[go: up one dir, main page]

WO2014088262A1 - Dispositif et procédé de détection d'applications frauduleuses/modifiées - Google Patents

Dispositif et procédé de détection d'applications frauduleuses/modifiées Download PDF

Info

Publication number
WO2014088262A1
WO2014088262A1 PCT/KR2013/010971 KR2013010971W WO2014088262A1 WO 2014088262 A1 WO2014088262 A1 WO 2014088262A1 KR 2013010971 W KR2013010971 W KR 2013010971W WO 2014088262 A1 WO2014088262 A1 WO 2014088262A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
forgery
signature
verification
forged
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2013/010971
Other languages
English (en)
Korean (ko)
Inventor
주설우
이승원
황창연
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ahnlab Inc
Original Assignee
Ahnlab Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ahnlab Inc filed Critical Ahnlab Inc
Publication of WO2014088262A1 publication Critical patent/WO2014088262A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems

Definitions

  • the present invention relates to detecting forgery / falsification of an application, and in particular, in detecting application forgery / falsification, what kind of application is a corresponding application using application-specific recognition signature information stored in advance for the application to be diagnosed. Recognize the application and determine whether the application is forged or forged using the verification signature information set to diagnose forgery or forgery for each application, and then block the forged or forged application according to the policy.
  • the present invention relates to an application forgery / falsification detection apparatus and method that can reduce the damage caused by the forgery / modulated application.
  • a smart phone In general, a smart phone combines the advantages of a mobile phone and a personal digital assistant (PDA), and is implemented by integrating data communication functions such as schedule management, fax transmission, and Internet access.
  • PDA personal digital assistant
  • a smart phone is equipped with a wireless communication module such as Wi-Fi, and can transmit and receive data through the Internet network. Also, it is possible to search for information on the Internet and to send and receive picture information such as directions by using an electronic pen on the liquid crystal display. .
  • Such smart phones and portable terminals such as tablet PCs have their own operating systems such as IOS and Android, for example, and development of applications executable by the corresponding operating systems is being actively performed.
  • IOS and Android operating systems
  • development of applications executable by the corresponding operating systems is being actively performed.
  • an application that may leak personal information such as a financial application may be used as a financial accident or a crime, and thus may cause a serious problem.
  • An object of the present invention is to provide an apparatus and method for detecting forgery and alteration.
  • the present invention described above is an application forgery / falsification detection device, comprising: a recognition unit for extracting a recognition signature for identifying an application from a diagnosis target application, and recognizing the diagnosis target application by comparing with a previously stored recognition signature of the normal application; When a diagnosis target application is recognized, a verification signature for verifying whether the application is forged or forged is extracted from the diagnosis target application, and compared with a verification signature of a previously stored normal application to determine whether the diagnosis target application is forged or forged. And a verification unit and a blocking unit to block the corresponding application when it is determined that the diagnosis target application is forged / modulated through the verification unit.
  • the recognition unit may compare a plurality of cognitive signatures for the normal application and the extracted cognitive signatures, and if there is a matching cognitive signature, recognize the application to be diagnosed as an application corresponding to the matching cognitive signature. Characterized in that.
  • the verification unit may compare the plurality of verification signatures with respect to the normal application and the extracted verification signatures, respectively, and determine that the application is a forged / modulated application when there is a verification signature that does not match.
  • the blocking unit may be configured to notify the server of forgery / modulation of the application when the application is installed on a portable terminal and operates in association with a server on a communication network.
  • the blocking unit may be configured to delete the application from the server when the application is an application registered on an application providing server by an arbitrary user.
  • the recognition signature may be set to data that does not change even when the application is updated, modified, or changed by the original producer.
  • the recognition signature may include a specific value on a package name, an icon, or an execution code of the application.
  • the verification signature may be set to data whose value does not change even when the application is updated, modified or changed by the original manufacturer.
  • the verification signature may be set to data whose value is changed when the application is modified or changed by a path other than the original producer.
  • the verification signature is characterized in that it includes certificate information of the application.
  • the verification signature may include hash information or path information of files included in the APK file of the application.
  • the verification signature is characterized in that it comprises hash information or authority information for the APK configuration files recorded in the MANIFEST.MF file in the APK file of the application.
  • the verification signature may include information about APIs or external libraries used in the application among classes.dex file information in the APK file of the application, feature information about each class constituting the application, or the respective classes. It is characterized by including the feature information in the code for each function constituting.
  • the verification signature characterized in that it includes the characteristic information about the resources used in the application.
  • the present invention is an application forgery / forgery detection method, the step of extracting the recognition signature for identifying the application from the application to be diagnosed, and comparing the extracted recognition signature and the recognition signature of the normal application stored in the diagnosis target application Recognizing a step, extracting a verification signature for verifying the forgery / forgery of the application from the diagnostic target application, and comparing the extracted verification signature and the verification signature of the normal application stored in advance Determining whether or not the modulation, and if the diagnostic target application is determined to be a forged / forged application, blocking the application.
  • the recognizing may include comparing a plurality of cognitive signatures for the normal application and the extracted cognitive signatures, and if the cognitive signatures coincide with each other as a result of the comparison, the corresponding diagnosis target application may be recognized. Recognizing the application corresponding to the signature is characterized in that it comprises a.
  • the determining may include comparing a plurality of verification signatures for the normal application and the extracted verification signatures, and comparing the diagnosis target application with the verification result when there is a mismatching verification signature. And determining that it is a modulated application.
  • the blocking may include notifying forgery / modulation of the application to the server when the application is an application installed on a portable terminal and operating in conjunction with a server on a communication network.
