Static analysis method and static analysis device for Android application program

A static analysis and application technology, applied in computer security devices, instruments, electronic digital data processing, etc., can solve the problem of inability to effectively detect and confirm mobile phone virus attack behaviors, so as to reduce the risk of misjudgment and reduce misjudgment the effect of reducing the probability of misjudgment

Inactive Publication Date: 2014-05-14
BEIJING UNIV OF POSTS & TELECOMM +1
View PDF0 Cites 43 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The current mainstream mobile phone virus is a virus that includes a client and a server. It only shows virus characteristics when the server issues commands. Unlike traditional viruses with fixed and static characteristics, mobile phone viruses are dynamically variable, so based on The detection method of dynamic detection technology cannot effectively discover and confirm the attack behavior of mobile phone viruses

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Static analysis method and static analysis device for Android application program
  • Static analysis method and static analysis device for Android application program
  • Static analysis method and static analysis device for Android application program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] S1. Decompress the application program to be tested, extract the Classes.dex file, and decompile the Classes.dex file to obtain the Smali file;

[0045] S2. Traversing the Smali file, obtaining source code information, and constructing a control flow graph and a data flow graph of the source code information;

[0046] S3. Analyzing the source code information, constructing a malicious behavior judgment engine; traversing the control flow graph and the data flow graph according to the user behavior judgment engine, and comparing the API of the application program with the predefined malicious behavior library (as shown in Table 2) shown) to match the APIs respectively, and mark the APIs of the successfully matched applications as malicious behavior APIs;

[0047] S4. Obtain the weights of the malicious behavior APIs according to the predefined malicious behavior library; obtain the malicious measurement value of the application program under test according to the weights o...

Embodiment 2

[0071] The decompilation module is used to decompress the application program under test, extract the Classes.dex file, and decompile the Classes.dex file to obtain the Smali file;

[0072] A source code syntax parsing module for traversing the Smali file, obtaining source code information, and constructing a control flow graph and a data flow graph of the source code information;

[0073] The malicious behavior API analysis module is used to analyze the source code information and build a malicious behavior judgment engine; according to the user behavior judgment engine, it traverses the control flow graph and the data flow graph, and compares the API of the application program with the predefined malicious behavior The APIs in the library are matched separately, and the APIs of the successfully matched applications are marked as malicious behavior APIs;

[0074] The comprehensive judgment module obtains the weights of the malicious behavior APIs respectively according to the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a static analysis method and a static analysis device for an Android application program and relates to the technical field of security detection. The static analysis method includes: S1, unzipping an application program to be detected to obtain a Smali file; S2, traversing the Smali file to acquire a source code information and structuring a control flow diagram and a data flow diagram of the source code information; S3, traversing the control flow diagram and the data flow diagram according to a malicious behavior judging engine to respectively match an API (application program interface) of the application program with another API in a predefined malicious behavior library and marking the successfully matched API of the application program as the malicious behavior API; S4, calculating the malicious measuring value of the application program to be detected; S5, matching the malicious measuring value with a predefined malicious degree index to acquire risk level of the application program to be detected. Through behavior analysis and comprehensive judgment of combined rules, misjudgment rate of virus detection upon the Android application program can be reduced.

Description

technical field [0001] The invention relates to the technical field of security detection, in particular to a static analysis method and device for an Android application program. Background technique [0002] At present, there are many researches on Android application detection methods. Common detection tools include: DroidRange, TaintDroid, AppInspector, etc. The technologies used are usually static detection technology and dynamic detection technology based on signatures. The static detection technology based on the virus signature code is executed before the virus runs, and the virus program file is detected, and if the virus signature is found, it is judged to be a virus; in addition, there is a combination of the virus scanning signature technology and the heuristic technology Define the pre-scanning operation based on the virus prevention experience, divide the virus signature database into some specific categories, and then classify the virus first and then scan the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 郭燕慧李静董航李承泽张程鹏费会董枫胡阳雨杨昕雨胡鸽
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap