Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Android malicious software detection system and Android malicious software detection method based on signature and data flow mode excavation

A malicious software and pattern mining technology, applied in the direction of electronic digital data processing, instrument, platform integrity maintenance, etc., can solve the problems of high requirements for classification features, inability to solve false positives, easy to generate false positives, etc., to improve detection speed , Improve the effect of repeated detection problems and avoid false positive problems

Inactive Publication Date: 2017-03-15
NANJING UNIV OF POSTS & TELECOMM
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The dynamic analysis method builds the Android operating environment, which can simulate the real behavior characteristics of the software to be tested. This detection method has high precision, but because the software needs to run dynamically, it needs to consume resources.
The characteristic of the static analysis method is that it does not need to run the software to be tested. It analyzes whether the software is malware through signature or control flow and data flow. The disadvantage of this method is that it is easy to generate false positives.
The disadvantage of this scheme is that the requirements for classification features are relatively high, and the effectiveness of features directly determines the accuracy of classification.
Most machine learning methods still use permissions as feature information, therefore, they cannot solve the false positives caused by the phenomenon of "abuse of authority"

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malicious software detection system and Android malicious software detection method based on signature and data flow mode excavation
  • Android malicious software detection system and Android malicious software detection method based on signature and data flow mode excavation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038]Below in conjunction with accompanying drawing, technical scheme of the present invention is described in further detail:

[0039] This paper discloses an Android malware detection system based on signature and data flow pattern mining, which is a static analysis detection system, which does not require the dynamic operation of the software to be tested. This system contains two components: signature analysis component and data flow analysis component. The signature analysis component optimizes the system’s speed of checking known malware, and the frequent patterns of malware data streams can be obtained through the analysis of the data flow analysis component, which can be used as rules to guide the detection of unknown software. The two components are described below.

[0040] 1) Signature analysis component

[0041] The signature analysis component includes a signature generation module, a malware signature database and a signature matching module; wherein the signa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an Android malicious software detection system and an Android malicious software detection method based on signature and data flow mode excavation. The system contains a signature analysis component and a data flow analysis component, wherein the signature analysis component contains a signature generating module, a malicious software signature database and a signature matching module; the data flow analysis component contains a data flow analysis module, a data flow mode excavation module, a data flow mode matching module and a data flow mode rule base. During operation, signature operation and data flow mode excavation are carried out on known malicious software, a malicious software signature base and the data flow mode rule base are established, and then signature matching and data flow rule matching are carried out on to-be-detected software, so that the to-be-detected software is judged to be malicious privacy disclosure software or not. The system and the method which are disclosed by the invention have the advantages that the disadvantage that manual confirmation needs to be carried out on the traditional data flow detection is overcome, detection efficiency is improved, and misinformation problem caused by 'abuse' problem is avoided.

Description

technical field [0001] The invention relates to the field of data flow pattern mining, in particular to an Android malware detection system and method based on signature and data flow pattern mining. Background technique [0002] Android is currently the most widely used smartphone operating system. In 2014, the sales of Android mobile phones accounted for 81% of the global mobile phone sales, reaching 1 billion units. On the other hand, the openness of the Android system has brought many security problems while being favored by application developers. At present, there are a large number of malware stealing user privacy on the Android platform, which seriously threatens user security. [0003] There are two mainstream Android malware detection methods, dynamic analysis method and static analysis method. The dynamic analysis method builds the Android operating environment, which can simulate the real behavior characteristics of the software to be tested. This detection met...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/564G06F21/562G06F2221/033
Inventor 宁卓邵达成郑之奇胡婷张佩
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com