  • the blocking may include deleting the application from the server when the application is an application registered on an application providing server by an arbitrary user.
  • the recognition signature may be set to data that does not change even when the application is updated, modified, or changed by the original producer.
  • the recognition signature may include a specific value on a package name, an icon, or an execution code of the application.
  • the verification signature may be set to data whose value does not change even when the application is updated, modified or changed by the original manufacturer.
  • the verification signature may be set to data whose value is changed when the application is modified or changed by a path other than the original producer.
  • the verification signature is characterized in that it includes certificate information of the application.
  • the verification signature may include hash information or path information of files included in the APK file of the application.
  • the present invention in the detection of forgery and forgery of the application, using the application-specific recognition signature information stored in advance for the target application to recognize what application is the application, and for the recognized application to diagnose whether the forgery / forgery by application again
  • By determining whether the application is forged / modulated by using the verification signature information set for the purpose there is an advantage of accurately detecting the forged / modulated application.
  • by blocking or deleting the forged / tampered application according to the policy there is an advantage that can be reduced by the forgery / tampered application.
  • FIG. 1 is a detailed block diagram of an application forgery / falsification detection apparatus according to an embodiment of the present invention
  • FIG. 2 is an operation control flowchart for detecting application forgery / modulation according to an embodiment of the present invention.
  • Combinations of each block of the accompanying block diagram and each step of the flowchart may be performed by computer program instructions.
  • These computer program instructions may be mounted on a processor of a general purpose computer, special purpose computer, or other programmable data processing equipment such that instructions executed through the processor of the computer or other programmable data processing equipment may not be included in each block or flowchart of the block diagram. It will create means for performing the functions described in each step.
  • These computer program instructions may be stored in a computer usable or computer readable memory that can be directed to a computer or other programmable data processing equipment to implement functionality in a particular manner, and thus the computer usable or computer readable memory.
  • instructions stored in may produce an article of manufacture containing instruction means for performing the functions described in each block or flowchart of each step of the block diagram.
  • Computer program instructions may also be mounted on a computer or other programmable data processing equipment, such that a series of operating steps may be performed on the computer or other programmable data processing equipment to create a computer-implemented process to create a computer or other programmable data. Instructions that perform processing equipment may also provide steps for performing the functions described in each block of the block diagram and in each step of the flowchart.
  • each block or step may represent a portion of a module, segment or code that includes one or more executable instructions for executing a specified logical function (s).
  • a specified logical function s.
  • the functions noted in the blocks or steps may occur out of order.
  • the two blocks or steps shown in succession may in fact be executed substantially concurrently or the blocks or steps may sometimes be performed in the reverse order, depending on the functionality involved.
  • the application forgery / false detection apparatus 100 may be installed in the portable terminal to detect whether the forgery or forgery for the application installed in the portable terminal, or installed in an application providing server where a plurality of applications are registered to a plurality of producers. It is also possible to detect whether the forgery / forgery for the application registered by.
  • a portable terminal may include a terminal such as a smartphone and a tablet PC.
  • the recognition unit 102 may extract the recognition signature for identifying the application from the diagnosis target application, and recognize the application by comparing the recognition signature for each application previously stored in the recognition signature DB 104.
  • the recognition unit 102 compares the recognition signatures extracted from the diagnosis target application with the recognition signatures of the normal applications for each application previously stored in the recognition signature DB 104, and when there exists a matching signature.
  • the application to be diagnosed may be recognized as a corresponding application whose recognition signatures match each other.
  • the recognition signature DB 104 stores a recognition signature on which a corresponding application for each application is identified for a plurality of applications that are manufactured to be installed in the portable terminal.
  • Such a recognition signature may be extracted in advance from a normal application which is not forged / modulated, and the recognition signature at this time is not changed even when the application is updated, modified or changed by the original creator, and thus is determined as the same application. Can be set to data that can be.
  • Such a recognition signature may be set to, for example, a specific value on a package name, an icon, or executable code of an application.
  • the package name of the application is a general name of the application, for example, "Angry Bird”, “KakaoTalk”, and the name that the user knows the application in advance. If such information is changed, the user Since the application is not likely to be installed, it is unlikely to be forged or altered when the application is forged / modulated, so it can be used as a cognitive signature.
  • the icon of the application is information that can recognize the application as a brief picture, it can be displayed as a bird-shaped picture in the case of Angry Birds, a speech bubble picture in the case of KakaoTalk. Is unlikely to install the application, so it is less likely to be forged or tampered with when the application is tampered with, and thus can be used as a cognitive signature. In addition, certain values in executable code that are less likely to be forged / falsified in the application may be set as recognition signatures.
  • the verification unit 106 extracts a verification signature for verifying whether the application is forged / modulated from the application recognized by the recognition unit 102, and compares the verification signature with the application-specific verification signature previously stored in the verification signature DB 108. Determine whether the application is forged or forged.
  • the diagnosis target application is forged / modulated. Can be determined by the application.
  • the verification unit 106 for example, the developer certificate information, the hash information for the application APK files, or the feature information for each class constituting the application is set as the verification signature to verify the verification signature DB ( 108, the corresponding verification signature is extracted from the application to be diagnosed, and then compared with the corresponding verification signature stored in the verification signature DB 108, and if any one does not match, the corresponding application is diagnosed. It can be judged as being modified.
  • the verification signature DB 108 stores verification signatures on which a plurality of applications designed to be installed in the portable terminal can determine whether the corresponding application is forged or forged. Such verification signatures can be extracted in advance from normal applications that are not forged / modulated.
