Mixed feature-based Android malicious software detection method and system

A technology of malware and detection methods, applied in the direction of computer parts, instruments, platform integrity maintenance, etc., can solve the problem of low classification accuracy, and achieve the effects of improving identification accuracy, improving classification accuracy, and reducing false alarm rate

Inactive Publication Date: 2017-09-19
SHENZHEN INST OF ADVANCED TECH
View PDF1 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the current static analysis of Android malware mainly classifies API and permission features, and the classification accuracy is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Mixed feature-based Android malicious software detection method and system
  • Mixed feature-based Android malicious software detection method and system
  • Mixed feature-based Android malicious software detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The technical means adopted by the present invention to achieve the intended invention purpose are further described below in conjunction with the drawings and preferred embodiments of the present invention.

[0017] figure 1 It is a flowchart of a method for detecting Android malware based on mixed features according to an embodiment of the present invention. Such as figure 1 As shown, the method includes:

[0018] Step S101, acquiring Dalvik feature data, API feature data, and authority feature data.

[0019] Specifically, the extraction of Dalvik feature data is to use the baksmali tool to decompile the dex file, output the Dalvik assembly file, extract the Dalvik feature data, and use the feature vector to represent the Android application software; if there is a Dalvik feature data, set it to 1, otherwise set it to 0.

[0020] The API feature data is extracted by using the Dedexer tool, through the operation command "java-jar Dedexer.jar-d " decompiles the cla...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a mixed feature-based Android malicious software detection method and system. The method comprises the steps of obtaining Dalvik feature data, API feature data and permission feature data; by utilizing a Dalvik instruction classifier, an API classifier and a permission classifier, classifying the Dalvik feature data, the API feature data and the permission feature data by adopting an algorithm of an extreme learning machine, building a classification model, and performing calculation according to the classification model to obtain a prediction tag; and based on the prediction tag and the classification precision of the Dalvik instruction classifier, the API classifier and the permission classifier, performing fusion in a linear combination mode, performing calculation to obtain a prediction value, and performing malicious software judgment according to the prediction value. By utilizing the method and the system, the malicious software identification precision can be improved and the false alarm rate can be reduced.

Description

technical field [0001] The invention relates to the field of software detection, in particular to a method and system for detecting Android malware based on mixed features. Background technique [0002] The application of smart terminals and cloud computing accelerates the integration of information technology and communication technology, and promotes the rapid development of the mobile Internet. With the development of the mobile Internet, the number of mobile terminal users is increasing day by day. Driven by economic interests, the number of mobile malware has exploded in recent years, and various mobile malware families are ever-changing, which seriously threatens the healthy development of the mobile Internet and brings non-negligible problems to users and smart terminals. harm. However, due to the fact that our country has not yet issued requirements for the security of mobile application stores, this makes the security threshold of some application stores too low, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/563G06F2221/033G06F18/24G06F18/254
Inventor 张巍任环姜青山
Owner SHENZHEN INST OF ADVANCED TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap