Malicious application detection method and system

Abstract

The invention relates to a malicious application detection method and system. The method comprises the steps of S1, performing static code scanning on a received to-be-detected application, analyzing whether the application has a malicious behavior conforming to any malicious behavior information in a malicious behavior information library or not based on three dimensions of right application, function call and information output, if the malicious behavior exists, marking the application as a suspected malicious application, and if the malicious behavior does not exist, marking the application as a normal application; and S2, performing application name, package name, signature certificate, directory structure, text file and image file-based similarity analysis between the application marked as the suspected malicious application and a malicious application sample in a malicious application sample library, and marking the application with the similarity conforming to a set value as a malicious application. According to the method and the system, the performance bottleneck of loading the application through a virtual machine for execution and analysis is avoided, the false alarm rate is effectively reduced, and the accuracy of identification is improved.

Description

technical field [0001] The present invention relates to mobile Internet technologies, and more specifically, to a method and system for detecting malicious applications. Background technique [0002] With the popularization of mobile smart terminals and the vigorous development of mobile Internet services, the number of mobile application software is showing a rapid growth trend. The subversive changes caused by mobile smart terminals have opened the prelude to the development of the mobile Internet industry. Smart terminals have changed people's work and lifestyle, and the security of mobile application software is also facing a severe situation. [0003] The rapid growth of mobile application software has brought a large-scale flood of various pirated, malicious applications, viruses and other applications. Compared with traditional PC terminals, the characteristics of malicious applications on mobile terminals are more obvious. Malicious application variants are very fas...

AI Technical Summary

Problems solved by technology

It is easy to detect and kill normal software with certain characteristic codes as threats, and some normal software will be falsely reported

[0009] (2) The analysis and extraction of gene signature codes is extremely difficult and requires very professional technicians, and the quality of signature code extraction greatly affects the final judgment of malicious applications. Therefore, this method has a lot of human influence factors, and its effect depends on The quality of safety professional and technical personnel

[0010] (3) A large number of samples are required for analysis. Before the gene signature code is analyzed and extracted, the spread of malicious applications cannot be dealt with. Considering the characteristics of mobile terminal malicious applications that mutate quickly and the propagation period is short, this method cannot effectively solve the problem of malicious applications. killing problem

[0014] (2) Low operating efficiency

[0017] (1) Artificial intelligence is a process that requires continuous learning. Only when there are enough malicious application samples, the artificial intelligence engine can complete its own learning process, the

Images