Android malicious code detection system and method based on Opcode backtracking

A malicious code detection and detection object technology, applied in the field of mobile terminal malicious code detection, can solve the problems of false positives, false positives, and difficulty in achieving detection results, and achieve good detection results and flexible detection effects

Active Publication Date: 2014-07-02
WUHAN ANTIY MOBILE SECURITY
View PDF4 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This kind of method has some problems of false positives and false

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malicious code detection system and method based on Opcode backtracking
  • Android malicious code detection system and method based on Opcode backtracking
  • Android malicious code detection system and method based on Opcode backtracking

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0031] The present invention provides an Android malicious code detection system and method based on Opcode backtracking, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to enable the above objectives, features and advantages of the present invention To be more obvious and easy to understand, the technical solution of the present invention will be further described in detail below in conjunction with the accompanying drawings:

[0032] The present invention first provides an Android malicious code detection system based on Opcode backtracking, such as figure 1 Shown, including:

[0033] The rule library 101 is used to customize the detection strategy according to the object to be detected, including: initial call API, detection rule and virus name; and put the initial call API as the name to be matched into the queue; wherein, the rule library can be used Formats such as XML or json;

[0034] F...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an android malicious code detection system and method based on Opcode backtracking. The method includes the steps that firstly, a rule base is established, and detection strategies are customized by the rule base according to an object to be detected; an API called initially is placed in a queue as a name to be matched; the name to be matched is read from the queue, and names of functions called by all Opcode instructions are obtained by using a dex analysis and Opcode disassembling module; the names of the called functions are contrasted with the name to be matched, the name of the function where the successfully matched Opcode instruction belongs is placed in the queue as a name to be matched, the operations are repeated until the queue is empty, whether a called relational tree conforms to detection rules customized in the rule base or not is analyzed and judged on the basis of the rule base, and if yes, the relational tree is a malicious sample; otherwise the relational tree is safe. According to the Android malicious mode detection system and method based on Opcode backtracking, the problems of false alarm and alarm failure in an existing malicious code detection method can be well solved.

Description

technical field [0001] The invention relates to the technical field of mobile terminal malicious code detection, in particular to an Android malicious code detection system and method based on Opcode backtracking. Background technique [0002] With the development of the mobile Internet and the increasing popularity of smart mobile terminals, user information security is increasingly threatened by malicious codes. All kinds of new malicious codes emerge in an endless stream, which brings new problems to existing detection technologies. [0003] At present, various security vendors have proposed many detection methods in the field of mobile terminal malicious code detection, mainly in the following categories. [0004] The first type of method is to calculate the installation file of the android APK file to obtain a characteristic value, such as the MD5 of the APK file, and detect the malicious code through the characteristic value. However, there are limitations in this de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/562
Inventor 袁海涛潘宣辰肖新光
Owner WUHAN ANTIY MOBILE SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap