Behavior triggering method and system of remote-control malicious-code
A malicious code and behavior technology, applied in the fields of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve problems such as difficult and accurate simulation of remote control malicious code, and achieve the effect of solving automatic extraction and improving detection capabilities.
Inactive Publication Date: 2018-06-15
WUHAN ANTIY MOBILE SECURITY
View PDF4 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, for remote control malicious codes, relevant behaviors will only be triggered when they receive instructions specified by the remote control server during operation. SMS, but it is difficult to accurately simulate these instructions when the malicious code is simulated to trigger the SMS sending behavior of the remote control malicious code, which makes the dynamic malicious code detection technology invalid for the remote control type of malicious code
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0027] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.
[0028] A remote control malicious code behavior trigger method, such as figure 1 shown, including:
[0029] S101: the comparison API interface in the HOOK remote control malicious code, the comparison API interface is a system API interface for comparing and judging character string information;
[0030] S102: Determine whether the remote control malicious code has received simulated behavior trigger information, if so, execute S103, otherwise end;
[0031] S103: Obtain the string information in the comparison API in the remote control malicious code, and match it with the ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention provides a behavior triggering method and system of remote-control malicious-code. HOOK is carried out on a comparative-type API in the remote-control malicious-code; whether the remote-control malicious-code receives simulated behavior triggering information is judged, if yes, character string information of the comparative-type API in the remote-control malicious-code is acquired,and matching with character string information in a behavior triggering information library is carried out, and otherwise, the steps end; whether the character string information in the comparative-type API is the same as any piece of character string information in the behavior triggering information library is judged, and if yes, a returned value of the comparative-type API is modified accordingto a preset value for triggering a subsequent behavior of the remote-control malicious-code; and otherwise, the character string information in the comparative-type API is saved to a suspect-information library. Through the method and system of the invention, malicious behaviors of remote-control malicious-code can be effectively triggered, and detection capability of dynamic malicious-code detection technology on the remote-control-type malicious-code can be improved.
Description
technical field [0001] The invention relates to the technical field of mobile network security, in particular to a remote control malicious code behavior triggering method and system. Background technique [0002] With the vigorous development of the mobile Internet, malicious codes on mobile devices emerge in endlessly, and the current mainstream mobile malicious code detection technology is mainly based on static code analysis and static feature library matching. After malicious codes have adopted reinforcement technology, static malicious code detection technology has become stretched. As a result, dynamic malicious code detection technology has gradually developed. Dynamic malicious code detection technology mainly monitors the behavior of malicious code at runtime. Therefore, how to make malicious code trigger malicious behavior at runtime is the key to dynamic malicious code detection technology, because only malicious code It can be detected by the dynamic malicious ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 冯泽潘宣辰
Owner WUHAN ANTIY MOBILE SECURITY