  • the verification signature may be set to information that does not change even when the application is updated, modified, or changed by the original creator, so that the application may be determined as the same application.
  • the value may be set to the data to be changed.
  • Such a verification signature may be set to, for example, developer certificate information of an application or a feature value on application execution code.
  • the developer certificate information of the application is information authenticated by the developer at the time of development of the application.
  • a third party who wants to forge / modify the application may be used as a verification signature because the possibility of forgery / forgery with the same certificate information is very low.
  • feature values in the executable code that are likely to change when the application is forged / modulated may be set as verification signatures.
  • it may include hash information or path information of files included in the APK of the application, and also hash information and authority information of APK configuration files recorded in the MANIFEST.MF file in the APK file of the application. It may include information such as an application name and a package name.
  • classes.dex file information in the APK file of the application information on the API or external libraries used in the application, feature information on each class constituting the application, and functions of each class It may include feature information on a code for and may include feature information about resources used in an application among resources.arsc file information.
  • the blocking unit 110 may block execution or access of the corresponding application or delete the corresponding application to the application determined to be forged / modulated by the verification unit 106.
  • the blocking unit 110 notifies the server of the forgery / modulation of the application and operates to block the execution of the application on the server.
  • the application when the application is an application that operates in the form of a system application in the portable terminal, the application may terminate the process and then operate to delete the application.
  • FIGS. 1 and 2 illustrates an operation control flow for application forgery / modulation detection according to an embodiment of the present invention.
  • embodiments of the present invention will be described in detail with reference to FIGS. 1 and 2.
  • the recognition unit 102 of the application forgery / falsification detection apparatus 100 searches for an application to be diagnosed (S200).
  • the application forgery / tamper detection device 100 may be installed in the portable terminal of the user using the application, the application providing server, such as an application market to download and provide to the general user to register the applications produced by a number of producers It can also be installed in.
  • the application providing server such as an application market to download and provide to the general user to register the applications produced by a number of producers It can also be installed in.
  • the recognition unit 102 searches for an application installed in the portable terminal to diagnose the application that is the target of the application forgery / forgery detection You can search for
  • the recognition unit 102 is a server
  • the registered application may be searched for a diagnosis target application that is a target of application forgery / falsification detection.
  • the recognition unit 102 extracts the recognition signature for identifying the application from the diagnosis target application (S202), and compares the recognition signature for each application stored in the recognition signature DB 104 in advance. To recognize the application.
  • the recognition unit 102 compares, for example, the recognition signature extracted from the diagnosis target application and the recognition signatures for each application prestored in the recognition signature DB 104 (S204), and whether there is a matching recognition signature exists. Inspect (S206).
  • the recognition unit 102 may classify the corresponding application as an unconfirmed application, and may not perform verification on the unconfirmed application (S208).
  • the recognizer 102 may recognize the application to be diagnosed as a corresponding application that matches the coincidence signature.
  • the recognized application information is applied to the verification unit 106.
  • the verification unit 106 verifies whether the forgery / forgery for the recognized application.
  • the verification unit 106 extracts a verification signature for verifying whether the application is forged / modulated from the application recognized by the recognition unit 102 (S210), and the application-specific verification signature stored in the verification signature DB 108 in advance.
  • the verification signature corresponding to the recognized application is loaded to perform a comparison process between the verification signatures (S212).
  • the verification unit 106 compares the verification signature extracted from the application to be diagnosed with the verification signature previously stored for the corresponding application in the verification signature DB 108, respectively, and thus, there is a verification signature that does not match.
  • the diagnosis target application may be determined as a forged / modulated application (S216).
  • the verification unit 106 for example, the developer certificate information or the hash information for the application APK files or feature information for each class constituting the application is set as the verification signature is stored in the verification signature DB
  • the corresponding verification signature stored in the verification signature DB is compared with each other, and if any one does not match, the corresponding diagnosis target application can be determined to be forged / modulated. .
  • the forgery / modulation determination result of the application verified by the verification unit 106 is provided to the blocking unit 110.
  • the blocking unit 110 blocks the execution or access of the corresponding application or deletes the corresponding application for the application determined to be forged / modulated by the verification unit 106 (S218).
  • the blocking unit 110 is an application installed on the portable terminal to operate in conjunction with the server on the communication network, the server to notify the forgery / forgery of the application to operate to block the execution of the application on the server Can be.
  • the blocking unit 110 may operate to terminate the process of the application and then delete it.
  • the application in detecting application forgery / falsification, the application recognizes what application the application is using by using pre-stored recognition signature information for each application to be diagnosed, and again the application-specific perception By determining whether the application is forged or forged using the verification signature information set for diagnosing / modulated, it is possible to accurately detect the forged / modulated application. In addition, by blocking or deleting the forged / modified application according to the policy, it is possible to reduce the damage caused by the forged / forged application.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un dispositif et un procédé de détection d'applications frauduleuses/modifiées, qui permettent de détecter avec précision des applications frauduleuses/modifiées en reconnaissant l'application diagnostiquée au moyen des informations de signature pour chaque application pré-enregistrée, et en déterminant si l'application reconnue est frauduleuse/modifiée au moyen des informations de signature de vérification définies pour diagnostiquer si l'application reconnue est frauduleuse/modifiée. De plus, les dommages dus aux applications frauduleuses/modifiées peuvent être réduits en bloquant ou en supprimant les applications frauduleuses/modifiées conformément à une politique.
PCT/KR2013/010971 2012-12-04 2013-11-29 Dispositif et procédé de détection d'applications frauduleuses/modifiées Ceased WO2014088262A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020120139752A KR101277517B1 (ko) 2012-12-04 2012-12-04 애플리케이션 위/변조 탐지장치 및 방법
KR10-2012-0139752 2012-12-04

