Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A kernel-based method and system for detecting super-privilege behavior of an application program

A technology of super authority and application program, which is applied in the field of information security, can solve problems such as complex attack methods, large manpower consumption, and difficult judgment, and achieve the effects of obvious feature distinction, low false alarm rate, and high accuracy rate

Active Publication Date: 2020-11-17
XI AN JIAOTONG UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the complexity of the vulnerabilities of the Android operating system and the complexity and confusion of the attack methods used by the attackers, it is difficult to automatically judge
This method of manual identification and calibration has great limitations: the method of calibrating operating system vulnerabilities used by attackers based on manual experience: relying on the experience of the calibrator, it takes a lot of manpower to find features from a large number of kernel changes, and it takes a lot of time. a lot of time difficult to extensive

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A kernel-based method and system for detecting super-privilege behavior of an application program
  • A kernel-based method and system for detecting super-privilege behavior of an application program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention more clear, the implementation manners of the present invention will be described in detail below in conjunction with the drawings and embodiments.

[0036] The core part of the system is mainly composed of two units, which are the judgment unit for obtaining super authority and the CVE detection unit. The input data of the system is the kernel log generated when the application under test installed on the Android system is running. It is worth noting that the kernel logs here are mainly the usage of system calls.

[0037] First, input the above data into the super authority judgment unit. This subsystem includes a UID detection module. By traversing the uid of the system call process in the traversal log, it is judged whether the system has obtained the super authority; the subsystem also includes the system directory The detection module is used as a supplemen...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a kernel-based method for detecting the super privilege acquisition behavior of an application program, which comprises the following steps: 1) collecting a kernel system call log generated in the running of an Android application to be detected; 2) judging whether the Android application to be detect has acquired the super permission through a log, continuing to execute ifthe Android application is established, or ending the analysis; 3) analyzing the sequence relation, frequency relation and parameter special assignment of system call through log, comparing with 4 CVEfeatures, and analyzing the method of obtaining super privilege used by Android application to be detected.

Description

technical field [0001] The invention belongs to the technical field of information security, and relates to action recognition for acquiring super authority, in particular to a method and system for detecting the behavior of acquiring super authority by an application program based on a kernel. Background technique [0002] With the rapid development of mobile communication technology, there are more and more users of smart phones, and the time spent on smart terminal devices per capita is also increasing day by day. According to incomplete statistics, the per capita use of smart terminal equipment exceeds two hours a day, and the Android operating system accounts for 86.2% of the global mobile smart terminal equipment system. Therefore, the user group of the Android operating system is extremely large, and more and more users are beginning to complete payment, self-portrait and other behaviors involving economic interests and personal privacy on smart terminal devices. Ope...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06F21/57
CPCG06F21/552G06F21/577G06F2221/033
Inventor 陶敬王平辉韩婷王铮李佳璇郑宁栾庆鑫白云鹏孙立远柳哲林杰
Owner XI AN JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com