Method, system and device for detecting Android malicious software

A malicious software and malicious technology, applied in the field of Android malware detection, can solve the problems of inability to detect whether the software is malicious software, complex trigger conditions, etc., and achieve the effect of accurate and timely malicious behavior detection

Active Publication Date: 2013-02-27
ZTE CORP +1
View PDF3 Cites 51 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The above-mentioned method of detecting malicious software by means of virus scanning and killing relies on virus signature codes. For newly released software, it is necessary to manually analyze the virus signature codes, so there is a certain lag in the dete

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, system and device for detecting Android malicious software
  • Method, system and device for detecting Android malicious software
  • Method, system and device for detecting Android malicious software

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] figure 1 It is a schematic diagram of the implementation process of the method for detecting Android malware in the present invention, such as figure 1 As shown, the method includes:

[0050] Step 101: The server simulates the execution of the software to be detected, and matches the sensitive feature information of the function called by the software to be detected with the sensitive feature information stored locally, and if the matching is successful, it identifies that the function call is a sensitive behavior;

[0051] Here, the sensitive feature information includes: function name, function class name, function parameter type, and number of function parameters. Among them, a certain function can be uniquely determined by function name, function class name, number of function parameters, and function parameter type. .

[0052] Here, the server locally saves the sensitive feature information of the dangerous function, where the dangerous function is a library function call...

Embodiment 2

[0082] figure 2 It is a schematic diagram of the composition structure of the Android malware detection system of the present invention, such as figure 2 As shown, the system includes: a server 21 and a client 22: among them,

[0083] The server 21 is configured to simulate the execution of the software to be detected according to the received installation package of the software to be detected uploaded by the user through the client 22UI, and compare the sensitive feature information and malicious feature information of the function called by the software to be detected with the locally stored sensitive information. The characteristic information and the malicious characteristic information are matched, and if the matching is successful, it is determined that the software to be detected is malicious software, and the detection result is sent to the client 22;

[0084] The client 22 is used to enable the user to upload the installation package of the software to be tested to the s...

Embodiment 3

[0107] image 3 This is a schematic diagram of the implementation process of an embodiment of detecting Android malware in the present invention. The following takes hippoSMS as an example, as image 3 As shown, the process includes:

[0108] Step 301: The server receives the software to be detected uploaded by the client and performs preprocessing;

[0109] In this step, the user uploads the installation package hippoSMS.apk corresponding to the software hippoSMS to be detected to the server through the client UI. The server uses the decompression software to decompress the installation package, and extracts the bytecode file in the installation package with the suffix dex. And run the disassembly tool to disassemble the bytecode file and output the program code.

[0110] Wherein, the decompression software may use WINRAR or APKTOOL, and the disassembly tool may use IDA pro (Interactive Disassembler professional).

[0111] Step 302: The server constructs the program structure and s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting Android malicious software. The method comprises the following steps: a server simulates and executes the to-be-detected software, and matches sensitive feature information and malicious feature information of the function invoked by the to-be-detected software with the sensitive feature information and the malicious feature information stored locally; and if the matching is successful, the function invoking is determined to be malicious, and the to-be-detected software is malicious. The invention further discloses a system and a device for detecting Android malicious software. By virtue of the technical scheme, the problem that the software cannot be detected to be the malicious software for a long time caused by the situations that the existing technology for detecting the Android malicious software has a lag phase, and the triggering conditions for malicious behaviors of some malicious software are complicated can be avoided.

Description

Technical field [0001] The present invention relates to the field of communications, in particular to a method, system and equipment for detecting Android malware. Background technique [0002] At present, mobile terminals generally use the Android system, but the Android system has various software release channels and lacks effective supervision. It is easy for users to install malicious software, which leads to malicious consumption of user fees and malicious deletion of personal information, which affects user experience. [0003] Therefore, there is an urgent need for effective methods to detect malware. Current common detection methods for malware include: virus detection and killing; dynamic real-time monitoring of the software’s operation and its interaction with the external environment to determine whether the software is malicious software. [0004] The above method of detecting malicious software by means of virus scanning and killing relies on the virus signature. For n...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCH04W12/12G06F2221/2101G06F21/56G06F21/566H04W12/128
Inventor 程绍银李子锋巫妍蒋凡
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap