to subjective experience, scored;
    Rating matrix Score is established, and will be as follows in the scoring write-in rating matrix Score:
    Wherein, scorejiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, wherein, 1 ≤scoreji≤ 10,1≤j≤m, 1≤i≤n;
    According to the rating matrix Score, calculating the subjective assessment of i-th of calling API event influences IS(Ei) be:
    <mrow> <msub> <mi>I</mi> <mi>S</mi> </msub> <mrow> <mo>(</mo> <msub> <mi>E</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>=</mo> <mfrac> <mrow> <msub> <mi>score</mi> <mrow> <mn>1</mn> <mi>i</mi> </mrow> </msub> <mo>+</mo> <msub> <mi>score</mi> <mrow> <mn>2</mn> <mi>i</mi> </mrow> </msub> <mo>+</mo> <mo>...</mo> <msub> <mi>score</mi> <mrow> <mi>m</mi> <mi>i</mi> </mrow> </msub> </mrow> <mi>m</mi> </mfrac> </mrow>
    Meanwhile the objective influence computing module calculates objective evaluation caused by the malice is called and influences IO(Ei) be:
    Establish objective influence assessment scale set V, wherein V={ 1,2,3,4,5,6,7,8,9,10 };
    To widely applying program sample to analyze, count malicious application operationally, call each API event times Percentage;
    Define the malicious application and call and quantify harmful effect caused by each API events;
    The percentage of each API event times and the malicious application are operationally called according to the malicious application Call and quantify harmful effect caused by each API events, it is to be answered by the malice to calculate each API events to be employed routine call With the probability M (E of routine calli);
    Probability M (the E that each API events are employed into routine call to be called by the malicious applicationi), it is described objective to apply mechanically Influence assessment scale set V and be quantified as objective evaluation influence I caused by the malice is calledO(Ei)。
  8. 8. a kind of Android application securitys risk assessment device according to claim 7, it is characterised in that described Subjective impact weight computation module calculates the weight H that subjective assessment caused by the malice is called influencesj(Ei) be:
    I is influenceed on the subjective assessment of described i-th calling API eventS(Ei) be normalized, obtain normalizing formula master See evaluation factor pji
    <mrow> <msub> <mi>p</mi> <mrow> <mi>j</mi> <mi>i</mi> </mrow> </msub> <mo>=</mo> <mfrac> <mrow> <msub> <mi>score</mi> <mrow> <mi>j</mi> <mi>i</mi> </mrow> </msub> </mrow> <mrow> <msub> <mi>score</mi> <mrow> <mi>j</mi> <mn>1</mn> </mrow> </msub> <mo>+</mo> <msub> <mi>score</mi> <mrow> <mi>j</mi> <mn>2</mn> </mrow> </msub> <mo>+</mo> <mo>...</mo> <msub> <mi>score</mi> <mrow> <mi>j</mi> <mi>n</mi> </mrow> </msub> </mrow> </mfrac> </mrow>
    Wherein, i=1,2 ... n;
    Establish normalization rating matrix Score':
    Wherein, score'jiRepresent that j-th of subjective assessment person evaluates numerical value to the subjective experience of i-th of calling API event, wherein, 1≤scoreji≤ 10,1≤j≤m, 1≤i≤n, and have pj1+pj2+…pjn=1;
    According to the normalization rating matrix Score', the weight H that the subjective assessment influences is calculated using Information Entropyi(Ei):
    <mrow> <msub> <mi>H</mi> <mi>i</mi> </msub> <mrow> <mo>(</mo> <msub> <mi>E</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>=</mo> <mo>-</mo> <mfrac> <mn>1</mn> <mrow> <mi>ln</mi> <mi> </mi> <mi>m</mi> </mrow> </mfrac> <munderover> <mo>&amp;Sigma;</mo> <mrow> <mi>j</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>m</mi> </munderover> <msub> <mi>p</mi> <mrow> <mi>j</mi> <mi>i</mi> </mrow> </msub> <mi>ln</mi> <mi> </mi> <msub> <mi>p</mi> <mrow> <mi>j</mi> <mi>i</mi> </mrow> </msub> </mrow>
    Wherein, 0≤Hi(Ei)≤1, i=1,2 ... n.
CN201510370083.8A 2015-04-28 2015-06-29 A kind of Android application securitys methods of risk assessment and device Active CN104915600B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510370083.8A CN104915600B (en) 2015-04-28 2015-06-29 A kind of Android application securitys methods of risk assessment and device

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201510208807 2015-04-28
CN2015102088079 2015-04-28
CN201510370083.8A CN104915600B (en) 2015-04-28 2015-06-29 A kind of Android application securitys methods of risk assessment and device

Publications (2)

Publication Number Publication Date
CN104915600A CN104915600A (en) 2015-09-16
CN104915600B true CN104915600B (en) 2017-11-10

