A method and system for detecting malicious applications using discriminative adversarial networks
A malicious application and detection method technology, applied in neural learning methods, biological neural network models, platform integrity maintenance, etc., can solve the problem of inaccurate learning, insufficient research on Android malicious application software classification, laborious manual engineering and functional changes And other issues
Active Publication Date: 2022-07-12
国家计算机网络与信息安全管理中心浙江分中心
View PDF0 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Compared with the static detection method, this kind of method is better than the detection method based on the feature code in the detection effect of the unknown malicious application, and can reduce the false negative, but the speed is slow, and its computing resources and time are unbearable, and some After the application detects that the sandbox is running, it will change its behavior in a targeted manner to avoid detection
[0005] The prior art has the following defects: low detection accuracy
Traditional machine learning systems use statistical methods and feature sets that are manually intervened by malware resulting in detection systems that can be slow to react to changes and new threats
With such laborious manual engineering and functional changes occurring over time, these detection methods may only be effective in the short term
In addition, there is insufficient research on the classification of obfuscated Android malicious applications at this stage
Inaccurate feature learning
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0029] The following description serves to disclose the invention to enable those skilled in the art to practice the invention. The preferred embodiments described below are given by way of example only, and other obvious modifications will occur to those skilled in the art. The basic principles of the invention defined in the following description may be applied to other embodiments, variations, improvements, equivalents, and other technical solutions without departing from the spirit and scope of the invention.
[0030] It should be understood by those skilled in the art that in the disclosure of the present invention, the terms "portrait", "horizontal", "upper", "lower", "front", "rear", "left", "right", " The orientation or positional relationship indicated by vertical, horizontal, top, bottom, inner, outer, etc. is based on the orientation or positional relationship shown in the drawings, which is only for the convenience of describing the present invention and to simpli...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a malicious application detection method and system for discriminating against a network. The method comprises the following steps: establishing an API calling neural network of an application; establishing an authority neural network of the application; establishing an operation code sequence neural network of the application; The above three types of neural networks input the corresponding features, and obtain three output feature vectors respectively; input the three output feature vectors into the discriminative confrontation network, and output the recognition result of the application. The method and system identify malicious applications by establishing a discriminative adversarial network (DAN) architecture that replaces the generator in the traditional GAN with a discriminator, one of the discriminators of the discriminative adversarial network (DAN) Malware can be detected, another discriminator is obfuscated agnostic, can identify obfuscated and unobfuscated malicious applications with different domains, and removes the bias introduced by obfuscation in learning.
Description
technical field [0001] The invention relates to the field of mobile phone malicious application detection, in particular to a malicious application detection method and system for discriminating against networks Background technique [0002] The existing Android malicious code detection technologies are mainly based on static detection technology and sandbox-based dynamic behavior detection technology, or use a hybrid detection technology of both. [0003] The general static analysis contents include signature information analysis, code semantic analysis, control flow analysis, data flow analysis, etc. A typical static detection method uses static analysis tools of source code to detect and analyze the code content in the application without running the application or installing the application, and then summarizes and analyzes the resource usage of the code during the execution process. [0004] The dynamic behavior detection method uses a virtual machine environment (sand...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06N3/04G06N3/08
CPCG06F21/56G06N3/084G06N3/047G06N3/048G06N3/045
Inventor 马敏燕沈颖彦季莹莹陈形项菲李鹏霄胡少杰
Owner 国家计算机网络与信息安全管理中心浙江分中心