Android malicious software detecting platform oriented to mobile internet

A mobile Internet and malware technology, applied in the field of Android malware detection platform, can solve problems such as economic loss and user privacy leakage, and achieve the effect of improving accuracy and efficiency

Inactive Publication Date: 2014-03-26
UNIV OF ELECTRONIC SCI & TECH OF CHINA
6 Cites 51 Cited by

AI-Extracted Technical Summary

Problems solved by technology

These applications contain a variety of malicious behaviors, causi...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Method used

2), through APP dynamic analysis, simulate user's operation to APP, can restore the usage scene of APP in the actual environment, expose the real behavior of APP, effectively solve the defect of APP dynamic behavior that cannot be obtained in APP static analysis , combined with the results of APP dynamic analysis and static analysis, it can more comprehensively reflect the behavior characteristics of APP, and it is easier to find malicious behavior of APP.
The automatic scanning module of server is used for realizing APP dynamic analysis and static analysis, and the who...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Abstract

The invention belongs to the technical field of information safety and discloses an android malicious software detecting platform oriented to the mobile internet. The Android malicious software detecting platform aims at overcoming the shortcoming that existing Android malicious software lacks dynamic detection, and the Android malicious software detecting platform achieves organic combination of static detection and dynamic detection of the Android malicious software. An application program is installed into an Android sandbox, the Android application program is automatically started and controlled, and various practical operations of a user to the application program are simulated. The operation situation of the application program is monitored to obtain API information of the application program and various dynamic behaviors so as to achieve the aim of detecting the malicious behaviors of the application program. According to the android malicious software detecting platform oriented to the mobile internet, the operations of the user to the application program in the Android sandbox is simulated, the practical behaviors of the application program are practically restored, and the efficiency and accuracy of the Android malicious software detection are improved.

Application Domain

Technology Topic

Android malwareApplication software +4

Image

  • Android malicious software detecting platform oriented to mobile internet
  • Android malicious software detecting platform oriented to mobile internet

Examples

  • Experimental program(1)

Example Embodiment

[0025] The specific embodiments of the present invention are described below with reference to the accompanying drawings, so that those skilled in the art can better understand the present invention. It should be noted that, in the following description, when the detailed description of known functions and designs may dilute the main content of the present invention, these descriptions will be omitted here.
[0026] figure 1 This is a schematic block diagram of the specific implementation of the mobile Internet-oriented Android malware detection platform of the present invention.
[0027] In this embodiment, as figure 1 As shown, the mobile Internet-oriented Android malware detection platform of the present invention includes a client-side task receiving module 1, a server-side task processing module 2, a server-side console module 3, a server-side automatic scanning module 4, and a client-side result analysis and display module 5. The server-side automatic scanning module 4 further includes an APP static analysis module 401 and an APP dynamic analysis module 402.
[0028] The client-side task receiving module 1 receives the user's detection task, constructs various parameters of the detection task, and sends an HTTP request to the server; the server-side task processing module 2 responds to the client's HTTP request, obtains the complete APP according to the parameter URL, and transmits the APP file to the server. Go to the server-side console module 3. After receiving the task, the server-side console module 3 starts a new thread, sets the parameters of the task, and starts the Android virtual machine snapshot; the server-side automatic scanning module 4 decompresses the APP package and obtains AndroidManifest.xml file, send the plaintext file obtained after decompilation to the APP static analysis module 401 for processing, insert monitoring code into the decompressed APP package so that it can be monitored and repackaged during runtime, and the new APP package is sent to the APP dynamic analysis The module 402 processes; the APP dynamic analysis module 402 realizes the control of the Android virtual machine, so that the APP can be automatically installed and run in the sandbox, and finally obtains the log information of the APP operation; the APP static analysis module 401 obtains the APP by analyzing the AndroidManifest.xml file. The application permissions, components and sensitive functions of the program can be used to determine the malicious behavior that the program itself may contain. The results of the APP static analysis module 401 and the APP dynamic analysis module 402 are merged in the server-side automatic scanning module 4 and then sent to the client-side result analysis and display module 5 through the server-side console module 3 for data analysis and display, and the detection is presented to the user. the result of.
[0029] figure 2 Yes figure 1 The schematic block diagram of the server automation scanning module shown.
[0030] The server automatic scanning module is used to realize the dynamic analysis and static analysis of the APP. The whole process does not require human intervention, and the analysis results are more objective and accurate. Through APP dynamic analysis, simulating the user's operation on the APP can restore the usage scenarios of the APP in the actual environment, expose the real behavior of the APP, and effectively solve the defects of the APP dynamic behavior that cannot be obtained in the APP static analysis. The results of static analysis can more comprehensively reflect the behavior characteristics of APP, and it is easier to find malicious behavior of APP;
[0031] like figure 2 As shown, in this embodiment, the server automatic scanning module 4 is divided into an APP static analysis module 401 and an APP dynamic analysis module 402 .
[0032] The server-side automatic scanning module 4 decompresses the APP package, obtains the AndroidManifest.xml file, and sends the plaintext file obtained after decompilation to the APP static analysis module 401 for processing; inserts the monitoring code into the decompressed APP package and repackages the new APP. The package is sent to the APP dynamic analysis module 402 for processing; the APP dynamic analysis module 402 installs the APP in the Android virtual machine sandbox environment, simulates the user to start and operate the APP through the APP automatic control 4021, obtains the API call log of the APP, and forms the operation log of the APP , and hand it over to the server-side automatic scanning module 4; the APP static analysis module 401 obtains the basic information of the APP from the AndroidManifest.xml plaintext file through XML information extraction 4011, including application permissions, components, trigger functions, etc., and forms a static analysis report, which is handed over to The server-side automatic scanning module 4; the server-side automatic scanning module 4 integrates the results of the APP static analysis module 401 and the APP dynamic analysis module 402 to form a final analysis result.
[0033] The mobile Internet-oriented Android malware detection platform of the present invention has the following characteristics:
[0034] 1) Realize a reasonable combination of Android malware static detection and dynamic detection. The entire detection process does not require human intervention, and the analysis results are more objective and accurate.
[0035] 2) Through APP dynamic analysis, simulating the user's operation on the APP can restore the usage scenarios of the APP in the actual environment, expose the real behavior of the APP, and effectively solve the defects of the dynamic behavior of the APP that cannot be obtained in the static analysis of the APP. Combined with the APP The results of dynamic analysis and static analysis can more comprehensively reflect the behavior characteristics of the APP, and it is easier to discover the malicious behavior of the APP.
[0036] Although the illustrative specific embodiments of the present invention have been described above to facilitate the understanding of the present invention by those skilled in the art, it should be clear that the present invention is not limited to the scope of the specific embodiments. For those of ordinary skill in the art, As long as various changes are within the spirit and scope of the present invention as defined and determined by the appended claims, these changes are obvious, and all inventions and creations utilizing the inventive concept are included in the protection list.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Similar technology patents

Classification and recommendation of technical efficacy words

Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products