Android malicious behavior dynamic detection method based on binary dynamic instrumentation

A dynamic detection and malicious technology, applied in the direction of program control design, program control devices, instruments, etc., can solve the problems of extracting software behavior characteristics, coarse detection granularity of malicious behavior, unable to monitor code insertion and packing, etc., and achieve detailed detection conclusions Granularity, high accuracy, and the effect of improving detection efficiency

Inactive Publication Date: 2019-07-09
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF7 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The technical effect of this patented technique involves developing an algorithm that accurately identifies unknown programs by analyzing their execution time or timings during different stages of operation (Logged), extracting important functional patterns from these analysis data, such as timing properties like CPU usage rates and memory use levels, and then comparing them against known ones. This helps identify any potential security threats related to those identified systems.

Problems solved by technology

The technical problem addressed in this patents relates to improving the accuracy and reliability of identifying suspended apps (malwaries) due to their vulnerabilities against privacy issues like data breaches and attacks caused through social media platforms. Current approaches involve analyzing executable files without taking any extra steps towards protecting these applets from being exploited.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malicious behavior dynamic detection method based on binary dynamic instrumentation
  • Android malicious behavior dynamic detection method based on binary dynamic instrumentation
  • Android malicious behavior dynamic detection method based on binary dynamic instrumentation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] In order to better illustrate the purpose and advantages of the present invention, the implementation of the method of the present invention will be further described in detail below in conjunction with examples.

[0030] The specific process is:

[0031] Step 1, use the Android dynamic detection framework to trigger the behavior of the application software.

[0032] Step 1.1, install the apk file of the tested software on the Android physical machine or virtual machine.

[0033] Step 1.2, use the Android dynamic monitoring framework to trigger all potential malicious behaviors of the software, the specific method is: use the Monkey automated testing tool to simulate user UI operation behavior; use the adb tool set to simulate the triggering of system events; use the adb tool set to simulate system service broadcasts, Actively enable system services.

[0034] Step 2, collect the function running logs of the software through binary dynamic instrumentation technology. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an Android malicious behavior dynamic detection method based on binary dynamic instrumentation, and belongs to the technical field of computer and information science. The method comprises the following steps: firstly, triggering all potential malicious behaviors of tested software through an Android dynamic detection framework; then, through a dynamic binary instrumentation technology, constructing a calling sequence of a program to a system API, using an N-Gram model to extract call timing relationship characteristics of a function; finally, inputting the generated time sequence relation characteristics into a trained GBDT (Gradient Boosting Decision Tree, Gradient Boosting Decision Tree) multi-classification algorithm detection model, identifying malicious software, and carrying out fine-grained classification on malicious behaviors of the software. According to the invention, a dynamic binary instrumentation technology is used.A system function calling timesequence feature of the software is extracted without knowing a program source code. Compared with the prior art, the Android malicious behavior detection method has high accuracy for Android malicious behavior detection, malicious behaviors of the software can be divided into six classes. More detailed detection conclusion granularity is achieved, and the detection efficiency of the Android malicious software is effectively improved.

Description

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap