Unlock instant, AI-driven research and patent intelligence for your innovation.

Android malicious application family classification method, device and electronic equipment

A malicious application and classification method technology, applied in the field of device and electronic equipment, Android malicious application family classification method, can solve the problems of reduced classification accuracy, high false positives, inability to accurately describe malicious applications, etc., to improve classification accuracy, improve The effect of generalization

Active Publication Date: 2021-01-22
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the above detection method, it is necessary to obtain the OP segment data of the OpCode code segment with API call or data assignment behavior and the data corresponding to the index segment. This method can easily bypass the detection method by simply modifying the values ​​of these fields.
More importantly, simply obtaining the behavior of API calls and data assignments cannot accurately describe the behavior of malicious applications, and there are high false positives in multi-classification tasks, and because only simple matching algorithms are used as subsequent decision-making algorithms , it is easy to reduce the classification accuracy due to overfitting

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malicious application family classification method, device and electronic equipment
  • Android malicious application family classification method, device and electronic equipment
  • Android malicious application family classification method, device and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of the embodiments of the present invention, but not all of them. Based on the embodiments in the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the embodiments of the present invention.

[0025] The embodiments of the present invention aim at the problem of inaccurate description of malicious application behavior and low accuracy of malicious application classification in the prior art, by generating semantically related vectors from sensitive opcodes and constructing classification feature...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides an Android malicious application family classification method and device and electronic equipment, and the method comprises the steps: carrying out the preprocessing of an APK file of an Android malicious application, and obtaining a smali file corresponding to the APK file; Bbased on the smali file, counting different method blocks containing sensitive elements, and based on the semantic information of the Opcode, uniformly expressing the Opcode by using a formalized operation code to generate a sensitive operation code sequence; And based on the sensitive operation code sequence, generating a text feature vector, and based on the text feature vector, classifying the Android malicious applications. According to the embodiment of the invention, thebehavior of the malicious application can be more accurately depicted, so that the classification precision of the malicious application is more effectively improved.

Description

technical field [0001] Embodiments of the present invention relate to the technical field of data information security, and more specifically, relate to a method, device and electronic device for classifying Android malicious application families. Background technique [0002] The development of the mobile Internet and the widespread use of smart phones have increased the threat of malicious codes to the system security and information security of smart phones. Therefore, the detection and identification of malicious code is of great significance to ensure the system security and information security of smartphones, which is conducive to the effective identification and interception of malicious applications and the protection of user data security. [0003] At present, more and more attention is paid to the detection and identification of malicious codes and malicious applications. Among them, in an android malicious code detection method, the dex file format is first parse...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F40/30
Inventor 刘超喻民李松姜建国黄伟庆朱大立
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI