Device and method for identifying malicious code

A malicious code and identification device technology, which is applied in the field of malicious code identification devices, can solve the problems of not being able to identify unknown malicious codes, malicious code reinforcement, etc., and achieve the effect of improving accuracy and effect and preventing threats

Inactive Publication Date: 2018-05-22
WUHAN ANTIY MOBILE SECURITY
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The technical problem to be solved by the present invention is to provide a malicious code identification device and method to solve the problems of malicious code reinforcement and inability to identify unknown malicious code encountered in static malicious code detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Device and method for identifying malicious code
  • Device and method for identifying malicious code
  • Device and method for identifying malicious code

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The present invention will be further described below in conjunction with specific examples and accompanying drawings.

[0047] The present invention provides a malicious code identification device, such as figure 1 As shown, it includes:

[0048] The process injection module 1 is used to inject the system process at run time and load the API HOOK dynamic library during the running process of the terminal equipped with the Android system, so as to achieve the purpose of monitoring other application process APIs in the system. Specifically, perform ptrace on zygote and system_server, and load the API HOOK dynamic library through dlopen.

[0049] The monitoring module is used to monitor sensitive APIs through API HOOK and send behavior monitoring vectors. Among them, the sensitive API is a preset list of a series of Android APIs that may have threatening behaviors based on human experience. The monitoring module includes: behavior monitoring module 2, which is used to ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a device for identifying malicious codes. The device comprises: a detection application module used for system initialization, a process injection module used to perform injection on a system process and load an API HOOK dynamic library in an operation process of a terminal which is installed with an Android system, a monitoring module used to monitor a sensitive API throughAPI HOOK and outputting behavior monitoring vectors, and a detection service module used to analyze the behavior monitoring vectors and identify threatening behaviors. Through behaviors when malicious codes operate, malevolence of the codes can be determined, bottleneck when static malicious code detection encounters malicious code reinforcing is solved, and bottleneck that unknown malicious codes cannot be identified. Since a dynamic injection API HOOK technology is used, malicious code identification and blocking can be realized on the basis that source codes are not modified, and problemsof long development period and poor portability existed in a malicious code detection technology which identifies based on behaviors modifying system source codes are solved.

Description

technical field [0001] The invention relates to the technical field of mobile network security, in particular to a malicious code identification device and method. Background technique [0002] Malicious code detection technologies on mobile devices are currently mainly based on rule-based malicious code detection technologies and malicious code detection technologies based on behavior recognition of modifying system source codes. Among them, the malicious code detection technology based on the rule base has a certain lag because its rule base is extracted based on the static analysis of known malicious codes, and it can only detect known malicious codes. However, the malicious code detection technology based on the behavior recognition of modifying the system source code has many versions of the mobile phone system, frequent updates, and many ROM manufacturers will not disclose the source code. In some cases, the behavior recognition technology based on source code has pro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 冯泽乔伟
Owner WUHAN ANTIY MOBILE SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap