Malicious program detection method and device, computing device and computer storage medium

Abstract

The invention discloses a malicious program detection method and device, a computing device and a computer storage medium. The method comprises the steps that when a to-be-detected program is operated, instruction characteristics of the to-be-detected program are monitored; wherein the instruction feature at least comprises a to-be-tested method calling sequence and/or a to-be-tested instruction sequence corresponding to each method; matching the to-be-tested method calling sequence with a reference method calling sequence of a known malicious program; and/or matching the to-be-tested instruction sequence corresponding to each method with a reference instruction sequence of a known malicious program; and determining whether the to-be-detected program is a malicious program or not accordingto a matching result. According to the scheme provided by the invention, whether the program to be detected is a malicious program is determined from the level of the to-be-detected method calling sequence and/or the to-be-detected instruction sequence of the program to be detected, so that virus detection can be accurately carried out on the program to be detected including malicious variant viruses caused by means of repackaging and the like.

Description

technical field [0001] The invention relates to the technical field of application security, in particular to a malicious program detection method, device, computing device and computer storage medium. Background technique [0002] While applications provide a large number of convenient services for the society, various security issues and industry chaos also emerge in an endless stream, such as malicious charging, SMS phishing, stealing payment information, stealing personal privacy, remote control, traffic consumption, system damage, etc. These behaviors seriously endanger the user's privacy and property security, and programs that have the above-mentioned behaviors that endanger user privacy and property security are malicious programs. In general, malicious programs can refer to programs that are installed and run in mobile terminal systems without the user's knowledge or authorization to achieve certain illegitimate purposes, or programs that violate relevant national l...

AI Technical Summary

Problems solved by technology

[0004] However, there are at least the following deficiencies in the prior art: some malicious programs modify APK characteristic parameters (such as file names) to parameters that do not have obvious malicious characteristics, so that malicious programs generate virus variants, making it difficult for detectors to find the malicious program, namely : Not all malicious programs will have such obvious characteristic parameters; when virus variants occur due to means such as repackaging, the APK characteristic parameters in the malicious program to be detected, such as: when MD5 changes, the existing technical solutions will not will detect the pending APK

Therefore, the judgment method adopted in the prior art is too simple, the judgment result is inaccurate, and misjudgment is likely to occur

Images