Dynamic and static combination detection method for Android mobile network terminal malicious codes based on SVM

A malicious code, dynamic and static combination technology, applied in the field of information security, can solve the problems of low malware detection accuracy, malicious family classification accuracy, inability to handle dynamic loading, runtime encryption and decryption, etc. The effect of accuracy

Pending Publication Date: 2020-02-14
NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the existing research on multi-label detection of Android malicious code, generally only the static analysis method is used to extract the characteristics of Android software, which cannot handle dynamic loading, runtime encryption and decryption, etc., and the detection accuracy of malware and the classification accuracy of malicious families are low.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic and static combination detection method for Android mobile network terminal malicious codes based on SVM
  • Dynamic and static combination detection method for Android mobile network terminal malicious codes based on SVM
  • Dynamic and static combination detection method for Android mobile network terminal malicious codes based on SVM

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0060] In order to verify the effectiveness of the scheme of the present invention, Drebin data set and non-malware samples obtained from Google Play are used to form a data set, and malicious code detection and family classification simulation are carried out.

[0061] Step 1. Divide the samples in Drebin according to the malicious families they belong to, use the web crawler method to obtain non-malware software on Google Play, and use the VirusTotal online detection service to verify, so as to build a sample data set and select 70 % of samples as training data;

[0062] Step 2. Use APKParser to process the Android software sample, parse the AndroidManifest.xml file, extract the permission list of the software application, the declared components and the system events of the software monitoring according to the tag field in the xml, and construct the static feature F of the software static ,Expressed as:

[0063] f static =

[0064] Among them, Per is a list set of all pe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an SVM-based dynamic and static combination detection method for Android mobile network terminal malicious codes. The method comprises the following steps: constructing a training sample data set accommodating malicious software and non-malicious software; obtaining a static feature and a dynamic behavior feature of each sample in the training sample data set, and constructing a feature vector of each software sample; adding malicious software marking fields to the feature vectors of all the software samples, and training a support vector machine classifier; adding malicious software category marking fields to the feature vectors of the malicious software samples, and training a random forest classifier; extracting a static feature vector and a dynamic feature vector of to-be-tested software, and constructing a feature vector of the to-be-tested software; a support vector machine classifier is used for malicious software detection; If the software is detected tobe malicious software, further utilizing a random forest classifier to judge the malicious software family to which the software belongs. According to the method, the accuracy of software malicious behavior detection is improved, Meanwhile, the ability of malicious family classification is achieved.

Description

technical field [0001] The invention belongs to the field of information security, and in particular relates to a dynamic and static detection method based on an SVM-based Android mobile network terminal malicious code. Background technique [0002] Currently, the application of smart phones has been involved in all aspects of people's lives, and the Android system occupies a large share in smart phones. Therefore, accurate detection of Android malicious codes is of great significance and application value for protecting the privacy and property security of Android users. In the existing research on multi-label detection of Android malicious code, generally only the static analysis method is used to extract the characteristics of Android software, which cannot handle dynamic loading, runtime encryption and decryption, etc., and the detection accuracy of malware and the classification accuracy of malicious families are low. . Contents of the invention [0003] The purpose ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/562G06F21/566G06F2221/033G06F18/2411
Inventor 顾晶晶庄毅乔塨哲
Owner NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap