Method for dynamically detecting malicious behavior in Android App (Application)

A technology of dynamic detection and behavior, applied in the field of mobile Internet, can solve the problems of consuming system resources and unable to guarantee the coverage of sensitive behaviors, and achieve the effect of improving accuracy, overcoming the low coverage rate of dynamic detection, and facilitating testing

Active Publication Date: 2015-08-12
NANJING UNIV OF POSTS & TELECOMM
View PDF5 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This type of method has the following defects: on the one hand, recording these logs will consume a lot of system resources, and these logs contain too much useless information
On the other hand, dynamic execution only runs certain paths in the program, and cannot guarantee the coverage of all sensitive behaviors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for dynamically detecting malicious behavior in Android App (Application)
  • Method for dynamically detecting malicious behavior in Android App (Application)
  • Method for dynamically detecting malicious behavior in Android App (Application)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

[0047] The general process of the preferred embodiment of the inventive method is as figure 1 As shown, the implementation steps are:

[0048] 1. Convert the APK package of the Android application program into the corresponding Java code (the specific flow chart is as follows figure 2 shown):

[0049] Step 1.1) download the APK file that needs to analyze the Android application;

[0050] Step 1.2) Change the suffix of the APK file to zip and decompress it to get the classes.dex;

[0051] Step 1.3) Copy classes.dex to the directory where dex2jar.bat is located;

[0052] Step 1.4) Locate the directory where dex2jar.bat is located under the command line, run dex2jar.batclasses.dex, and generate classes_dex2jar.jar;

[0053] Step 1.5) Enter the jdgui folder and double-click jd-gui.exe, open the jar package classes_dex2jar.jar generated above, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for dynamically detecting a malicious behavior in an Android App (Application), and aims to prevent a user of the Android App from the harms of bad software and a malicious code in the bad software. The method comprises the following steps of acquiring an apk file of an Android App to be analyzed, and decompiling the apk file to obtain decompiled Java codes; then loading the acquired Java codes into a converter to convert the Java codes into intermediate representations for subsequent instrumentation; performing instrumentation operation on the codes by virtue of a Soot tool, namely performing instrumentation at the related code such as a code involving short message and Http (Hyper Text Transport Protocol) link request sending, a code involving dangerous API (Application Programming Interface) calling and a conditional statement to be enforced to extract information, loading the instrumented codes into a compiler, and performing compiling to form a new apk file; running the new file, storing information acquired by instrumentation into a database for further researches, and analyzing log information in the database by using a malicious behavior and good behavior distinguishing method proposed before.

Description

technical field [0001] The invention relates to a method for detecting malicious software aimed at a terminal operating system, and belongs to the technical field of mobile Internet. Background technique [0002] In recent years, with the rapid development of the mobile Internet, smart phones with mobile operating systems have become the mainstream of mobile terminal development. A smartphone is no longer a communication tool in the traditional sense, but more like a handheld computer with its own independent operating system. Among them, the Android mobile terminal operating system based on the Linux kernel is developing most rapidly. [0003] The most notable feature of the Android system is its open source nature. Any user can easily download and install various software applications in the third-party software market without jailbreaking. Among them, there are many malicious software. These malicious softwares regard users' smart terminals as potential attack targets a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
Inventor 张卫丰潘天昊
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap