Unlock instant, AI-driven research and patent intelligence for your innovation.

Android malicious software detection and malicious code positioning system and method

A malicious software and malicious code technology, applied in the field of network and information security, can solve problems such as lack of interpretability, achieve strong resistance to characteristic interference, high reliability, and improve analysis capabilities

Inactive Publication Date: 2020-08-11
XIDIAN UNIV
View PDF1 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The invention not only provides effective detection of malicious software, but also solves the problem of lack of interpretability in existing detection methods based on learning models, and the located malicious code segment is used as the verification of detection results, which improves the reliability of the detection system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malicious software detection and malicious code positioning system and method
  • Android malicious software detection and malicious code positioning system and method
  • Android malicious software detection and malicious code positioning system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment A

[0039] Embodiment A: Based on the above-mentioned system, a kind of Android malware detection and malicious code location method provided by the present invention specifically includes the following steps:

[0040] Step 1. The system collects normal Android applications and malicious Android applications as the original sample set; among them, the samples of normal Android applications come from the AndroZoo data set, and the applications in it are non-malicious programs after dozens of existing detectors; The application comes from the Android Malware Dataset dataset, which contains classification samples of malicious families and their variants.

[0041] Step 2: Disassemble the APK package of the Android application to be tested in the original sample set through the APK preprocessing module. For the manifest configuration file in it, extract the basic information of the application; for the dex file in it, extract the package, class, method and method correspondence The ins...

Embodiment B

[0047] Embodiment B: refer to figure 2 , the implementation process of the inventive method is specifically as follows:

[0048] Step 1, get the original sample:

[0049] Obtain 11,982 normal Android applications from AndroZoo that have undergone dozens of tests; a total of 11,982 malicious application samples come from the Android Malware Dataset, a data set classified by family and variant.

[0050] Step 2, disassemble the APK analysis configuration file:

[0051] Use the aapt dump command to obtain and filter basic application information, including package name, version code, version name, sdk version, target sdk version, request permissions, and so on.

[0052] Step 3, disassemble the APK and analyze the Dex file:

[0053] Extract the instruction bytecode through Androguard, and follow the steps below to build the method set and API set:

[0054] (3.1) The method set is composed of a self-defined data structure, which is recorded as a Method class. The Method class ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an Android malicious software detection and malicious code positioning system and method, and aims at solving the problems that an existing Android malicious software detector is insufficient in interpretability and poor in semantic analysis capability. The implementation scheme is as follows: the method comprises the following steps: preparing; normal and malicious samplesare used as original data; the method comprises the following steps of: extracting an application instruction byte code by using Androguard; simulating an API (Application Program Interface) sequencepossibly appearing during running of a program in a static extraction manner; an API sequence data set is constructed, then a classifier used for malicious software detection is trained based on a deep learning model, automatic malicious software detection is achieved. Meanwhile, an attention mechanism is introduced, malicious code segments in applications which are detected to be malicious are positioned, and finally the malicious code segments are output in the form of an analysis report. According to the method, accurate malicious software detection is provided, and an explanatory verification basis is provided for a detection result.

Description

technical field [0001] The invention belongs to the technical field of network and information security, and further relates to an Android operating system, specifically an Android malware detection and malicious code location system and method, which can be used for security protection of individual users and Android application markets. Background technique [0002] With the rapid development of mobile Internet technology, mobile terminal equipment is becoming more and more popular. As the most popular mobile operating system, the Android operating system has a large user base. However, due to its open-source nature, Android is also threatened by a large number of malware. With the exposure of various vulnerabilities and the spread of malware variants, users' security and personal privacy are facing huge challenges. [0003] Although the traditional manual analysis method has a high accuracy rate, it is obviously unable to cope with the growth and spread speed of various...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N3/04G06N3/08G06K9/62
CPCG06F21/561G06F21/563G06F21/566G06N3/08G06N3/044G06N3/045G06F18/2415
Inventor 马卓葛浩然王珠珠刘洋赵萌
Owner XIDIAN UNIV