Dynamic behavior analysis method for mobile intelligent terminal software based on support vector machine algorithm
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A mobile intelligent terminal and behavior analysis technology, applied in the direction of platform integrity maintenance, etc., can solve problems such as large impact, and achieve efficient detection effect
Inactive Publication Date: 2015-07-01
CHANGSHU RES INSTITUE OF NANJING UNIV OF SCI & TECH
View PDF3 Cites 22 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
It is the expansion of the user scale that causes mobile smart terminals to face increasingly serious threats. Due to their own characteristics, these harmful behaviors come from vario
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0018] combine figure 1 , the present invention relates to a dynamic behavior analysis method of mobile intelligent terminal software based on SVM algorithm, the steps are as follows:
[0019] In the first step, the terminal executes the software, and captures the API functions called when the software is running.
[0020] The second step is to analyze the Native API call sequence related to 5 sensitive behaviors. The 5 sensitive behaviors are privileged behavior, process behavior, file behavior, network behavior and terminal memory operation behavior, and count the Native API functions related to these 5 sensitive behaviors. frequency of calls.
[0021] The third step is to use the call frequency as the dynamic behavior feature of the software, send it to the cloud to use the SVM algorithm to model and train the classifier, and finally use the learned classifier to detect malicious software behavior.
Embodiment 2
[0023] combine figure 2 , a dynamic behavior analysis method for mobile intelligent terminal software based on the SVM algorithm, the steps are as follows:
[0024] The first step is to run the sample software, use HOOK API technology to capture the system API function call sequence of the software, and count the call frequency of 5 sensitive behavior-related Native API functions. These five sensitive behaviors are privileged behavior, process behavior, file behavior, network behavior and terminal memory operation behavior.
[0025] 1. Find out the entry addresses corresponding to the system calls of the five sensitive behaviors in the system.
[0026] 2. Use HOOK technology to intercept system calls through the entry address, and capture the respective API call sequences. The key code is as follows:
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention discloses a dynamic behavior analysis method for mobile intelligent terminal software based on a support vector machine (SVM) algorithm. The method comprises the steps: the first step, capturing application program interface (API) function called in the software running by the terminal execution software; the second step, analyzing the NativeAPI calling sequence related to five sensitive behaviors, wherein five sensitive behaviors are the privilege behavior, progress behavior, document behavior, network behavior and terminal memory operation behavior, and calculating the calling frequency of the NativeAPI function related to five sensitive behaviors; the third step, using the calling frequency as the dynamic behavior characteristic of the software, sending to the cloud end, modeling by using the SVM algorithm and training the classifier, and finally detecting the malignant software behavior by using the trained classifier. The method uses the dynamic detection technology and cannot be affected by the deformation and packing encryption technology, and the method is capable of analyzing and detecting the self-modifying program, making up the lack that the static behavior cannot detect the variety behavior, and effectively detecting the vicious software behavior.
Description
technical field [0001] The invention belongs to the field of computer monitoring, in particular to a dynamic behavior analysis method of mobile intelligent terminal software based on SVM algorithm. Background technique [0002] With the rapid development of the mobile Internet, mobile smart terminals have been rapidly popularized, inadvertently affecting people's lifestyles and changing the future industrial structure. It is the expansion of the user scale that causes mobile smart terminals to face increasingly serious threats. Due to their own characteristics, these harmful behaviors come from various aspects and are very complicated. Among many security threats, the hazards caused by malicious software behavior It is faced by almost all users and has the greatest impact. It is imminent to study how to detect malicious software behavior, so as to provide security for mobile smart terminals. [0003] Current software analysis techniques are mainly divided into dynamic meth...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more
IPC IPC(8): G06F21/56
Inventor 李千目李嘉张宏
Owner CHANGSHU RES INSTITUE OF NANJING UNIV OF SCI & TECH
Login to view more 
Login to view more