Unlock instant, AI-driven research and patent intelligence for your innovation.

A detection method for malicious behaviors of Android applications

A detection method and malicious technology, applied in the field of communication, can solve the problem of high false positive rate

Inactive Publication Date: 2020-08-04
四川中大云科科技有限公司
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The false positive rate will be higher

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A detection method for malicious behaviors of Android applications
  • A detection method for malicious behaviors of Android applications
  • A detection method for malicious behaviors of Android applications

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] A method for detecting malicious behaviors of Android applications, comprising the following steps:

[0038] 1) start the Android smart terminal, and install the application executable program in the terminal;

[0039] 2) copying the executable program to the sandbox module;

[0040] 3) In the sandbox module, feature extraction is performed on the executable program;

[0041] 4) using the feature as the input unit of the trained SVM module, and obtaining the predicted risk value;

[0042] 5) If the predicted risk value is greater than or equal to the safety threshold, feed back to the Android smart terminal; if the predicted risk value is less than the safety threshold, install the executable program.

[0043] The feature extraction in step 3) includes static feature extraction and dynamic feature extraction, the features extracted by the static feature extraction are URIS and EMAILS, and the dynamic feature extraction is realized by network capture.

[0044] Step 4)...

Embodiment 2

[0061] On the basis of Embodiment 1, a method for detecting malicious behaviors of Android applications includes the following steps:

[0062] 1) start the Android smart terminal, and install the application executable program in the terminal;

[0063] 2) copying the executable program to the sandbox module;

[0064] 3) In the sandbox module, analyzing and decompressing the executable program;

[0065] 4) If the format of the executable program is wrong or decompressed and identified during the analysis and decompression, the error message will be fed back to the user, otherwise, enter the next step;

[0066] 5) Analyze the digital certificate of the executable program, compare the obtained result with the blacklist, if the blacklist hits, then determine that it is a virus application, and feed back to the user, otherwise enter the next step;

[0067] 6) Analyzing the configuration file of the executable program, calculating the primary policy weight, if the weight exceeds t...

Embodiment 3

[0072] On the basis of the foregoing embodiments, a system for detecting malicious behaviors of Android applications that implements the foregoing method includes the following structure:

[0073] Copy the module to copy the executable program;

[0074] The communication module is used for uploading the copy of the executable program copied by the copy module and feeding back the results of malicious behavior monitoring;

[0075] The control module is used for the user to input parameters, run detection scripts, calculate primary strategy weights and view detection results;

[0076] The storage module is used to store samples, blacklists, and weight thresholds, and supports users to create, add, modify, delete, and query;

[0077] A comparison module, configured to compare the primary strategy weight with the weight threshold;

[0078] The sandbox module is used to carry out malicious behavior detection to the copy of the executable program; the sandbox module includes a sam...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The front-end of the modern anti-virus technology system is based on the anti-virus engine technology, which is applied to two working scenarios of the host and the network; while the back-end relies on a large-scale massive data analysis and processing system as support. Traditional malicious behavior detection relies on malicious file samples collected by the front-end or instant-triggered events to submit to the back-end system for analysis and processing. Malicious behavior detection technology has been gradually formed in the continuous evolution of anti-virus technology in recent years. The emergence of new virus technology often directly promotes the improvement of the entire level of anti-virus technology. This kind of offensive and defensive game is often very passive. Sandbox technology is an environment that provides experiments for some unreliable programs without affecting the operation of the system. Its main idea lies in the isolation mechanism and hierarchical security architecture. The invention researches and proposes a malicious behavior detection model based on SVM, and applies it to an Android system based on sandbox technology.

Description

technical field [0001] The invention relates to the field of communications, in particular to a method for detecting malicious behaviors of Android applications. Background technique [0002] At present, the detection of malicious code and behavior can be roughly divided into the following aspects: [0003] Detection based on network traffic flow. Similar to large Internet companies, the traditional communication traffic is gradually transformed from the distribution of content to the distributed service strategy of the overall cluster architecture. Detect load traffic at the application level, clean and extract communication data containing attacks, and then perform detection on this basis. At present, the malicious code detection technology based on flow characteristics analyzes various known and unknown abnormal traffic in the network and analyzes the abnormal traffic found with historical data, so as to know the specific purpose of malicious behavior. [0004] Signatu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/53G06F21/56G06K9/62
CPCG06F21/53G06F21/562G06F2221/033G06F18/2411
Inventor 唐勇
Owner 四川中大云科科技有限公司