Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Attack tree model based Android software hybrid detection method

A detection method and attack tree technology, applied in the field of mobile security, can solve problems such as hard-to-cover state, unexecuted malicious code segment, and inability to analyze program behavior, etc.

Inactive Publication Date: 2015-11-18
TIANJIN UNIV
View PDF4 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Existing Android malware detection schemes can be divided into two types: static analysis and dynamic analysis according to the selected features, but both detection methods have their own shortcomings. Static analysis analyzes APK files through reverse engineering, and the execution efficiency is high, but It is difficult to cover all runtime states, and it is impossible to analyze the program behavior that can only be determined at runtime; dynamic analysis detects based on runtime characteristics, such as power consumption and system calls, etc. Dynamic analysis is relatively accurate, but it faces the problem that malicious code segments are not executed, and at the same time Extensive detection can cause significant system overhead

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack tree model based Android software hybrid detection method
  • Attack tree model based Android software hybrid detection method
  • Attack tree model based Android software hybrid detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] Specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. If there are exemplary contents in these embodiments, they should not be construed as limiting the present invention.

[0022] Such as figure 1 Shown is the overall framework of the Android software hybrid detection method based on the attack tree model of the present invention. Establish an attack tree model before the actual detection, use the attack tree model to analyze various malware attack types, establish the connection between the attack target and the basic capabilities of the software, and formulate a series of dynamic behavior detection rules for each attack path; The static analysis process extracts program permissions, API, and component information. The former two are used for software attack capability detection, and the latter is used for behavior triggering in dynamic analysis; dynamic analysis selects runtime detection points ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention discloses an attack tree model based Android software hybrid detection method comprising the steps of: using an attack tree model to analyze attack types of various malware, and making a series of dynamic behavior detection rules for each attack path; then, performing hybrid detection including static analysis and dynamic analysis, wherein the static analysis realizes attack ability detection of to-be-tested software, and an analog system event in the dynamic analysis triggers to-be-tested software behaviors of a program; selecting a detecting point during software running by the dynamic analysis according to a result of the attack ability detection of the to-be-tested software, and loading and combining behavior rules; and according to to-be-tested software behaviors of an event trigger program of a component information analog system, forcing the to-be-tested-software to run fully, and performing to-be-tested-software behavior detection according to the behavior rules so as to identify malware. In contrast to the prior art, the attack tree model based Android software hybrid detection method organically combines static analysis and dynamic analysis methods to realize effective detection of malware threatening.

Description

technical field [0001] The invention relates to the field of mobile security, in particular to a hybrid detection technology combining software static detection and dynamic detection, which can detect malicious software based on an attack tree. Background technique [0002] The Android system is an open source mobile phone operating system developed by Google based on Linux. This platform is the first fully customizable, free and open mobile phone platform. In recent years, the Android system has been adopted by more and more mobile phone manufacturers due to its good user experience and high openness. Recent research shows that the Android system now occupies 75% of the smartphone market and maintained a high growth rate of 51.3% in 2013. [0003] The emergence of smart phones has facilitated people's lives, but the accompanying security issues have become increasingly prominent, especially in mobile phones that often store a large amount of personal and private informatio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 李晓红郭千宇赵帅饶国政陈世展
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products