Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An Android malicious software detection method based on an API calling sequence

A technology of API calls and call sequences, which is applied in the field of Android malware detection based on application programming interface API call sequences, can solve problems such as code confusion, low recognition rate, and omissions, and achieve improved detection efficiency and low computational complexity , reducing the effect of species

Active Publication Date: 2019-05-03
XIDIAN UNIV
View PDF4 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, the existing methods for static detection of Android malware are basically carried out from two aspects of authority and application programming interface API, but this method has the following shortcomings: First, due to the large number of APIs, including the official API provided by Android 1. APIs and custom APIs provided by third-party organizations lead to a large amount of calculations for classification algorithms that rely on API features; second, with the continuous improvement of Android security technology, Android applications use code obfuscation technology to prevent Android applications from being hacked. Decompilation makes it difficult to analyze the obfuscated Android application software; third, the current static detection methods for Android malware cannot adapt to the replacement of the API version, and will cause the detection efficiency to decrease with the change of the API version
The disadvantage of this method is that in the obfuscated Android application software, the 20 high-risk APIs will be replaced by obfuscated names, so this method will miss this key feature, resulting in low detection efficiency
The disadvantage of this method is that the quality of the detection model of this method depends on the API version of the sample in the sample set, and this method has a large amount of calculation, which increases the overhead of malware identification process and the recognition rate is low.
The disadvantage of this method is that the detection method is prone to errors. For example, inexperienced developers may have applied for certain permissions in advance, but they did not use the functions affected by the permissions in programming, so the accuracy rate and omissions are serious

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Android malicious software detection method based on an API calling sequence
  • An Android malicious software detection method based on an API calling sequence
  • An Android malicious software detection method based on an API calling sequence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] Attached below figure 1 The specific steps of the invention are described as follows.

[0041] Step 1, generate training sample set and test sample set.

[0042] 1600 known Android malicious applications and 2400 known normal Android applications are extracted from the application software library to form a training sample set.

[0043] 700 Android applications to be tested are used to form a test sample set.

[0044] Step 2, generate the smali file.

[0045] Use the Android decompilation tool to decompile each Android application software in the training sample set to obtain the smali file corresponding to each Android application software.

[0046] Step 3, generating a set of calling sequences of the application programming interface API.

[0047] The depth-first traversal algorithm DFS is used to generate a call sequence composed of all application programming interface APIs in each smali file.

[0048] The specific steps of the depth-first traversal algorithm D...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an Android malicious software detection method based on an API calling sequence, and mainly solves the problems that a confused application programming interface API cannot beidentified, extracted features cannot be replaced by APIs, the types of the APIs are various, and the calculation amount is large in the prior art. The method comprises the following steps: (1) generating a training sample set and a test sample set; (2) generating a small file; (3) generating a calling sequence set of the application programming interface API; (4) replacing an application programming interface API with the package name; (5) generating a feature matrix; and (6) detecting malicious software. According to the method, the API in the API calling sequence of the application programming interface is replaced by the basic package name, the confusion package name and the user-defined package name, so that the API types can be greatly reduced, the calculation complexity can be greatly reduced, the malware identification and detection efficiency can be improved, and the method can adapt to the replacement of API versions.

Description

technical field [0001] The invention belongs to the field of computer technology, and further relates to a method for detecting Android malware based on an application programming interface API (Application Interface) calling sequence in the field of Internet network technology. The present invention can use the application software programming interface API call sequence of the Android application software to judge whether the Android application software is malicious software, and is used for security analysis of the Android application software. Background technique [0002] The research on the static detection of Android malware originates from the research work of mobile terminal application security, which is characterized by using the permission information and application programming interface API information in Android application software files to analyze the changes in permissions and the calls between application programming interface APIs relationship, extract c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
Inventor 崔艳鹏颜波胡建伟
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com