Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Android malware real-time detection method based on network flow analysis

A malware and network traffic technology, applied in the field of communications, can solve the problems of ineffective detection, single network traffic data characteristics, and insufficient utilization of network traffic, etc., and achieve the effect of good detection accuracy.

Inactive Publication Date: 2017-05-10
XIDIAN UNIV
View PDF1 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In summary, some Android malware detection methods based on network traffic analysis at this stage have the following deficiencies: First, the existing Android malware detection methods based on network traffic analysis usually analyze the network traffic in different TCP sessions analysis, or the processing method of analyzing network data packets one by one makes the real-time performance of malware detection cannot be guaranteed; then, the network traffic characteristics used in the existing Android malware detection methods based on network traffic analysis are usually The characteristics of the application layer header field of the network data packet, this method cannot effectively detect the application program that uses the TLS / SSL protocol for encrypted transmission; finally, the existing Android malware detection method based on network traffic analysis The characteristics of the network traffic data used are relatively single, and various types of characteristics of network traffic are not fully utilized.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malware real-time detection method based on network flow analysis
  • Android malware real-time detection method based on network flow analysis
  • Android malware real-time detection method based on network flow analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The present invention will be further described below in conjunction with the accompanying drawings.

[0051] Refer to attached figure 1 , to further describe the implementation method of the present invention.

[0052] Step 1, collect network data.

[0053] Use network packet capture tools to collect network traffic data generated by normal software samples and malware samples respectively, and use the collected network traffic data as the initial data set for training malware detection models.

[0054] Step 2, dividing the network data flow into groups.

[0055] According to the definition rules of network data flow grouping, the initial data set is grouped to obtain multiple different network data flow groups.

[0056] The definition rule of the network data stream grouping is that, for the network data packets in the initial data set, according to the time sequence of the network data packets, the adjacent network data packets with a time interval of less than 4....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an Android malware real-time detection method based on network flow analysis. The method comprises the following steps: (1) collecting network data; (2) dividing network data flow groups; (3) extracting a network data flow minimum unit; (4) judging whether a flow minimum unit port number is 80; (5) extracting network data packet field features; (6) judging whether the flow minimum unit port number is 443; (7) extracting network data flow statistical features; (8) training a statistical feature detection module; (9) training a field feature detection module; (10) extracting the network data feature of a to-be-detected sample; (11) judging whether a feature vector of the to-be-detected sample is a field feature vector; and (12) inputting the feature vector of the to-be-detected sample into the field feature detection model or a statistical feature detection model to obtain a detection result. By use of the real-time detection method disclosed by the invention, the malware can be detected in real time, and an encryption protocol can be used for detecting the software for performing the network data transmission.

Description

technical field [0001] The invention belongs to the technical field of communication, and further relates to a real-time detection method for Android malware based on network traffic analysis in the technical field of network security. The invention can be used to detect in real time whether malicious software exists in the Android mobile terminal, so that other network security technologies can process the malicious software existing in the Android mobile terminal, thereby ensuring the information security of the Android mobile terminal users. Background technique [0002] Android malware detection technology is used to discover malware existing on mobile devices, so that other network security technologies can prevent malware from harming mobile devices. Android malware detection technology based on network traffic analysis has attracted the attention of scholars in recent years. This method usually analyzes the network traffic data generated by applications, and extracts ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1408
Inventor 易运晖肖新光陈南赵楠朱畅华何先灯权东晓刘弦弦
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com