Publications (1)

Publication Number Publication Date
WO2014088262A1 true WO2014088262A1 (fr) 2014-06-12

Family

ID=48867487

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2013/010971 Ceased WO2014088262A1 (fr) 2012-12-04 2013-11-29 Dispositif et procédé de détection d'applications frauduleuses/modifiées

Country Status (2)

Country Link
KR (1) KR101277517B1 (fr)
WO (1) WO2014088262A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019072060A1 (fr) * 2017-10-11 2019-04-18 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Procédé de chargement de certificat et produit associé

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101540089B1 (ko) 2013-12-26 2015-08-06 주식회사 엔젠소프트 어플리케이션 위변조 검증 시스템 및 방법
KR101654973B1 (ko) * 2014-04-30 2016-09-06 단국대학교 산학협력단 소프트웨어 필터링 장치 및 방법
KR101537205B1 (ko) * 2014-10-20 2015-07-16 숭실대학교산학협력단 해쉬값을 이용하여 응용 프로그램의 위변조 여부를 탐지하는 사용자 단말기 및 그것을 이용한 위변조 탐지 방법
KR101516313B1 (ko) * 2014-10-24 2015-05-11 (주)지란지교시큐리티 소프트웨어 변조 탐지 방법
KR101642222B1 (ko) * 2015-03-21 2016-07-22 홍동철 안드로이드 운영체제에서의 스파이 애플리케이션 및 시스템 변조 탐지 방법
KR101716110B1 (ko) * 2015-11-04 2017-03-15 충북대학교 산학협력단 시그니처 모니터링을 통한 애플리케이션 검증 시스템 및 방법
KR101731312B1 (ko) * 2015-12-09 2017-04-28 숭실대학교산학협력단 사용자 단말의 애플리케이션에 대한 권한변경 탐지 방법, 장치 및 컴퓨터 판독가능 기록매체
KR102175784B1 (ko) * 2018-12-26 2020-11-06 주식회사 엠시큐어 모바일 어플리케이션의 취약점 자동 진단 장치 및 방법

