Static detection method and apparatus for repackaged malicious application

A malicious application and static detection technology, applied in the field of malicious code detection, can solve the problems of low detection accuracy of DroidMOSS, limited ability to detect variant malicious code, and inability to detect repackaged applications in the Android application market, so as to improve detection accuracy , high-accuracy effect

Active Publication Date: 2017-07-14
INST OF INFORMATION ENG CAS
View PDF6 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the above detection methods, it is assumed that the applications in the official Android application market are native, non-malicious, and not repackaged. This assumption is too optimistic in some aspects to detect repackaged applica

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Static detection method and apparatus for repackaged malicious application
  • Static detection method and apparatus for repackaged malicious application
  • Static detection method and apparatus for repackaged malicious application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] The following will clearly and completely describe the technical solutions in the embodiments of the present disclosure with reference to the accompanying drawings in the embodiments of the present disclosure. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments in the present disclosure, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present disclosure.

[0037] In the first aspect, the present invention provides a static detection method for repackaged malicious applications, which can detect repackaged malicious applications, and is suitable for Android applications from official Android application markets, third-party application markets, or other sources. . Such as figure 1 As shown, the method includes:

[0038] S1. Obtain the API call sequence of the installation package of the applic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a static detection method and apparatus for a repackaged malicious application. The method comprises the steps of obtaining API call sequences of an installation package of a to-be-detected application and a correlation relationship between classes which the API call sequences belong to; establishing a class-based function call relational graph; performing clustering division on the classes to obtain a plurality of clusters, and removing a preset number of clusters with the highest correlation relationship between the classes in the clusters to obtain a malicious code cluster; extracting sensitive API call sequences in the API call sequences of the classes in the malicious code cluster, and performing similarity matching on the extracted sensitive API call sequences of the classes and characteristic sequence samples of the malicious application in a pre-established sample library; and determining whether the to-be-detected application is the repackaged malicious application or not. According to the method and the apparatus, malicious codes are extracted by taking the class as a unit without depending on an Android official application, so that relatively high accuracy can be ensured for variant malicious codes.

Description

technical field [0001] The invention relates to the technical field of malicious code detection, in particular to a static detection method and device for repackaging malicious applications. Background technique [0002] With the rapid development of the mobile Internet, due to the convenient portability, excellent performance, and rich functions (such as instant messaging, office processing, online games, etc.) of smart terminals (such as smart phones, tablets, etc.), the sales of smart terminals have grown rapidly. At present, China's mobile Internet users have exceeded 800 million. In 2015, Google Play has exceeded 1.4 million applications. Various third-party application markets in China also have a large number of mobile applications. While these applications bring great convenience to people, they also bring great hidden dangers and risks to information security. A study on the analysis of malicious applications based on the Android system shows that after analyzing 1...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
Inventor 刘超喻民谭民朱大立姜建国
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap