Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Android malicious software detection method and system based on RNN and CNN

A technology for malware and detection methods, applied in neural learning methods, decompilation/disassembly, program code conversion, etc., which can solve problems such as a large number of model parameters, ignoring the contextual relationship between opcode sequences, detection accuracy and training efficiency. , to achieve the effect of high recognition accuracy and easy operation

Active Publication Date: 2019-11-22
东北大学秦皇岛分校
View PDF4 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, with the sharp increase in the number of malware, the size of the dataset used to train the model also has a significant impact on detection accuracy and training efficiency
Although the detection accuracy of the n-gram method is high, it requires a lot of computing resources and time to handle the dynamic growth of the required model parameters
However, CNNs are able to handle explosive data growth because the increase in the number of parameters does not imply an increase in computing resources and required time
However, if the opcode sequence is directly converted into a feature matrix with one-hot encoding as the input of the convolutional neural network, the context of the opcode sequence is ignored.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malicious software detection method and system based on RNN and CNN
  • Android malicious software detection method and system based on RNN and CNN
  • Android malicious software detection method and system based on RNN and CNN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0050] The invention provides a method and system for detecting Android malicious software based on RNN and CNN, which are used to identify and distinguish benign software and malicious software under the Android platform, so as to improve the security of the Android software platform.

[0051] Such as figure 1 Shown, the Android malware detection method based on RNN and CNN of the present invention, comprises the following steps:

[0052] S1, performing feature extraction on the original installation file of the training sample to obtain an operation code sequence;

[0053] Step S1 specifically includes the following processing:

[0054] S1-1, use the 7-zip tool to decompress the .apk installation file of the training sample, and obtain the class.dex file contained in the .apk installation file;

[0055] S1-2, using the .apktool d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an Android malicious software detection method and system based on RNN and CNN, and the method comprises the steps: carrying out the feature extraction of an original installation file of a training sample, and obtaining an operation code sequence; training a BLSTM network by using the operation code sequence; extracting the operation code sequence as a feature picture by using the trained BLSTM network; training a convolutional neural network by utilizing the feature pictures. Firstly, feature extraction is conducted on an installation file of a to-be-detected Android application, and an operation code sequence of the to-be-detected Android application is obtained. The operation code sequence is input into a trained BLSTM network, and a feature picture is extracted.Finally, the feature picture is input into a trained convolutional neural network, and a classification result that whether the feature picture belongs to malicious software or not is output. According to the method, recognition and distinguishing of good software and malicious software under the Android platform are achieved, and the safety of the Android software platform is improved.

Description

technical field [0001] The invention relates to the field of malware detection, in particular to a method and system for detecting Android malware based on RNN and CNN. Background technique [0002] Now, the Internet is a very important part of our life and work. However, malware-based cyber-attacks are also a serious problem. With the development of science and technology, the types and complexity of malware are getting higher and higher, and the identification of malware is becoming more and more difficult, especially in the mobile field platform. In view of the rapid growth of mobile devices and mobile application stores, the number of new applications is too large to manually check the malicious behavior of each program, malware detection has become an important technical guarantee for the development of the mobile Internet field today. Researching and implementing a high-accuracy malware detection system has very important practical significance, and has received clos...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06N3/04G06N3/08G06F8/53
CPCG06F21/563G06N3/084G06F8/53G06F2221/033G06N3/044
Inventor 赵立超李丹陈璨史闻博李天祥
Owner 东北大学秦皇岛分校
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com