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090042126A (ko) * 2007-10-24 2009-04-29 삼성전자주식회사 어플리케이션의 실행 제한 방법 및 그 장치
KR20120040956A (ko) * 2010-10-20 2012-04-30 단국대학교 산학협력단 소프트웨어 변조 판단 방법 및 시스템
KR20120110660A (ko) * 2011-03-30 2012-10-10 주식회사 엔씨소프트 메모리에서 실행되는 컴퓨터 프로그램의 변조 탐지 방법

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090042126A (ko) * 2007-10-24 2009-04-29 삼성전자주식회사 어플리케이션의 실행 제한 방법 및 그 장치
KR20120040956A (ko) * 2010-10-20 2012-04-30 단국대학교 산학협력단 소프트웨어 변조 판단 방법 및 시스템
KR20120110660A (ko) * 2011-03-30 2012-10-10 주식회사 엔씨소프트 메모리에서 실행되는 컴퓨터 프로그램의 변조 탐지 방법

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019072060A1 (fr) * 2017-10-11 2019-04-18 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Procédé de chargement de certificat et produit associé
US10419599B2 (en) 2017-10-11 2019-09-17 Guangdong Oppo Mobile Telecommunications Corp. Certificate loading method and related product

Also Published As

Publication number Publication date
KR101277517B1 (ko) 2013-06-21

Similar Documents

Publication Publication Date Title
WO2014088262A1 (fr) Dispositif et procédé de détection d'applications frauduleuses/modifiées
WO2013089340A1 (fr) Appareil et procédé de détection de similarité entre applications
ES2881318T3 (es) Método y aparato de escaneo de seguridad para mini programa, y dispositivo electrónico
CN104067283B (zh) 识别移动环境的木马化应用程序
WO2015056885A1 (fr) Dispositif de détection et procédé de détection pour une application android malveillante
WO2013077538A1 (fr) Dispositif et procédé d'analyse d'application basée sur une api
WO2017213400A1 (fr) Détection de logiciels malveillants par exploitation des variations de re-composition de logiciel malveillant
WO2014027859A1 (fr) Dispositif et procédé de traitement de requête de transaction dans un environnement de traitement de zone de confiance
WO2013137616A1 (fr) Procédé et appareil d'évaluation de permissions requises pour une application
WO2018056601A1 (fr) Dispositif et procédé de blocage de rançongiciel à l'aide d'une commande d'accès à un fichier de contenu
WO2018182126A1 (fr) Système et procédé permettant d'authentifier un logiciel sécurisé
CN104834862A (zh) 一种安卓权限提升攻击的全面静态分析系统
CN108763951B (zh) 一种数据的保护方法及装置
CN111639021A (zh) 应用程序的权限测试方法、装置及终端设备
WO2019066222A1 (fr) Procédé et système pour identifier un progiciel libre sur la base d'un fichier binaire
WO2019135425A1 (fr) Procédé et système de vérification de licence de logiciel à source ouverte
WO2014168408A1 (fr) Dispositif, système et procédé permettant de diagnostiquer un logiciel malveillant sur la base du nuage
WO2021085983A1 (fr) Procédé, dispositif et support lisible par ordinateur pour détecter des vulnérabilités dans un code source
WO2018169150A1 (fr) Système et procédé d'authentification d'utilisateur à base d'écran verrouillé
WO2019147101A1 (fr) Dispositif électronique de classification de code malveillant et son procédé de fonctionnement
WO2016080735A1 (fr) Procédé et appareil de prévention contre une attaque du type à injection dans un système d'exploitation web
WO2018199366A1 (fr) Procédé et système permettant de détecter si un obscurcissement a été appliqué à un fichier dex et d'évaluer la sécurité
US12063249B2 (en) Defensive deepfake for detecting spoofed accounts
CN116595523A (zh) 基于动态编排的多引擎文件检测方法、系统、设备及介质
KR20160090566A (ko) 유효마켓 데이터를 이용한 apk 악성코드 검사 장치 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13861005

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13861005

Country of ref document: EP

Kind code of ref document: A1