Malicious Android software detection method for dynamic code loading based on hybrid analysis

A technology for malware and detection methods, applied in computer security devices, instruments, computing, etc., can solve the problem that the possibility of malware spreading cannot be ignored, and achieve the effect of improving accuracy and effectiveness and protecting security.

Active Publication Date: 2019-06-11
TIANJIN UNIV
View PDF4 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] The increasing popularity of Android devices has led malware developers to focus more and more on Android apps. Google (Google) has curbed the number of malware through the application of static analysis technology and dynamic analysis technology in the app store. , but the possibility of malware spreading in other ways still cannot be ignored

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious Android software detection method for dynamic code loading based on hybrid analysis
  • Malicious Android software detection method for dynamic code loading based on hybrid analysis
  • Malicious Android software detection method for dynamic code loading based on hybrid analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The invention realizes the real-time monitoring of the security of the external code dynamically loaded by the Android application.

[0028] Technical scheme of the present invention is as follows:

[0029] 1) Intercept dynamically loaded code

[0030] In order to detect the security of the code dynamically loaded by the application at runtime, an interception module is placed on the user's device. This module uses the API Hook technology, which can be used to modify the entry of the code to load the API method, and point the entry to our custom method. In the defined method, we modified the original code logic of the method. When the application loads code dynamically using the loader, the Hook module can intercept and extract the dynamically loaded code. The intercepted code can be sent to the server for auditing.

[0031] After intercepting the dynamic code loading behavior of the application, first extract the code address to be loaded by the application, and fi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the subfield of Android application security in the field of software security. In order to enhance the security detection of the Android system on the Android application inthe process of dynamically loading external codes through a hot patching technology, a malicious program is prevented from dynamically loading malicious codes through the hot patching technology to bypass Google application store security detection. The system security is improved, and the user privacy is protected. Therefore, the technical scheme adopted by the invention is as follows: the dynamic code loading-oriented Android malicious software detection method based on hybrid analysis comprises the following steps: 1) intercepting a dynamically loaded code; (2) supplementing the inter-process control flow graph, (3) supplementing edges formed by reflection in the control flow graph, and (4) making stain analysis: after the inter-process control flow graph is obtained, carrying out complete stain analysis on the inter-process control flow graph by using a stain analysis tool. The method is mainly applied to an application safety occasion.

Description

technical field [0001] The invention belongs to the Android application security subfield in the field of software security, and relates to Android hot patch dynamic deployment technology, Android application security issues, malicious code detection technology, Android malware detection technology based on hybrid analysis, and user privacy protection issues , specifically related to hybrid analysis-based Android malware detection methods for dynamic code loading. Background technique [0002] The increasing popularity of Android devices has led malware developers to focus more and more on Android apps. Google (Google) has curbed the number of malware through the application of static analysis technology and dynamic analysis technology in the app store. , but the possibility of malware spreading in other ways still cannot be ignored. [0003] Hot patching technology is one of the important application scenarios of Android dynamic deployment. This technology refers to distri...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/51G06F21/56
CPCY02D10/00
Inventor 杨斌许光全郭峰邱铁黄雨陈晓江
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products