Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Dynamic behavior analysis method for mobile intelligent terminal software based on support vector machine algorithm

A mobile intelligent terminal and behavior analysis technology, applied in the direction of platform integrity maintenance, etc., can solve problems such as large impact, and achieve efficient detection effect

Inactive Publication Date: 2015-07-01
CHANGSHU RES INSTITUE OF NANJING UNIV OF SCI & TECH
View PDF3 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It is the expansion of the user scale that causes mobile smart terminals to face increasingly serious threats. Due to their own characteristics, these harmful behaviors come from various aspects and are very complicated. Among many security threats, the hazards caused by malicious software behavior It is faced by almost all users, and it is also the most influential

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic behavior analysis method for mobile intelligent terminal software based on support vector machine algorithm
  • Dynamic behavior analysis method for mobile intelligent terminal software based on support vector machine algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0018] combine figure 1 , the present invention relates to a dynamic behavior analysis method of mobile intelligent terminal software based on SVM algorithm, the steps are as follows:

[0019] In the first step, the terminal executes the software, and captures the API functions called when the software is running.

[0020] The second step is to analyze the Native API call sequence related to 5 sensitive behaviors. The 5 sensitive behaviors are privileged behavior, process behavior, file behavior, network behavior and terminal memory operation behavior, and count the Native API functions related to these 5 sensitive behaviors. frequency of calls.

[0021] The third step is to use the call frequency as the dynamic behavior feature of the software, send it to the cloud to use the SVM algorithm to model and train the classifier, and finally use the learned classifier to detect malicious software behavior.

Embodiment 2

[0023] combine figure 2 , a dynamic behavior analysis method for mobile intelligent terminal software based on the SVM algorithm, the steps are as follows:

[0024] The first step is to run the sample software, use HOOK API technology to capture the system API function call sequence of the software, and count the call frequency of 5 sensitive behavior-related Native API functions. These five sensitive behaviors are privileged behavior, process behavior, file behavior, network behavior and terminal memory operation behavior.

[0025] 1. Find out the entry addresses corresponding to the system calls of the five sensitive behaviors in the system.

[0026] 2. Use HOOK technology to intercept system calls through the entry address, and capture the respective API call sequences. The key code is as follows:

[0027] size_t hook_sysread(int fd, ehar*buf, size_t count)

[0028] {

[0029] / / Add statistics function

[0030] return orig_read(fd,buf,count);

[...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a dynamic behavior analysis method for mobile intelligent terminal software based on a support vector machine (SVM) algorithm. The method comprises the steps: the first step, capturing application program interface (API) function called in the software running by the terminal execution software; the second step, analyzing the NativeAPI calling sequence related to five sensitive behaviors, wherein five sensitive behaviors are the privilege behavior, progress behavior, document behavior, network behavior and terminal memory operation behavior, and calculating the calling frequency of the NativeAPI function related to five sensitive behaviors; the third step, using the calling frequency as the dynamic behavior characteristic of the software, sending to the cloud end, modeling by using the SVM algorithm and training the classifier, and finally detecting the malignant software behavior by using the trained classifier. The method uses the dynamic detection technology and cannot be affected by the deformation and packing encryption technology, and the method is capable of analyzing and detecting the self-modifying program, making up the lack that the static behavior cannot detect the variety behavior, and effectively detecting the vicious software behavior.

Description

technical field [0001] The invention belongs to the field of computer monitoring, in particular to a dynamic behavior analysis method of mobile intelligent terminal software based on SVM algorithm. Background technique [0002] With the rapid development of the mobile Internet, mobile smart terminals have been rapidly popularized, inadvertently affecting people's lifestyles and changing the future industrial structure. It is the expansion of the user scale that causes mobile smart terminals to face increasingly serious threats. Due to their own characteristics, these harmful behaviors come from various aspects and are very complicated. Among many security threats, the hazards caused by malicious software behavior It is faced by almost all users and has the greatest impact. It is imminent to study how to detect malicious software behavior, so as to provide security for mobile smart terminals. [0003] Current software analysis techniques are mainly divided into dynamic meth...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
Inventor 李千目李嘉张宏
Owner CHANGSHU RES INSTITUE OF NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com