Method and device for identifying malicious application

A malicious application and identification method technology, applied in the field of malicious application identification method and device, can solve the problems of high technical implementation and maintenance costs, low identification accuracy, etc., to improve accuracy, comprehensive and more reliable data, and reduce development and maintenance costs and time cost effects

Active Publication Date: 2016-11-16
MICRO DREAM TECHTRONIC NETWORK TECH CHINACO
View PDF10 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] Embodiments of the present invention provide a method and device for identifying malicious applications to solve the problems of low identification accuracy of malicious applications and high cost of technical implementation and maintenance in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for identifying malicious application
  • Method and device for identifying malicious application
  • Method and device for identifying malicious application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0076] Embodiment 1 of the present invention provides a specific implementation method for the above-mentioned malicious application identification, the process of which is as follows image 3 shown, including the following steps:

[0077] Step S301: Obtain the application program file to be detected.

[0078] Step S302: Run the obtained application program file in the emulator.

[0079] Step S303: Obtain the memory image when the application file is running.

[0080] When obtaining the memory image, you can use the preset script plug-in to define the memory mapping storage address of the Dalvik virtual machine-related variables, such as common static variables, class objects, etc., so as to facilitate variable acquisition and positioning during processing (ie Where can the variables required for analysis be obtained), the script written can obtain the memory address offset of the global variable DvmGlobals object, so as to obtain the memory image of the application file fro...

Embodiment 2

[0091] Embodiment 2 of the present invention provides a specific implementation method for the above-mentioned identification of malicious applications, the process of which is as follows Figure 4 shown, including the following steps:

[0092] Step S401: Obtain the application program file to be detected.

[0093] Step S402: Run the obtained application program file in the emulator.

[0094] Step S403: Obtain the memory image of the running application file.

[0095] Step S404: Check whether the data transmitted by the application program contains sensitive information according to the dynamic information processed by the memory contained in the acquired memory image of the application program file.

[0096] For the inspection of the dynamic memory image, it can be inspected from at least one selected dimension, for example: the dimension of whether sensitive information is contained in the data transmitted from the application. Information in the transmitted data containe...

Embodiment 3

[0103] Embodiment 3 of the present invention provides a specific implementation method for the above-mentioned identification of malicious applications, the process of which is as follows Figure 5 shown, including the following steps:

[0104] Step S501: Obtain the application program file to be detected.

[0105] Step S502: Run the obtained application program file in the emulator.

[0106] Step S503: Obtain the memory image of the application file running.

[0107] Step S504: The acquired dynamic information contained in the memory image of the application file is processed by the memory.

[0108] Get the dynamic information contained in the memory image of the application file, which may include the behavior footprint of the application, the data transmitted by the application, and so on.

[0109] Step S505: Check whether the behavior footprint of the application program has any illegal behavior footprint. If yes, execute step S508; if not, execute step S506 for furthe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Embodiments of the invention provide a method and a device for identifying a malicious application. The method comprises the following steps of obtaining a to-be-detected application file and running the application file in a simulator; obtaining a memory image when the application file runs; and carrying out dynamic memory review on the obtained memory image and determining whether the application file is the malicious application according to a dynamic memory review result. According to the method and the device, the malicious application can be more completely and reliably identified, the identification accuracy is high, and the development cost and the maintenance cost are low.

Description

technical field [0001] The invention relates to the technical field of network application security, in particular to a malicious application identification method and device. Background technique [0002] With the development of Internet technology, there are more and more network applications. Various applications greatly facilitate people's daily life. Hidden danger. In order to reduce and avoid various threats and hidden dangers caused by malicious applications to users, some technical means will also be used to detect and block malicious applications. [0003] At present, the commonly used methods for detecting malicious applications include hook-based malicious application detection schemes and custom Android-based malicious application detection schemes. Both of these schemes are implemented by simulating loading applications and intercepting log information. Obtaining test results. in: [0004] The hook-based malicious application detection scheme mainly uses the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/56
CPCG06F21/566H04L63/1416H04L63/1425H04L63/145
Inventor 夏宇天
Owner MICRO DREAM TECHTRONIC NETWORK TECH CHINACO
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap