Detection method for malicious act in Android application

A detection method and behavior technology, applied in the field of communication, can solve the problem of high false alarm rate

Inactive Publication Date: 2017-06-13
四川中大云科科技有限公司
View PDF2 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The false positive rate will be higher

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method for malicious act in Android application
  • Detection method for malicious act in Android application
  • Detection method for malicious act in Android application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] A method for detecting malicious behaviors of Android applications, comprising the following steps:

[0038] 1) start the Android smart terminal, and install the application executable program in the terminal;

[0039] 2) copying the executable program to the sandbox module;

[0040] 3) In the sandbox module, feature extraction is performed on the executable program;

[0041] 4) using the feature as the input unit of the trained SVM module, and obtaining the predicted risk value;

[0042] 5) If the predicted risk value is greater than or equal to the safety threshold, feed back to the Android smart terminal; if the predicted risk value is less than the safety threshold, install the executable program.

[0043] The feature extraction in step 3) includes static feature extraction and dynamic feature extraction, the features extracted by the static feature extraction are URIS and EMAILS, and the dynamic feature extraction is realized by network capture.

[0044] Step 4)...

Embodiment 2

[0061] On the basis of Embodiment 1, a method for detecting malicious behaviors of Android applications includes the following steps:

[0062] 1) start the Android smart terminal, and install the application executable program in the terminal;

[0063] 2) copying the executable program to the sandbox module;

[0064] 3) In the sandbox module, analyzing and decompressing the executable program;

[0065] 4) If the format of the executable program is wrong or decompressed and identified during the analysis and decompression, the error message will be fed back to the user, otherwise, enter the next step;

[0066] 5) Analyze the digital certificate of the executable program, compare the obtained result with the blacklist, if the blacklist hits, then determine that it is a virus application, and feed back to the user, otherwise enter the next step;

[0067] 6) Analyzing the configuration file of the executable program, calculating the primary policy weight, if the weight exceeds t...

Embodiment 3

[0072] On the basis of the foregoing embodiments, a system for detecting malicious behaviors of Android applications that implements the foregoing method includes the following structure:

[0073] Copy the module to copy the executable program;

[0074] The communication module is used for uploading the copy of the executable program copied by the copy module and feeding back the results of malicious behavior monitoring;

[0075] The control module is used for the user to input parameters, run detection scripts, calculate primary strategy weights and view detection results;

[0076] The storage module is used to store samples, blacklists, and weight thresholds, and supports users to create, add, modify, delete, and query;

[0077] A comparison module, configured to compare the primary strategy weight with the weight threshold;

[0078] The sandbox module is used to carry out malicious behavior detection to the copy of the executable program; the sandbox module includes a sam...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Disclosed is a detection method for malicious act in Android application. The front end of a modern antivirus technology takes an antivirus engine technology as a core which is applied to two working scenarios of a hose and a network while the rear end relies on a large-scale data analyzing and processing system as support; traditional malicious act detection lies in that malicious document samples collected from the front end or instantly-triggered events are submitted to the rear end system for analyzing and processing; on the premise that the malicious act detection technology is gradually formed in constant evaluation of the antivirus technology in recent years, generation of a new virus technology can directly promote improve of the entire level of the antivirus technology, and such an offensive and defensive game is often passive; a sandboxing technology provides experiments for some unreliable programs without affecting the running environment of the system, and the main idea lies in isolating mechanism and hierarchical security structure; an SVM (secure virtual machine) based malicious act detection model is provided in the research, and the model is applied to the sandboxing technology based Android system.

Description

technical field [0001] The invention relates to the field of communications, in particular to a method for detecting malicious behaviors of Android applications. Background technique [0002] At present, the detection of malicious code and behavior can be roughly divided into the following aspects: [0003] Detection based on network traffic flow. Similar to large Internet companies, the traditional communication traffic is gradually transformed from the distribution of content to the distributed service strategy of the overall cluster architecture. Detect load traffic at the application level, clean and extract communication data containing attacks, and then perform detection on this basis. At present, the malicious code detection technology based on flow characteristics analyzes various known and unknown abnormal traffic in the network and analyzes the abnormal traffic found with historical data, so as to know the specific purpose of malicious behavior. [0004] Signatu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/53G06F21/56G06K9/62
CPCG06F21/53G06F21/562G06F2221/033G06F18/2411
Inventor 唐勇
Owner 四川中大云科科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap