A malicious code intrusion detection and prevention method for a mobile application

A malicious code and mobile application technology, applied in the field of malicious code intrusion detection and prevention, can solve problems such as high false positives and false negatives, rule generation dependencies, hindered analysis, etc., to improve detection capabilities, improve anti-interference capabilities, reduce The effect of false positive rate

Inactive Publication Date: 2018-12-14
ELECTRIC POWER RESEARCH INSTITUTE, CHINA SOUTHERN POWER GRID CO LTD +1
View PDF1 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] The detection of malicious code variants is the difficulty and focus of malicious code prevention at present. The existing malicious code variants can be roughly divided into two categories in terms of implementation. One is that malicious code developers implement variants by reusing basic modules; the other is malicious code variants. The code is an obfuscation technology specially designed and developed for the existing prevention technology. The obfuscation technology is divided into two types according to the realization principle. One is the obfuscation of Gao Ran's disassembly, which makes the disassembly unable to get the correct result, thus hindering further analysis. It is instruction / control flow obfuscation. Such obfuscation techniques usually use garbage code insertion, register reallocation, equivalent instruction replacement, and code transformation to change the grammatical characteristics of the code and hide the internal logical relationship.
[0003] Malicious code detection methods can be divided into two categories: heuristic-based detection and feature-based detection. Heuristic-based detection judges the possibility of malicious code existence according to pre-designed rules, which can be used to detect new malicious code samples, but its rule generation is more dependent on Based on the experience of developers, the rate of false positives and false negatives is relatively high in actual use; feature-based detection methods are based on features extracted from malicious codes. Compared with heuristic-based detection, both efficiency and false positive rate are lower Advantage

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A malicious code intrusion detection and prevention method for a mobile application
  • A malicious code intrusion detection and prevention method for a mobile application
  • A malicious code intrusion detection and prevention method for a mobile application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The principles and features of the present invention will be described below in conjunction with the accompanying drawings, and the enumerated embodiments are only used to explain the present invention, and are not intended to limit the scope of the present invention.

[0026] refer to figure 1 , the present invention provides a malicious code intrusion detection and prevention method for mobile applications, the method comprising the following steps:

[0027] S1. Collect mobile application malicious code samples, analyze the execution process of malicious code samples through dynamic taint propagation, identify and record the call information in the process and instruction information related to tainted data;

[0028] S2. Construct a malicious code behavior dependency graph according to the call information and instruction information;

[0029] S3. Analyze the behavior of the malicious code sample to perform anti-obfuscation processing on the behavior dependency graph...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious code intrusion detection and prevention method for a mobile application, which comprises the following steps: analyzing a malicious code sample execution flow through dynamic stain propagation, identifying and recording calling information in the flow and instruction information related to stain data; Constructing a malicious code behavior dependency graph according to the invocation information and the instruction information; analyzing the behavior of malicious code sample to deal with the behavior dependency graph, identifying and processing the semanticinvocation, and then obtaining the behavior characteristic graph of malicious code; detecting the malicious code according to the behavior characteristic graph, assigning value to nodes and edges in the graph according to behavior sensitivity, and setting weighted eigenvalue calculation mode and detection threshold; performing stain propagation analysis on the target detection code, calculating the feature value according to the matching condition of the called information and features and comparing the feature value and the detection threshold value to determine the malicious code. The methodcan detect the target to be tested from the sensitive behavior of the malicious code, and the detection accuracy is high, the performance is good, and the false alarm rate is low.

Description

technical field [0001] The invention relates to the field of information security, in particular to a malicious code intrusion detection and prevention method for mobile applications. Background technique [0002] The detection of malicious code variants is the difficulty and focus of malicious code prevention at present. The existing malicious code variants can be roughly divided into two categories in terms of implementation. One is that malicious code developers implement variants by reusing basic modules; the other is malicious code variants. The code is an obfuscation technology specially designed and developed for the existing prevention technology. The obfuscation technology is divided into two types according to the realization principle. One is the obfuscation of Gao Ran's disassembly, which makes the disassembly unable to get the correct result, thus hindering further analysis. It is instruction / control flow obfuscation. This type of obfuscation technology usually ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 许爱东杜金燃陈华军刘振
Owner ELECTRIC POWER RESEARCH INSTITUTE, CHINA SOUTHERN POWER GRID CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap