Detection system and method thereof

What is claimed is: 1 . A detection system comprising: a decompiler module configured to decompile a first application package file to generate a plurality of first decompiled files, and the first decompiled files comprising a first decompiled code; a module for comparing and classifying a revised application variance configured to compare the first decompiled code with a second decompiled code of a second application package file, analyze a different code segment between the first decompiled code and the second decompiled code, classify a changed code type corresponding to the different code segment according to a function call flow of the first decompiled code, load a correspondence table between a change type and a rule, and select at least one detection rule corresponding to the changed code type in the correspondence table between the change type and the rule; and an information security detection module configured to selectively update or establish a data flow according to the at least one detection rule, and confirm a detection region of the first decompiled code according to the data flow, and detect the detection region to generate a security detection result. 2 . The detection system of claim 1 , wherein the first application package file is a new version of an application package file, the second application package file is an old version of the application package file, the old version of the application package file is stored in a storage device, the old version of the application package file comprises information of the old version of the application package file, the information of the old version of the application package file comprises a creation date, a modified date, a file size, a file type, a last access date, and a file location of the old version of the application package file and a plurality of second decompiled files. 3 . The detection system of claim 2 , further comprising: a report module configured to generate a report according to the security detection result; wherein the storage device is further configured to store the correspondence table between the change type and the rule, the report, the at least one detection rule, the information of the old version of the application package file, and the security detection result. 4 . The detection system of claim 2 , wherein the second decompiled files exist in a database of the storage device, the second decompiled files correspond to the second application package file, the second decompiled files comprise the second decompiled code, the module for comparing and classifying the revised application variance is further configured to compare the first decompiled files with the second decompiled files to obtain a variance file in the first decompiled files, and the variance file comprises the first decompiled code. 5 . The detection system of claim 1 , wherein the changed code type comprises at least one of a parameter value variance type, a single function call variance type, and a function call flow variance type. 6 . The detection system of claim 5 , wherein when the module for comparing and classifying the revised application variance analyzes that the different code segment between the first decompiled code and the second decompiled code comprises a parameter value variance, the changed code type is classified as the parameter value variance type; when the module for comparing and classifying the revised application variance analyzes that the different code segment between the first decompiled code and the second decompiled code comprises a single function call variance, the changed code type is classified as the single function call variance type; and when the module for comparing and classifying the revised application variance analyzes that the different code segment between the first decompiled code and the second decompiled code comprises a function call flow variance, the changed code type is classified as the function call flow variance type. 7 . The detection system of claim 1 , wherein the at least one detection rule comprises a first rule, a second rule, and a third rule, and the module for comparing and classifying the revised application variance selects at least one of the first rule, the second rule, and the third rule corresponding to the changed code type. 8 . The detection system of claim 5 , wherein the at least one detection rule comprises a first rule, a second rule, and a third rule, and the parameter value variance type corresponds to the first rule, the single function call variance type corresponds to the second rule, the function call flow variance type corresponds to the third rule. 9 . A detection method comprising: decompiling a first application package file to generate a plurality of first decompiled files, and the first decompiled files comprising a first decompiled code; comparing the first decompiled code with a second decompiled code of a second application package file, analyzing a different code segment between the first decompiled code and the second decompiled code, classifying a changed code type corresponding to the different code segment according to a function call flow of the first decompiled code; loading a correspondence table between a change type and a rule, and selecting at least one detection rule corresponding to the changed code type in the correspondence table between the change type and the rule; updating or establishing a data flow according to the at least one detection rule selectively, and confirming a detection region of the first decompiled code according to the data flow; and detecting the detection region to generate a security detection result. 10 . The detection method of claim 9 , wherein the first application package file is a new version of an application package file, the second application package file is an old version of the application package file, the old version of the application package file is stored in a storage device, the old version of the application package file comprises information of the old version of the application package file, the information of the old version of the application package file comprises a creation date, a modified date, a file size, a file type, a last access date, and a file location of the old version of the application package file and a plurality of second decompiled files. 11 . The detection method of claim 10 , further comprising: generating a report according to the security detection result; storing the correspondence table between the change type and the rule, the report, the at least one detection rule, the information of the old version of the application package file, and the security detection result in the storage device. 12 . The detection method of claim 10 , wherein the second decompiled files exist in a database of the storage device, the second decompiled files correspond to the second application package file, the second decompiled files comprise the second decompiled code, and the first decompiled files are compared with the second decompiled files to obtain a variance file in the first decompiled files, and the variance file comprises the first decompiled code. 13 . The detection method of claim 9 , wherein the changed code type comprises at least one of a parameter value variance type, a single function call variance type, and a function call flow variance type. 14 . The detection method of claim 13 , wherein the step of analyzing the different code segment between the first decompiled code and the second decompiled code, classifying the changed code type corresponding to the different code segment