With the popularization and development of Android terminals, various types of malicious software emerge. In addition, according to statistics, over four hundred thousand types of new malicious software are found in the first quarter of 2015. That is, a new piece of malicious software is found every 18 seconds globally. These pieces of malicious software are downloaded onto a terminal of a user while not being known by the user, which brings a potential security risk to information and property of the user.
To improve the security of information and the property of the user, currently, a server may identify, by using the following method, whether software that is being installed, has been installed, or has been prevented from being installed by the terminal is malicious software, specifically: calculating a hash value of to-be-detected software, and determining whether the hash value is included in a hash value set, the hash value set including a hash value of malicious software; determining that the software is malicious software if the hash value set includes the hash value; and determining that the software is not malicious software if the hash value set does not include the hash value.
In a process for implementing the present disclosure, the existing technology has at least the following problem:
Identifying whether software is malicious software according to a hash value of the software may be easily bypassed by a virus creator, leading to low identification accuracy. For example, a new resource is added to malicious software or an original code is modified, so that a hash value of the malicious software changes, so as to detect that the malicious software is not malicious software, that is, incorrect determining occurs, leading to low identification accuracy.