Android malicious software family clustering method based on method call graph

A method call graph, malware technology, applied in computer parts, decompilation/disassembly, program code conversion, etc., can solve the problems of high randomness of API sequence, huge similarity calculation, influence of detection effect, etc. Avoiding limitations, extracting features is stable, and enriching the effect of calculation methods

Inactive Publication Date: 2020-10-23
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is: the API sequence generated by the existing software is highly random, and there is a lot of noise, which has a relatively large impact on the detection effect and the method call graph is due to th

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malicious software family clustering method based on method call graph
  • Android malicious software family clustering method based on method call graph
  • Android malicious software family clustering method based on method call graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] In order to make the object, technical solution and advantages of the present invention clearer, the present invention is further described in detail. It should be understood that the specific embodiments described here are only used to explain the present invention, and are not intended to limit the present invention, that is, the described embodiments are only some of the embodiments of the present invention, but not all of the embodiments.

[0041] The invention provides a method for constructing a method call graph, and uses the method call graph as a feature of malware detection, which is a new exploration of Android malware detection. Using the community discovery algorithm, the method call graph is cut through simple graph partitioning, which improves the detection efficiency. At the same time, the vector space after graph embedding has more flexible and rich calculation methods, and can also compress data and play a role in dimensionality reduction.

[0042] Su...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an Android malicious software family clustering method based on a method call graph. The method belongs to the field of Android malicious software detection, and comprises thefollowing steps: S1, generating a method call graph: obtaining an entry point list of an Android application and an application program interface API call relationship by decompiling an APK file, andautonomously constructing the method call graph of the Android application; s2, preprocessing a method call graph: preprocessing the method call graph to generate a simplified call graph, performing graph division on the simplified call graph by a community discovery algorithm, and dividing the simplified call graph into a plurality of relatively independent sub-graphs SG; S3, performing feature extraction; S4, performing malicious family clustering. According to the method for constructing the method call graph provided by the invention, the method call graph is used as a malicious software detection feature, and the method call graph is cut in combination with a community discovery algorithm and simple graph division, so that the detection efficiency of the Android malicious software isimproved.

Description

technical field [0001] The invention belongs to the field of Android malware detection, in particular to a clustering method for Android malware families based on a method call graph. Background technique [0002] With the rapid development of digital technology, the performance of mobile terminals is getting higher and higher, and human-computer interaction is becoming more and more intelligent. While the development of technology brings convenience to people, it also provides a more solid software and hardware environment for malicious applications. Therefore, the status of mobile phone security protection in the security field is becoming more and more important, and has even become an important part of national security. [0003] Android malware detection is the first to use a signature-based detection method, which can only detect malware that has been discovered, but is powerless for unknown malware. Then researchers turned their attention to the research of algorith...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06F8/53G06K9/62
CPCG06F21/56G06F8/53G06F2221/033G06F18/213G06F18/23G06F18/22
Inventor 罗光春陈爱国郑旭张栗粽邵福骏封舒鑫
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap