Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Precaution method for Android malicious application program based on code behavior similarity matching

A malicious application and similarity matching technology, which is applied in the direction of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve problems such as false positives and false positives, low analysis code coverage, detection accuracy and practicability, etc. Achieve the effect of improving detection effect, reducing pressure and optimizing configuration

Inactive Publication Date: 2016-08-24
NANJING UNIV OF POSTS & TELECOMM
View PDF6 Cites 55 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the static analysis in the method only analyzes the API call, and cannot fully judge the purpose of the API call, which is prone to generate a large number of false positives and false positives, and is not feasible for a large number of code obfuscated programs in reality.
The dynamic analysis technology in the method is only to verify the suspicious points of static analysis, the analysis code coverage is low, and the triggering of some events is often random, which will reduce the detection accuracy and practicability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Precaution method for Android malicious application program based on code behavior similarity matching
  • Precaution method for Android malicious application program based on code behavior similarity matching
  • Precaution method for Android malicious application program based on code behavior similarity matching

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The specific implementation of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0038] The structure diagram of the present invention is as follows figure 1 As shown, the architecture of the present invention is mainly divided into two parts: the analysis tool client and the analysis tool server carried by the smart terminal. Here, a light client and heavy server system design is adopted. The client is essentially an Android application, which is responsible for lightweight information extraction, and the server is responsible for heavy data analysis. The server side is composed of knowledge database, Android virtual machine and analysis software. This architecture is suitable for the reality of resource constraints such as power, computing, and storage of smart termin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a precaution method for an Android malicious application program based on code behavior similarity matching. The method comprises the following steps: establishing an application information knowledge base; detecting a repacked malicious program by comparing the characteristics of a homonymic program in the application information knowledge base by a difference verifying module; performing high coverage analysis on an application code by a static analysis module and extracting the permission related to privacy information and API calling information; simulating the program running in a sandbox by a dynamic analysis module, detecting the system calling and the LKM parameter related to the calling, and tracking the specific behavior of recording application; to constructing a multi-dimensional feature vector by utilizing log information through a clustering judging module, performing similarity matching on each feature vector of the malicious application and judging the attribution of the application. According to the method, The light client and heavy server system design is adopted, the client is responsible for lightweight information extraction, the server is responsible for heavy data analysis, and the method can effectively adapt to the reality of resource shortage of electric quantity, operation, storage and the like of the intelligent terminal.

Description

technical field [0001] The invention relates to the field of computer malicious software detection or processing, in particular to a method for preventing Android malicious application programs based on code behavior similarity matching. Background technique [0002] Android is a Linux-based open source operating system developed by Google, mainly used in mobile devices. An Android application is a collection of command sequences written in a computer language developed and run on the Android system in order to complete one or more specific tasks. It is a tool for smart terminals to interact with users and fulfill user needs. Android applications belong to the application layer of the overall architecture of the Android system. In addition to the basic applications built into the system, including desktop, email, phone, SMS, etc., third-party applications written in Java language and local code are more commonly used and interactive by users. Add, expand and optimize the fu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/563G06F21/566
Inventor 孙知信邰淳亮洪汉舒宫婧陈梓洋
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com