Dalvik instruction abstraction-based Android malicious code detection method

A malicious code detection and abstraction technology, applied in the field of malicious code detection, can solve the problems of poor speed and low effectiveness, and achieve high detection rate, improved efficiency, and good scalability

Active Publication Date: 2016-11-09
ZHEJIANG UNIV OF TECH
View PDF2 Cites 46 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In order to overcome the shortcomings of poor rapidity and low effectiveness of existing Android malicious code detection methods, the present invention provides a fast and effective Android malicious code detection method based on Dalvik instruction abstraction

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dalvik instruction abstraction-based Android malicious code detection method
  • Dalvik instruction abstraction-based Android malicious code detection method
  • Dalvik instruction abstraction-based Android malicious code detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The present invention will be further described below in conjunction with the accompanying drawings.

[0023] refer to figure 1 and figure 2 , a kind of Android malicious code detection method based on Dalvik instruction abstraction described detection method comprises the steps:

[0024] 1) Malicious code detection and classification model training, the process is as follows:

[0025] 1.1) Determine the training set for training the malicious code detection model. The training set is divided into two subsets, one is a collection of malicious APK samples, and the other is a collection of non-malicious sample APKs; the APK file format usually includes a classes.dex file, and the Dex file Encapsulate the Dalvik bytecode that can be executed by the Dalvik virtual machine, use the tool Apktool to disassemble the APK file, and you can get a file directory containing the smali source code. The smali directory structure corresponds to the src directory of the Java source co...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Dalvik instruction abstraction-based Android malicious code detection method. The method comprises the following steps of 1) detecting a malicious code and training a classification model: extracting a Dalvik operation code from a smali file, performing abstraction simplification to obtain an instruction symbol, performing statistics and normalization processing on N-Gram sequence characteristics of the abstract Dalvik instruction symbol, and finally establishing a malicious code detection model and a malicious family classification model by adopting a machine learning-based classification algorithm; and 2) preprocessing a to-be-detected APK file firstly, extracting Dalvik instruction characteristics, performing abstraction simplification and N-Gram serialization processing, and preliminarily judging whether the code is a malicious code or not through detection of the malicious code detection model; and if not, directly giving a detection result, or if yes, obtaining a malicious code family type further through the malicious family classification model. The method is high in speed and relatively high in validity.

Description

technical field [0001] The invention relates to the technical field of malicious code detection, in particular to a method for detecting Android malicious codes. Background technique [0002] With the development of the mobile Internet, mobile smart terminals are becoming more and more popular, and the types and quantities of mobile applications are showing rapid growth. Smartphones have become the most commonly used tools for Internet users. Statistics from Gartner show that in the fourth quarter of 2015, the global sales volume of smartphones was more than 400 million units, of which the Android system accounted for 80.7%. As of February 1, 2016, the number of applications on Google Play, the official Android application market, is close to 2 million. At the same time, the types and numbers of mobile malicious applications are also showing rapid growth. According to the 2015 Mobile Security Virus Annual Report released by Aliju Security, 18% of Android devices have been i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563G06F2221/033
Inventor 陈铁明杨益敏
Owner ZHEJIANG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap