Android malicious software family classification method based on DEX file partition characteristics
A malware and classification method technology, applied in computer components, platform integrity maintenance, instruments, etc., can solve the problems that the classification and visualization methods do not take into account the characteristics and feature loss of Android malware
Pending Publication Date: 2021-09-10
SICHUAN UNIV
View PDF7 Cites 1 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, due to the rapid iteration of the Android system and the serious system fragmentation caused by the open source feature, Android malware has produced a large number of variants on top of the original numerous malicious families, which has brought considerable challenges to the classification of Android malicious families.
Traditional static analysis methods are susceptible to confusion and hardening, while dynamic analysis methods are time- and space-intensive
New visualization method does not take into account Android malware characteristics, resulting in severe feature loss
[0003] Many visualization methods and image processing methods have been proposed to deal with the classification of malware families, but most of the methods are not aimed at the classification of Android malware families. Because Android platform files have their own characteristics compared with other platform files, many methods are not applicable. Classification of Android malware families and loss of features leading to Android malware
In addition, many methods for the Android platform have low classification accuracy due to insufficient visualization methods and image processing methods.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0009] In order to make the implementation purpose, technical solution and advantages of the present invention clearer, the present invention will be briefly described below in conjunction with the accompanying drawings of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
[0010] It should be noted that like numerals and letters denote similar items in the following figures, therefore, once an item is defined in one figure, it does not require further definition and explanation in subsequent figures.
[0011] The Android malicious family classification method based on the characteristics ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention provides an Android malicious software family classification method based on DEX file partition characteristics. According to the method, the DEX file of the Android malicious software can be automatically extracted, then the DEX file is converted into the RGB image and the text, and classification of the Android malicious software is achieved through the RGB image features and the text features. The method mainly comprises the following steps: (1) extracting a DEX file of Android malicious software; (2) converting the DEX file into an RGB image; (3) converting the DEX file into a plain text file; (4) extracting texture features of the RGB image; (5) extracting color features of the RGB image; (6) extracting text features of the plain text file; and (7) fusing the texture features, the color features and the text features by utilizing multi-kernel learning so as to realize classification of Android malicious software families.
Description
technical field [0001] The invention proposes a method for classifying Android malware families based on the partition characteristics of DEX files. Visualize and text the DEX file according to the block features of the DEX file, convert the DEX file into RGB images and plain text, and then extract the RGB image features and text features as Android malicious sample features. Finally, a multi-feature fusion algorithm based on multi-core learning is selected to classify Android malware families. Background technique [0002] Due to the open source nature of the Android system, it occupies more than 85% of the mobile phone market. However, due to the rapid iteration of the Android system and the serious system fragmentation caused by the open source feature, Android malware has produced a large number of variants on top of the original variety of malicious families, which has brought considerable challenges to the classification of Android malicious families. Traditional sta...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62
CPCG06F18/253G06F21/562G06F18/24G06F16/3344G06V10/56G06V10/54Y02D10/00
Inventor 张磊刘亮高杨晨岳子巍
Owner SICHUAN UNIV