An Android unknown malicious software detection method based on dynamic behavior characteristics

A malware and detection method technology, applied in the field of computer and information science, can solve the problem that detection methods cannot comprehensively detect malware, and achieve the effects of improving accuracy, improving detection efficiency, and reducing feature dimensions

Inactive Publication Date: 2017-09-15
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF12 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] In summary, existing detection methods cannot efficiently, accurately and comprehensively detect malware, so the present invention proposes a method for detecting unknown Android malware combined with dynamic behavioral features

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Android unknown malicious software detection method based on dynamic behavior characteristics
  • An Android unknown malicious software detection method based on dynamic behavior characteristics
  • An Android unknown malicious software detection method based on dynamic behavior characteristics

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to better illustrate the purpose and advantages of the present invention, the implementation of the method of the present invention will be further described in detail below in conjunction with examples. Here, the exemplary implementation examples of the present invention and the descriptions therein are used to explain the present invention, but not to limit the present invention. The specific process is:

[0029] Step 1, software static feature extraction.

[0030] Step 1.1, the static feature extraction module simultaneously decompresses and decompiles the detected software.

[0031] Step 1.2, perform feature extraction on the decompressed dex and so files respectively. Among them, the following features are mainly extracted from the dex file: dex file header information, string offset value and number, type offset value and number, method prototype offset value and number, field offset value and number, and class Define the offset value and number; mainl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an Android unknown malicious software detection method based on dynamic behavior characteristics and belongs to the technical field of computers and information science. The method comprises the steps that to-be-detected software is input into a system; the system uncompresses and decompiles a software package and extracts static characteristics in a result file; at the same time, the system operates the software package in an Android simulator and monitors dynamic behavior of the software by using a behavior monitoring system based on an LKM (Loadable Kernel Module); the dynamic behavior is recorded in logs and the dynamic behavior characteristics of the software are extracted from the logs; the extracted dynamic and static characteristics are subjected to normalization processing and the results are input into a trained classification algorithm classification detection module; the module can automatically judge whether the detected software is malicious software or not according to the input dynamic and static characteristic data. The method has high detection efficiency and accuracy and can be applied to security detection of software platforms such as the Android application market.

Description

technical field [0001] The invention relates to a method for detecting unknown Android malicious software combined with dynamic behavior features, and belongs to the technical field of computer and information science. Background technique [0002] Since the Symbian 5.0 system was born in March 1999, the smartphone operating system has developed vigorously in the past ten years. In recent years, new-generation operating systems such as Android, Windows Phone, and iOS have gradually occupied most of the smartphone operating system market. Among them, the Android system, as an open source operating system, has developed the fastest. [0003] The rapid development of the Android system not only brings convenience to the majority of smartphone users, but also attracts the attention of global hackers due to its huge market and commercial value. According to the "Mobile Phone Security Report for the First Half of 2016" by Tencent Mobile Security Lab, there were 9.1825 million ne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/56
Inventor 潘丽敏张笈杨静雅罗森林
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap