Android application real-time behavior based malicious software detection method and system

A malicious software and detection method technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve the problem of low analysis accuracy, achieve the effect of improving accuracy, improving detection accuracy, and improving accuracy

Active Publication Date: 2016-07-27
南京蜻蜓智慧农业研究院有限公司
View PDF3 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This static detection technology is easy to operate and has low system overhead. However, for obfuscated code, it is difficult for the static detection method to accurately detect malware. For the traditional dynamic detection technology, sandbox is used to simulate the software to be tested. Run, extract malicious behaviors separately for comparison, the accuracy of such analysis is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android application real-time behavior based malicious software detection method and system
  • Android application real-time behavior based malicious software detection method and system
  • Android application real-time behavior based malicious software detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The invention will be described in further detail below in conjunction with the accompanying drawings.

[0033] The present invention adopts a dynamic detection method based on the real-time behavior of the Android application. Firstly, by classifying a large number of behavior sequence samples, the required behavior characteristic model is obtained, and at the same time, the system index information related to the behavior characteristic model is screened and sorted, and then monitored For the application to be tested, record the application's behavior and system index information, map the obtained behavior sequence, and compare it with the information in the database to obtain the detection result.

[0034] The detection process detailed diagram of the present invention is as figure 1 shown, including:

[0035] Step 1: Collect several malicious applications and normal applications to form a sample library, install the server-side samples into the system simulator thr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an android application real-time behavior based malicious software detection method and system. The method comprises the steps of collecting a behavior sequence set of malicious software and a behavior sequence set of normal software as well as system index information corresponding to the behavior sequence sets of the malicious software and the normal software to form sample libraries; classifying and screening the sample libraries; establishing a behavior characteristic sequence model, arranging the corresponding system index information, and storing the information in a database; monitoring software in operation, and generating a corresponding log, wherein the log contains behavior sequences and the system index information; comparing the behavior sequences with a characteristic model in the database, and performing analysis and decision; and feeding back a detection result, and if the software is the malicious software, giving out corresponding suggestions. Compared with the prior art, the method and system have the advantages that the behavior sequences and the system index information of the software are simultaneously recorded; and by comparing the behavior characteristic sequences in the database, locating to a malicious behavior region, comparing the system index system and performing analysis and decision, the accuracy of detecting the malicious software is improved from qualitation to quantification.

Description

technical field [0001] The invention relates to the technical field of mobile communication security, in particular to a malware detection method and system based on real-time behavior of Android applications. Background technique [0002] Among the mainstream smartphone operating systems, Google's Android has become the world's largest smartphone operating system in just a few years due to its powerful functions and convenient open source. According to Gartner's report, as of the first quarter of 2015, the global smartphone sales reached 336 million, among which smartphones using the Android platform have accounted for more than 75% of the entire share. However, according to a report released by the market research organization GDATA, there were 500,000 new malicious applications on the Android platform in the first quarter of 2015, a year-on-year increase. According to GDATA, on average, a new malicious program is "born" on the Android platform every 18 seconds, and there...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & AuthorityApplications(China)
IPC IPC(8): G06F21/56G06F21/55
CPCG06F21/552G06F21/566
Inventor孙知信邢府纬宫婧骆冰清
Owner南京蜻蜓智慧农业研究院有限公司