Automatic detection method for Android malicious software

An automatic detection and malicious software technology, applied in the field of system security, can solve problems such as difficult automatic triggering of malicious behaviors, and achieve strong coverage and high efficiency

Inactive Publication Date: 2013-07-03
PEKING UNIV
View PDF3 Cites 66 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In view of the above problems, the purpose of the present invention is to provide an automated Android malware detection method, which combines the advantages of high efficiency of static analysis, strong coverage, and high dynamic detection accuracy...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic detection method for Android malicious software
  • Automatic detection method for Android malicious software
  • Automatic detection method for Android malicious software

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] A method and system for automatically detecting Android malware will be described in detail below with reference to the accompanying drawings, but the present invention is not limited to the following embodiments.

[0033] The overall structure of the present invention is as figure 1 As shown, the present invention mainly includes two parts structurally: a static analyzer and a dynamic detection sandbox plug-in. The static analyzer disassembles the Android application software to obtain the disassembled code, and then statically analyzes the sensitive API contained in the software to determine the way to trigger the sensitive API. For the sensitive API triggered by the user's operation on the control, the user event function should be further analyzed, and the control type and name associated with it should be statically analyzed according to the user event function, and the analysis results will be output to the specified dynamic detection sandbox in the file. The dy...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an automatic detection method for Android malicious software, and belongs to the technical field of system security. The method comprises the following steps: 1) setting a plurality of application programming interface (API) functions as sensitive APIs, disassembling software to be detected and analyzing all sensitive APIs and function call paths from a disassembled code; 2) judging the trigger mode of each sensitive API, analyzing control information triggering the sensitive API, inputting the control information into a dynamic detection sandbox and executing the control to automatically trigger a malicious act if the trigger mode is a user trigger mode, and sending system messages to the dynamic detection sandbox to trigger the malicious act if the trigger mode is a system message trigger mode; and (3) monitoring and recording the conditions of calling the sensitive API by the software and operating data through the dynamic detection sandbox, and judging the software as the malicious software if the call of the sensitive API and the operating data of the call indeed exist. By the method, manual intervention is not required, and the method provides powerful support for detecting large-scale malicious software.

Description

technical field [0001] The invention belongs to the technical field of system security, relates to a malicious software detection method, in particular to an Android malicious software automatic detection method. Background technique [0002] With the rapid development of the mobile Internet and the gradual popularization of smart phones, various smart phone application software has begun to affect all aspects of people's work and life, such as: mobile game software, mobile SNS software, mobile IM software, mobile payment software and mobile positioning service software and so on. At present, the two main camps of smartphone operating systems are Apple's iOS system and Google's Android system. Due to the closed nature of the iOS system, iOS application software needs to be downloaded from its official App Store, and all application software Before being put into the App Store, it needs to go through the strict review of Apple, which can largely ensure the safety of the iOS ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
Inventor 韩心慧郑聪龚晓锐朱诗雄
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap