Multi-feature mobile terminal malicious software detecting method based on network flow and multi-feature mobile terminal malicious software detecting system based on network flow
A network traffic and malware technology, applied in the field of detecting malware network behavior, can solve the lack of mobile terminal malware network interaction behavior characteristics, lack of unknown malware capabilities, and lack of mobile terminal network traffic characteristics. Systematic summary detection method, etc. problems, to achieve the effect of meeting individual needs, improving accuracy, and improving the accuracy of detection
Active Publication Date: 2015-11-04
UNIV OF JINAN
View PDF3 Cites 60 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0005] (1) Existing methods for detecting malware based on mobile terminal network traffic are only limited to a certain type of feature, for example, only using DNS features for malware detection, lacking a systematic summary and analysis of mobile terminal network traffic characteristics. Detection methods for different types of network traffic characteristics
[0006] (2) The existing network traffic behavior characteristics based on mobile terminals often only focus on the stati...
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0075] The present invention is described in detail below in conjunction with accompanying drawing:
[0076] A multi-feature mobile terminal malware detection method based on network traffic, combined with the embodiments, the specific working process is:
[0077] 1. Feature extraction and classification of features. First, according to the characteristics that can effectively characterize the network behavior of mobile terminal malware, design the corresponding feature extraction program to complete the feature extraction from the original network traffic data; secondly, classify the features according to different feature types. For example, for the domain name query of DNS requests, the ratio of traffic upload and download, connection duration, port number, behavior sequence diagram and other characteristics that can effectively characterize the behavior of mobile terminal malware, design corresponding feature extraction programs; then, for these features According to diff...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more PUM
Login to view more Abstract
The invention discloses a multi-feature mobile terminal malicious software detecting method based on network flow and a multi-feature mobile terminal malicious software detecting system based on the network flow. The method comprises the following steps of: extracting features capable of effectively representing mobile terminal malicious software network behaviors from network flow data; classifying the extracted features capable of effectively representing the mobile terminal malicious software network behaviors according to different feature types; building detecting models adapting to the classified features, wherein each kind of types has one corresponding unique detecting model; and selecting the corresponding detecting model for each kind of features, and outputting the corresponding detecting result. By aiming at different feature types of the mobile terminal network flow, the detecting models adapting to different feature types are designed; a user can select the required model by the self according to requirements; the detecting accuracy can be improved to a certain degree through different detecting models designed by aiming at different feature types; and the individualized requirements of the user are met.
Description
technical field [0001] The invention relates to a method for detecting malicious software network behavior by using mobile terminal network traffic, in particular to a detection method and system for designing corresponding different detection models for multi-type characteristics of mobile terminal network traffic. Background technique [0002] With the widespread use of mobile terminals, especially the rapid popularization of smart phones, mobile smart terminals have brought great changes to modern society. Since entering the 21st century, we have quickly entered the mobile era. The mobile phone is no longer limited to communication services in the traditional sense, but has become a powerful terminal integrating e-commerce, personal payment, social entertainment and other functions. According to Gartner's report statistics, in 2014, the global mobile phone market has reached 3.5 billion units (including 2.7 billion Android systems), which has exceeded the number of PCs, a...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more Application Information
Patent Timeline
Login to view more IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 陈贞翔杨波韩泓波彭立志张蕾孙润元
Owner UNIV OF JINAN
Who we serve
- R&D Engineer
- R&D Manager
- IP Professional
Why Eureka
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Social media
Try Eureka
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap