Android malicious application detection system based on multi-operation environment behavior comparison

A malicious application and operating environment technology, applied in the field of network security, can solve the problem that the static analysis method is difficult to obtain effective information details, and achieve the effect of convenient update, upgrade and expansion, efficient processing, and enhanced analysis and detection capabilities.

Active Publication Date: 2018-06-08
XI AN JIAOTONG UNIV
View PDF4 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, with the continuous development of encryption technology and obfuscation technology, it is difficult for static analysis methods to obtain effective information details

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malicious application detection system based on multi-operation environment behavior comparison
  • Android malicious application detection system based on multi-operation environment behavior comparison
  • Android malicious application detection system based on multi-operation environment behavior comparison

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and exemplary embodiments. It should be understood that the exemplary embodiments described here are only used to explain the present invention, and are not intended to limit the applicable scope of the present invention.

[0029] First, the overall operation process of the Android malicious application detection system based on behavior comparison of the present invention is as follows: figure 1 shown. The four main modules drawn are information extraction module, dynamic analysis module, environment detection and confrontation module, and behavior record analysis module. The system operation scheduling module is not drawn in the flow chart. The system operation scheduling module is responsible for controlling the entire operation process during the system operatio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

An Android malicious application detection system based on multi-operation environment behavior comparison comprises an information extraction module, a dynamic analysis module, an environment detection countering module, a behavior record analysis module and a system operation scheduling module, wherein the information extraction module is used for decompiling a detected APK installation file andproviding data support for subsequent log analysis; the dynamic analysis module is used for dynamic analysis of an Android application by using a sand box technology and recording behaviors executedin the program running process; the environment detection countering module is used for detecting environment detection behaviors in the program running process in real time, carrying out countering according to the detection behaviors of different levels and modifying operation environment detection results in the application into camouflage operation environment characteristics; the behavior record analysis module is used for unified management and analysis of all behavior logs after the to-be-tested application repeatedly runs; the system operation scheduling module is used for controllingthe whole operation process in the system operation process. By means of the method, the behavior difference situation of the application can be captured, whether malicious behaviors exist or not is detected, and the method is suitable for recognizing environment-sensitive malicious applications.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to an Android malicious application detection system based on behavior comparison of multiple operating environments. Background technique [0002] The rapid development of the Internet today has a considerable scale. In recent years, with the rise of smart mobile terminal equipment, the mobile Internet has also developed rapidly, and smart phones and tablet computers are becoming popular in people's lives. With the gradual popularization of smart mobile terminal operating systems, the Android system platform has been welcomed by many mobile device R&D and manufacturers for its convenience and ease of use, excellent remodelability and scalability, and system open source. Gradually has a large number of system enthusiasts and user groups. [0003] It is precisely because of the high user share of the Android system and its unique open source features that the Android syste...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 陶敬张岩王平辉韩婷曹鹏飞王铮赵琪琪孙立远柳哲
Owner XI AN JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap