Android application permission overflow vulnerability detection and malicious behavior identification method

An application and vulnerability detection technology, applied in character and pattern recognition, program code conversion, decompilation/disassembly, etc., can solve the problems of code obfuscation, difficulty in effectively extracting typical features, and new unknown malware without killing, etc. Achieve the effect of reducing false positive rate, easy extraction and analysis

Inactive Publication Date: 2018-05-25
XIAN UNIV OF SCI & TECH
View PDF6 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method relies on the analysis and extraction of historical malicious programs, and has almost no ability to detect and kill new unknown malware
In additi

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android application permission overflow vulnerability detection and malicious behavior identification method
  • Android application permission overflow vulnerability detection and malicious behavior identification method
  • Android application permission overflow vulnerability detection and malicious behavior identification method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The technical solution of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0034] In a specific embodiment, the detection method specifically includes the following steps:

[0035] Step 1: Use APKTool and Dare to decompile the APK file to be tested to obtain a Java bytecode program, which is the basis for all subsequent analysis. Among them, APKTool translates the Android dex file into a smali file, and Dare converts the smali file format into a Java bytecode format for subsequent analysis.

[0036] Step 2: Use string search to find all sensitive API calls in the program. "Sensitive API" refers to class methods that require permissions in the Android framework. Examples of sensitive APIs are shown in Table 1.

[0037] Table 1 Sensitive API and dependent permissions

[0038]

[0039] Step 3: The sending point of the Intent object refers to the code fragment in the program that sends the Intent object. The re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an Android application permission overflow vulnerability detection and malicious behavior identification method. According to the method, a static analysis method and a stringanalysis method are adopted, program points which use permissions in an APP are taken full account of, and an upper bound of an actual permission using set of an Android APP is accurately and effectively extracted to reduce permission overflow false positive rate; actual using permissions are taken as characteristics to describe behavioral characteristics of the APP more accurately, and an APP malicious behavior classifier with high accuracy and low false positive rate is constructed on the basis.

Description

technical field [0001] The invention relates to the field of software security, and mainly relates to a method for detecting the overflow vulnerability of an Android mobile application program through a static analysis method, and identifying its malicious behavior through the permission characteristics of the application program. Background technique [0002] Due to the flaws in Android's own security mechanism, a large number of Android applications with security vulnerabilities or even malicious behaviors have been produced and widely disseminated through a large number of uneven third-party application markets in China, and personal and public private data are frequently stolen and abused. , a serious threat to personal privacy, and even national economic and political security. Therefore, it is of great significance to study the malicious behavior detection method of Android application program (hereinafter referred to as APP) and develop the detection system for the pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06F21/57G06K9/62G06F8/53
CPCG06F8/53G06F21/56G06F21/577G06F18/24
Inventor 刘晓建雷倩
Owner XIAN UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap