Unauthorized application detection system and method

摘要

The objective of the present invention is to provide technology for detecting malicious action of an application upon a terminal device using a low load as well as to increase accuracy of detection; in particular, to provide technology capable of performing detection even regarding an application which has been deleted upon the terminal device. A change in the installation state of an application in a terminal device is detected, upon which information for the installed application is reported to a fraud detection server so as to be recorded. In addition, a predetermined feature value based on an application file or component files configuring a package of the application is reported to the fraud detection server. The feature value is associated with the malicious action of the application so as to be registered in an application DB, whereupon if malicious action of the application is detected, fraud detection information is transmitted to the terminal device. When the fraud detection information is received, predetermined response processing is performed upon the terminal device.

主权项

1. A malicious application detection system comprising a terminal on which a user is able to properly install an application and a fraud detection server for detecting a malicious action of the application installed on the terminal, wherein:
the terminal comprises: an installation state detection unit for detecting a change in an installation state of the application; an installation notification unit for notifying the fraud detection server of information about the installed application when the installation state is changed; a feature value calculation unit for calculating a specific feature value based on a file of the application or element files that form a package of the application; a feature value transmission unit for notifying the fraud detection server of the information about the application and the feature value of the application; a fraud detection information reception unit for receiving fraud detection information from the fraud detection server when the malicious action of the application is detected; and an anti-malicious action unit for performing specific countermeasures in the terminal when the fraud detection information is received, and the fraud detection server comprises: an installation notification reception unit for receiving the information about the installed application from the installation notification unit of the terminal; a feature value reception unit for receiving the feature value from the feature value transmission unit of the terminal; a fraud detection unit for detecting a malicious action of a registered application within the server or externally obtaining and detecting the malicious action of the registered application; a fraud detection result recording unit for registering the feature value, associated with the information about the malicious action, with an application DB; and a fraud detection information transmission unit for sending fraud detection information to the terminal when the malicious action of the application is detected at least.