Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for malicious code detection based on virtual technology in Android system

A malicious code detection and Android system technology, applied in the field of malicious code detection based on virtual technology, to achieve the effect of real and more accurate simulation execution results, guaranteed detection results, and small memory usage

Inactive Publication Date: 2016-09-28
WUHAN ANTIY MOBILE SECURITY
View PDF0 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Malicious codes under the current Android system show a more complex development trend. It uses more complex obfuscation and encryption methods, and the encryption algorithm usually uses a custom algorithm, which brings great challenges to the static detection of malicious codes. Malicious codes will Sensitive strings, execution codes, and execution module files are encrypted, so that the existing static detection schemes cannot effectively detect them intelligently

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for malicious code detection based on virtual technology in Android system
  • Method and system for malicious code detection based on virtual technology in Android system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0035] The present invention provides an embodiment of a method for detecting malicious codes based on virtual technology under the Android system, such as figure 1 shown, including:

[0036]S101: Perform format identification and analysis on executable files under the Android system, and determine the distribution position of the code blocks of each executable file in the memory. This process supports format identification and analysis of various executable files, including APK, DEX , ELF, OAT and other formats of executable files;

[0037] S102: Parse the code instruction...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for malicious code detection based on a virtual technology in an Android system. The method comprises the steps that at first, executable files in the Android system are recognized and analyzed; machine instructions of each executable file are split; the virtual technology is used to simulate execution of the machine instructions and simulate a physical environment required during running of the instructions; possible system calling and API calling are also simulated; sensitive information generated during the simulated execution and the simulated calling is monitored and recorded; and finally the sensitive information is matched with matched characteristics in a rule base, and whether an executable file containing a malicious code exists is determined. The method and the system disclosed by the invention make up deficiencies in existing technologies aiming at malicious code static detection in the Android system and conduct deep detection of the malicious codes in the Android system.

Description

technical field [0001] The invention relates to the technical field of malicious code monitoring, in particular to a method and system for detecting malicious codes based on virtual technology under an Android system. Background technique [0002] Malicious codes under the current Android system show a more complex development trend. It uses more complex obfuscation and encryption methods, and the encryption algorithm usually uses a custom algorithm, which brings great challenges to the static detection of malicious codes. Malicious codes will Sensitive character strings, execution codes, and execution module files are encrypted, so that existing static detection schemes cannot effectively detect them intelligently. [0003] The Android system currently supports a variety of executable file formats, such as APK, DEX, ELF, etc., and a new runtime environment ART has been added after Android4.4. The executable file format in this runtime environment is OAT, Android5 After .0,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
Inventor 潘博文乔伟
Owner WUHAN ANTIY MOBILE SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products