Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Android malware detection method based on api call sequence

A technology of API call and call sequence, applied in the field of Android malware detection based on application programming interface API call sequence, can solve the problems of low detection efficiency, difficult analysis of Android application software, low recognition rate, etc.

Active Publication Date: 2021-07-27
XIDIAN UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, the existing methods for static detection of Android malware are basically carried out from two aspects of authority and application programming interface API, but this method has the following shortcomings: First, due to the large number of APIs, including the official API provided by Android 1. APIs and custom APIs provided by third-party organizations lead to a large amount of calculations for classification algorithms that rely on API features; second, with the continuous improvement of Android security technology, Android applications use code obfuscation technology to prevent Android applications from being hacked. Decompilation makes it difficult to analyze the obfuscated Android application software; third, the current static detection methods for Android malware cannot adapt to the replacement of the API version, and will cause the detection efficiency to decrease with the change of the API version
The disadvantage of this method is that in the obfuscated Android application software, the 20 high-risk APIs will be replaced by obfuscated names, so this method will miss this key feature, resulting in low detection efficiency
The disadvantage of this method is that the quality of the detection model of this method depends on the API version of the sample in the sample set, and this method has a large amount of calculation, which increases the overhead of malware identification process and the recognition rate is low.
The disadvantage of this method is that the detection method is prone to errors. For example, inexperienced developers may have applied for certain permissions in advance, but they did not use the functions affected by the permissions in programming, so the accuracy rate and omissions are serious

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malware detection method based on api call sequence
  • Android malware detection method based on api call sequence
  • Android malware detection method based on api call sequence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] By the following figure 1 The specific steps of the invention are described below.

[0041] Step 1, generate training sample sets and test sample sets.

[0042] Extract the known 1600 Android applied software from the application software library and the known 2,400 Andrews normal applications, form a training sample set.

[0043] 700 Android applications to be tested constitute a test sample set.

[0044] Step 2, generate a smali file.

[0045] Using Android anti-compilation tools, the training sample concentration is used to confine each Android application to get the SMALI file corresponding to each Android application.

[0046] Step 3 Generate the call sequence set of the application programming interface API.

[0047] Use the depth priority algorithm DFS to generate a call sequence consisting of all application programming interface APIs in each SMALI file.

[0048] The specific steps of the depth priority overall calendar algorithm DFS are as follows.

[0049] Step 1 ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting Android malware based on an API call sequence, which mainly solves the problems in the prior art that the confused application programming interface API cannot be identified, the extracted features cannot be used to adapt to the replacement of API versions, there are many types of APIs and the amount of calculation Big downside. The method steps are: (1) generating a training sample set and a testing sample set; (2) generating a smali file; (3) generating a call sequence set of an application programming interface API; (4) replacing the application programming interface API with a package name ; (5) generate feature matrix; (6) detect malware. The present invention uses the basic package name, confusing package name and self-defined package name to replace the API in the API call sequence of the application programming interface, which can greatly reduce the types of API, reduce the computational complexity and improve the efficiency of malware identification and detection, and can Adapt to the change of API version.

Description

Technical field [0001] The present invention belongs to the field of computer technology, and more is a further involving an Android malware detection method based on an application programming interface API (Application Interface) call sequence in the field of application programming interface API (Application Interface). The present invention can use the Application Software Programming Interface API calling sequence of Android applications to determine if the Android application is malware and is used to safety analysis of Android applications. Background technique [0002] The research of static detection of Android malware stems from the research work of mobile terminal application security, which is characterized by using the permission information and application programming interface API information, changes between the application programming interface API. Relationship, extract of classification features and identify malware through machine learning. At present, the met...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 崔艳鹏颜波胡建伟
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com