Method for detecting, removing and recovering malicious codes of Android repackaging malicious software

A malicious code and malicious software technology, applied in the field of malicious software, can solve the problems of stealing user privacy, lack of, and deduction.

Active Publication Date: 2014-10-08
SHANGHAI JIAO TONG UNIV
View PDF4 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] To sum up, at this stage, there is still a lack of a repackaged malicious program that can detect the Android platform, generally such as: using the characteristics of easy decompilation of Android programs, unpacking normal and popular programs, adding them to the background for execution, invisible to the user Malicious code function modules that steal user privacy, perform malicious deduction, or engage in fraud and deception, and then repackage malicious programs that are put into the market to lure users to download

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0020] The specific steps of this embodiment are as follows:

[0021] 1) Establishing a feature library composed of fuzzy hash values ​​for the malicious entry point classes of known malicious programs, specifically referring to: using disassembly technology to extract malicious code fragments in the form of underlying instructions. For Android applications, the instructions of the Dalvik virtual machine can be obtained by disassembling the executable file dex. When an entry point class is considered to be repackaged by a malicious program, the instruction fuzzy hash of this class is used as a feature.

[0022] The feature library uses the fuzzy hash of instructions, divides the instructions of this type into separate basic blocks according to the program control flow graph, and makes a hash value for the sequence of the opcode part of the instruction in each block, only for the instruction opcode The hash of can prevent instruction confusion or string confusion based on opera...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method for detecting, removing and recovering malicious codes of Android repackaging malicious software comprises the steps as follows: a feature library consisting of fuzzy hash codes is established for malicious access point classes of known malicious programs and is used for being matched with access point classes of to-be-detected programs after disassembling; then complete malicious code snippets and malicious code resource files which are added through repackaging are sequentially removed; and finally, code snippets modifying source programs in a repackaging process are found out, and original functions of the code snippets are recovered. According to method, aiming at the main propagation characteristic that malicious code repackaging embedment of the malicious programs is more and more severe in current Android platform, the embedded malicious code parts in the normal programs are detected and removed.

Description

technical field [0001] The present invention relates to a method in the field of mobile communication equipment, specifically a method for detecting, removing and recovering malicious codes of Android repackaged malware, aiming at repacking normal programs on the Android platform and injecting malicious codes. Code malware. Background technique [0002] On the Android platform, the application program is written in java language, which makes the reverse engineering and cracking of the application program easy. There are many tools such as apktool that can be used to help disassemble the executable code of Android applications and decode resource files. Since Android allows self-signed certificates to sign applications and allow the installation of unofficial market applications, once an Android application is disassembled and decoded, code and resource files can be modified or added, re-signed and packaged into a new application. User installation is performed. In order t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 谷大武杨文博李勇张媛媛李卷孺
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap