Method and device for detecting Android malicious software in batch

A malware detection method technology, applied in the field of Android platform application security analysis, can solve the problems of insufficient features and inability to detect malware, and achieve the effect of high accuracy and few omissions

Active Publication Date: 2015-08-12
SHENZHEN GRADUATE SCHOOL TSINGHUA UNIV
View PDF7 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This detection method reduces the matching process to the program control flow chart and only detects the sequence of sensitive system calls, but the characteristics are not sufficient enough to efficiently detect malware

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting Android malicious software in batch
  • Method and device for detecting Android malicious software in batch
  • Method and device for detecting Android malicious software in batch

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The malicious software detection flow chart of the embodiment of the present invention is as follows figure 1 shown. The flowchart is mainly divided into three modules: feature extraction module, AROW (an online classification algorithm) classifier module, and comprehensive evaluation module.

[0024] The feature extraction module extracts the system authority features, program control flow chart features and system call features of the application program, calculates the frequency vectors of each feature (respectively the first frequency vector, the second frequency vector, and the third frequency vector), and combines them into The eigenvectors are integrated, and then the AROW algorithm is used to classify, and the classification result is weighted with the first contribution value of the power record to the malware detection and the second contribution value of the intent record to the malware detection to judge the application program.

[0025] In the feature extr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for detecting Android malicious software in batch, comprising the following steps: A, respectively extracting and calculating a system permissions characteristic, a process control flow chart characteristic of an application program and frequency vectors of a system call characteristic, and combining and splicing the frequency vectors to form comprehensive characteristic vectors; B, using sorting algorithms in the data mining to classify the comprehensive characteristic vectors; C, calculating contribution values of electric quantity record to malicious software detection and intent record to malicious software detection; D, carrying out weighting calculation to the numerical value of classification result and contribution values of electric quantity record and intent record to malicious software detection, judging as the malicious software if the calculating result exceeds a set threshold value, otherwise judging as normal software. The invention has the following advantages: the method and device of the invention can be used for mixing system permissions, a system call and a program control flow chart to form a new feature vector, and detecting the malicious software by using the sorting algorithms with high accuracy and little omission.

Description

technical field [0001] The invention relates to a batch Android malware detection method and device, and belongs to the technical field of Android platform application security analysis. technical background [0002] With the rapid development of the mobile Internet, smart phones with mobile operating systems have been widely used. No longer limited to ordinary communication functions, smart phones have an independent operating system, so people can use smart phones to send and receive emails, shop, trade, etc. anytime, anywhere. The mobile Internet market has revealed its huge value. In this context, security risks also follow: there are more and more malware and phishing websites, and there are more and more risky application scenarios such as public Wi-Fi. Compared with other operating systems, with the increasing market share of the Android smartphone operating system based on the linux kernel, Android phones have become the most important attack target of malware. [...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
Inventor 肖喜肖仙妮江勇付鹏李清夏树涛
Owner SHENZHEN GRADUATE SCHOOL TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap