Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Application abnormal behavior identification model building method and apparatus, and application abnormal behavior identification method and apparatus

A technology for identifying models and establishing methods, which is applied in character and pattern recognition, computer security devices, instruments, etc., and can solve problems such as triggering abnormal behaviors that cannot effectively cover the real machine environment

Inactive Publication Date: 2017-08-15
GLOBAL ENERGY INTERCONNECTION RES INST CO LTD +2
View PDF4 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Therefore, the technical problem to be solved by the present invention is that the existing method of analyzing malicious software or abnormal behavior by starting the application on the simulator and recording the application operation information cannot effectively cover the real machine environment and various aspects of the application operation in actual use. Factors that trigger abnormal behavior, malware can avoid detection by the system by using the simulator to identify or delay the attack time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Application abnormal behavior identification model building method and apparatus, and application abnormal behavior identification method and apparatus
  • Application abnormal behavior identification model building method and apparatus, and application abnormal behavior identification method and apparatus
  • Application abnormal behavior identification model building method and apparatus, and application abnormal behavior identification method and apparatus

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0065] Such as figure 1 As shown, this embodiment provides a method for establishing an application abnormal behavior identification model, including the following steps:

[0066] S11: Respectively acquire first API (Application Programming Interface, application programming interface) call log samples of multiple normal application samples and second API call log samples of multiple malicious application samples. The normal application sample and the malicious application sample may be applications other than the application to be detected. The API interfaces corresponding to the first API call log sample and the second API call log sample are consistent with the API interfaces corresponding to the API call logs used in actual detection.

[0067] S12: Establish an abnormal behavior identification model according to the first API call log sample and the second API call log sample.

[0068] The method for establishing an application abnormal behavior identification model prov...

Embodiment 2

[0091] This embodiment provides a method for establishing an application abnormal behavior identification model, including the following steps:

[0092] Step 1: Obtain multiple normal application samples and multiple malicious application samples respectively.

[0093] Step 2: Repackage and inject the nativeHook function and monitoring log function of the sensitive API interface into normal application samples and malicious application samples respectively.

[0094] Step 3: Run the normal application samples and malicious application samples injected with the monitoring log function in batches on the Android emulator, and collect the first API call log sample of the normal application sample and the second API call log sample of the malicious application sample respectively .

[0095] Step 4: Construct the membership function and select the kernel function.

[0096] Step 5: Take the first API call log sample of the normal application sample and the second API call log sample...

Embodiment 3

[0098] This embodiment provides a method for identifying abnormal behavior of an application, such as Figure 5 and 6 As shown, it can be applied to electric power enterprise mobile applications, including the following steps:

[0099] S31: Obtain an API call log when the application is running, where the API call log is a sensitive API call log when the application is actually running on a real device. The application may be a utility mobile application.

[0100] S32: Use the application abnormal behavior identification model established according to the method provided in the above embodiment 1 or 2 to classify the API call log to identify the abnormal behavior.

[0101] The abnormal behavior identification method of the application provided in this embodiment can identify whether the behavior of the application is abnormal in real time according to the API interface call log collected when the application is actually running on the real machine, so that the behavior of th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an application abnormal behavior identification model building method and apparatus, and an application abnormal behavior identification method and apparatus, and relates to the technical field of application security. The application abnormal behavior identification model building method comprises the steps of obtaining a first API call log sample of multiple normal application samples and a second API call log sample of multiple malicious application samples; and building an abnormal behavior identification model according to the first API call log sample and the second API call log sample. According to the method, the application abnormal behavior identification model can be built; and the identification model can identify whether a behavior of an application is abnormal or not according to an API call log collected during actual operation of the application in a real machine in real time, so that the behavior of the application in actual use can be detected in real time. The methods and the apparatuses can be suitable for power enterprise-oriented mobile applications.

Description

technical field [0001] The invention relates to the technical field of application program security, in particular to a method and device for establishing an application abnormal behavior identification model, and an identification method and device. Background technique [0002] In recent years, with the continuous development of the mobile Internet, power companies have closely followed the business development and application requirements of new technologies under the "Internet +" environment, and proposed the development direction of power service mobilization, operation mobilization and office mobilization. Enterprise employees and power users provide more open and intelligent services, which is conducive to strengthening the connection between enterprise employees, partners and power customers, realizing the real-time flow and sharing of power business information, and greatly improving work efficiency. However, in the case of the existing traditional Internet informat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/55G06K9/62
CPCG06F21/552G06F21/566G06F18/2411
Inventor 李勇张涛马媛媛陈牧戴造建石聪聪邵志鹏陈璐李尼格席泽生
Owner GLOBAL ENERGY INTERCONNECTION RES INST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com