An Android application maliciousness detection method based on application behaviors

Abstract

The invention discloses an Android application maliciousness detection method based on application behaviors. Aiming at the characteristics of an Android system, factors in the aspects of a componentlife cycle, an asynchronous call function, a call relation between components and the like in Android are considered, and corresponding processing is carried out on the factors, so that the integrityof analysis is ensured, and therefore, a complete control flow graph and a complete function call graph of the Android application can be obtained. And then by defining a safety sensitive function andcombining a reverse analysis technology and a program slice analysis technology, reliable safety sensitive behavior path information is obtained. And finally, by using the convolutional neural network of one of the deep learning models, the extracted behavior paths are trained and classified, and the trained model can carry out maliciousness detection on an unknown Android application. Accordingto the invention, all behavior paths which may be related to malicious behaviors in the Android application can be effectively extracted; and the key information in the behavior path is stored for subsequent analysis, and the behavior path can accurately describe the specific behavior of the application, so that the analysis model based on the behavior path has better detection precision.

Description

technical field [0001] The invention belongs to an Android application detection method, in particular to a static analysis-based Android application malicious detection method, combining the advantages of the accuracy of the behavior path information description and the automatic feature extraction of the convolutional neural network to ensure the Android application malicious detection accuracy. . Background technique [0002] The Android system is an operating system for mobile terminals launched by Google. Its inherent open source and customizability make the usage rate and market share of the Android system rise rapidly. According to data from Kantar Worldpanel, a foreign market data research company, in the first quarter of 2017, the market share of Android mobile phones in China rose to 86.4%, making it the system with the largest share of mobile terminal operating systems. [0003] Due to the large number of mobile phone users of the Android system, the development...

AI Technical Summary

Problems solved by technology

Such methods often rely too much on people's subjective consciousness, and the selected features are mostly coarse-grained features, making it difficult to describe specific behaviors.

[0005] Due to the problem of path explosion and path integrity in the static analysis of all execution paths of Android applications, the current methods for behavior analysis in Android applications usually only focus on a specific feature in the behavior, but do not analyze the execution path of the application. Although this method can detect some Android malicious applications to a certain extent, it cannot accurately describe specific malicious behaviors, and it is difficult to adapt to the analysis of unknown applications.

In addition, if only the fine-grained description and analysis of the application behavior is carried out at the code level, although the behavior description becomes more accurate, it is impossible to use a simple machine learning model for training and classification, because the shallow machine learning model has limited expressive ability and cannot learn Representation of such complex information

Images