Android application maliciousness and malicious race detection model construction method and application

A technology for detecting models and building methods, applied in platform integrity maintenance, computer security devices, instruments, etc., can solve problems such as Android application code confusion and effective resistance

Pending Publication Date: 2020-10-27
HUAZHONG UNIV OF SCI & TECH
View PDF3 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The present invention provides a method and application for constructing an Android application maliciousness and malicious race detection model, which are used to solve the problem that the existing Android application maliciousness detection method cannot effectively resist the Android application code obfuscation technology

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android application maliciousness and malicious race detection model construction method and application
  • Android application maliciousness and malicious race detection model construction method and application
  • Android application maliciousness and malicious race detection model construction method and application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] A construction method 100 of an Android application maliciousness detection model, such as figure 1 shown, including:

[0051] Step 110, collect Android benign application and malicious application samples to form an original sample set, and use multiple Android application obfuscation methods to confuse each sample in the original sample set to form a plurality of corresponding obfuscated variant sample sets;

[0052] Step 120, extracting the opcode features of various granularities of each sample, calculating the weights of various opcode features in the original sample set under each granularity and all obfuscated variant samples corresponding to the granularity obfuscation method set, to obtain from the Among the opcode features, the opcode features used to enhance the detection effect of the original sample set and reduce the difference between samples before and after confusion are selected as the anti-aliasing feature set of this granularity;

[0053] Step 130, ...

Embodiment 2

[0075] A method for detecting maliciousness of an Android application, comprising:

[0076] Decompile the Android application to be tested, extract the coarse-grained opcode features of the application, and filter the various codes that are not included in the construction method of an Android application malicious detection model described in the first embodiment above in order from coarse-grained to fine-grained. The opcode feature in the anti-aliasing feature set, the opcode feature sequence of the sample is obtained and converted into a grayscale image; the grayscale image is input into the construction of a malicious detection model for Android applications as described in the first embodiment The method constructs the maliciousness detection model of the Android application, and obtains the maliciousness of the Android application to be tested. The relevant technical solutions are the same as those in Embodiment 1, and will not be repeated here.

[0077] Decompile the A...

Embodiment 3

[0080] A method for constructing a malicious family detection model of an Android malicious application, based on the grayscale image of each malicious application sample in the original sample set and the corresponding malicious family label, trained to obtain a malicious family detection model for Android malicious applications. The relevant technical solutions are the same as those in Embodiment 1, and will not be repeated here.

[0081] Regarding the sample collection for the construction of the malicious family detection model of the Android malicious application, on the basis of the collection and construction of the original sample set A in the first embodiment, by marking the malicious family of the malicious application of the unmarked malicious family in the sample set A, you can Constitutes the malicious application label values ​​used to train the Android malicious application malicious family detection model.

[0082] The operation code characteristic sequence of...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of mobile malicious application detection. The invention particularly relates to an Android application maliciousness and malicious race detection model constructionmethod and application. For different obfuscation techniques, operation code features of different granularities are extracted; each characteristic weight under each granularity is calculated; the operation code feature which is most beneficial to enhancing the detection effect of the original sample set and reducing the difference of samples before and after confusion is selected from various operation code features; an anti-confusion feature set with various granularities is constructed to resist mainstream obfuscation techniques, an operation code feature sequence of an application sampleis extracted from the anti-confusion feature sets with various granularities, the operation code feature sequence is converted into a grey-scale map, a deep learning network model is trained according to different label values based on the grey-scale map, malicious classification and malicious family classification of the Android application are realized, and detection function integration is realized on mobile terminal equipment. According to the method, while application maliciousness and malicious family detection are supported, interference of an Android application confusion technology on a detection result is effectively resisted, and the detection reliability is high.

Description

technical field [0001] The invention belongs to the field of mobile malicious application detection, and more specifically relates to a method and application for building an Android application maliciousness and malicious race detection model. Background technique [0002] With the continuous development of the Android application market and the continuous and rapid growth of the number of Android applications, many third-party application markets have emerged. However, Android applications contain Android users' personal privacy data, which attracts some attackers to spread malicious applications to users' mobile smartphones. Mobile phones, in order to steal the user's privacy and property, a serious threat to the privacy and data security of Android users. [0003] A special report on Android malware released by security vendor 360 shows that in 2019 alone, 360 Security Brain intercepted about 1.809 million mobile malicious applications, and blocked about 950 million Andr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 李瑞轩江钰辜希武李玉华汤俊伟
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap