Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Android malicious software detection system and method based on heterogeneous graph learning

A malware and detection system technology, applied in the field of network security, which can solve the problems of inability to detect encryption and dynamically loaded malicious programs, and the detection rate cannot guarantee fast streaming response, achieving high path coverage, high-efficiency detection performance, and detection. high performance effects

Pending Publication Date: 2021-12-07
北京卫达信息技术有限公司
View PDF2 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The static analysis method is to decompile the APK file through reverse engineering to extract relevant features without running the application, usually to analyze the intermediate form of code after decompilation of the dex file, such as api calls, etc., followed by the manifest file. Permissions, intent filters, but such methods cannot detect encrypted and dynamically loaded malicious programs
Dynamic analysis is to simulate running an application in a sandbox or virtual machine environment, monitor the runtime characteristics of the application during the process, and analyze and record logs to find malicious behaviors. This method has a better detection effect, but the detection requires The real running state of the program is simulated in the sandbox, and its detection rate cannot guarantee a stream-like fast response

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malicious software detection system and method based on heterogeneous graph learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0035] Such as figure 1 As shown, as a preferred embodiment, the Android malware detection system based on heterogeneous graph learning of the present invention includes Android software decompression and decompilation unit, feature extraction unit, heterogeneous graph construction unit, multi-core learning unit and malicious software Software detection unit.

[0036] The Android software decoding and decompiling unit utilizes currently public and common decoding and decompiling techniques to decode and decompile the Android software to be detected. Specifically, at first the software to be detected is decoded into an APKs file, and then the APKs file after decoding is decompiled into Smali code using a decompilation tool, and the Smali code after the decompilation includes the internal function call relationship and Link structure relationship.

[0037] The feature extraction unit extracts the internal function call relationship of the software to be detected, and according...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an Android malicious software detection system and method based on heterogeneous graph learning. The method breaks through a traditional malicious software detection method based on a signature mechanism and static characteristics, and has the basic idea that a function call sequence and a connection structure in malicious software are different from a function call and connection structure of normal software. According to the invention, the internal function call relationship of each piece of to-be-detected Android software is constructed into a heterogeneous graph, then a high-order semantic relationship among different function calls is explored by introducing different meta-paths, the importance of different meta-paths to malicious software detection is measured by using a standard multi-kernel learning algorithm, and the learned weighting function calling interaction matrix is input into a support vector machine to train an automatic model to realize detection. According to the invention, the function call relationship in the malicious software can be effectively explored, the detection accuracy of the malicious software is greatly improved by learning the function call mode of the malicious software, and the efficient and real-time detection requirement can be met.

Description

technical field [0001] The invention relates to the field of network security, in particular to an Android malware detection system and method based on heterogeneous graph learning. Background technique [0002] Malware is software designed to harm a computer, server, or computer network. Malware can cause varying degrees of damage to a target computer after it is planted or somehow compromised. Malicious software is installed and run on the computer without explicitly prompting the user or without the user's permission, manifesting as malicious behaviors such as forced installation, browser hijacking, data theft, malicious collection of user sensitive information, and malicious bundling of software. In recent years, with the rapid development of mobile communications and smart terminals, malware targeting Android terminals emerges in an endless stream, and Android malware is even widely distributed in some well-known application markets. It has a serious impact on Android...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F8/53G06N20/10
CPCG06F21/563G06F21/566G06F8/53G06N20/10Y02D10/00
Inventor 张长河耿童童
Owner 北京卫达信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com