Family

ID=54084661

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510370083.8A Active CN104915600B (en) 2015-04-28 2015-06-29 A kind of Android application securitys methods of risk assessment and device

Country Status (1)

Country Link
CN (1) CN104915600B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110245848A (en) * 2019-05-31 2019-09-17 口碑(上海)信息技术有限公司 The methods of risk assessment and device of program code

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6319369B2 (en) * 2016-06-23 2018-05-09 日本電気株式会社 PROCESS CONTROL DEVICE, PROCESS CONTROL METHOD, AND PROCESS CONTROL PROGRAM
CN107194002B (en) * 2017-06-14 2019-10-18 北京邮电大学 Mobile application influence power appraisal procedure and device
CN107679404A (en) * 2017-08-31 2018-02-09 百度在线网络技术(北京)有限公司 Method and apparatus for determining software systems potential risk
CN107832609B (en) * 2017-09-25 2020-11-13 暨南大学 Android malicious software detection method and system based on authority characteristics
CN110633568B (en) * 2019-09-19 2021-03-30 北京广成同泰科技有限公司 Monitoring system for host and method thereof
CN112052139B (en) * 2020-08-31 2022-12-27 河南中烟工业有限责任公司 Application program consumption and quality evaluation system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102279793A (en) * 2011-08-05 2011-12-14 清华大学 Method for measuring dependability of component based on entropy
CN103366123A (en) * 2013-05-07 2013-10-23 天津大学 Software risk assessment method based on defect analysis
CN104125217A (en) * 2014-06-30 2014-10-29 复旦大学 Cloud data center real-time risk assessment method based on mainframe log analysis

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030037063A1 (en) * 2001-08-10 2003-02-20 Qlinx Method and system for dynamic risk assessment, risk monitoring, and caseload management
EP2288987A4 (en) * 2008-06-12 2015-04-01 Guardian Analytics Inc Modeling users for fraud detection and analysis
US7818430B2 (en) * 2008-10-15 2010-10-19 Patentvc Ltd. Methods and systems for fast segment reconstruction

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102279793A (en) * 2011-08-05 2011-12-14 清华大学 Method for measuring dependability of component based on entropy
CN103366123A (en) * 2013-05-07 2013-10-23 天津大学 Software risk assessment method based on defect analysis
CN104125217A (en) * 2014-06-30 2014-10-29 复旦大学 Cloud data center real-time risk assessment method based on mainframe log analysis

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110245848A (en) * 2019-05-31 2019-09-17 口碑(上海)信息技术有限公司 The methods of risk assessment and device of program code

Also Published As

Publication number Publication date
CN104915600A (en) 2015-09-16

Similar Documents

Publication Publication Date Title
CN104915600B (en) A kind of Android application securitys methods of risk assessment and device
CN110417721A (en) Safety risk estimating method, device, equipment and computer readable storage medium
Goulet et al. Data‐driven post‐earthquake rapid structural safety assessment
CN110866820A (en) Real-time monitoring system, method, equipment and storage medium for banking business
CN107623697A (en) A kind of network security situation evaluating method based on attacking and defending Stochastic Game Model
WO2022100062A1 (en) Risk management and control method and apparatus, and electronic device and storage medium
CN110321809A (en) A kind of substation&#39;s operation field monitoring method and device based on deep learning
CN106897792A (en) A kind of structural fire protection risk class Forecasting Methodology and system
CN109472018A (en) Enterprise&#39;s public sentiment monitoring method, device, computer equipment and storage medium
CN112087445A (en) Electric power Internet of things security vulnerability assessment method fusing business security
CN104954342B (en) A kind of safety evaluation method and device
CN111078880B (en) Sub-application risk identification method and device
CN105357063A (en) Cyberspace security situation real-time detection method
CN110009224A (en) Suspect&#39;s violation probability prediction technique, device, computer equipment and storage medium
CN111582757B (en) Method, device, equipment and computer readable storage medium for analyzing fraud risk
CN111754241A (en) User behavior perception method, device, equipment and medium
CN109377339A (en) A kind of the auxiliary discriminating method and system of suspicious transaction case
CN111640280A (en) Subway station pollutant early warning method based on multi-source information fusion
CN107292174A (en) A kind of cloud computing system security assessment method and device
Li et al. Dynamic risk assessment of emergency evacuation in large public buildings: A case study
CN115689752A (en) Method, device and equipment for adjusting wind control rule and storage medium
CN112968796A (en) Network security situation awareness method and device and computer equipment
CN108509796A (en) A kind of detection method and server of risk
CN111127201A (en) Financial anti-money laundering cloud computing resource optimal allocation system and method based on SMDP
CN106790211A (en) A kind of Mathematical Statistical System and method for predicting malware infection

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant