Malicious application program detection method and equipment based on AI model

Abstract

The embodiment of the invention provides a malicious application program detection method and equipment based on an AI model. The method comprises the steps of analyzing a target file in a to-be-detected application program installation package, extracting static information in the target file, where the static information comprises at least one kind of dimension information in a behavior dimension, an authority dimension and a content dimension; processing the static information into a digital feature vector in a feature transformation mode, wherein the digital feature vector is composed of 0 and 1; inputting the digital feature vector into a trained AI model to obtain a maliciousness detection result of the to-be-detected application program; training the AI model according to the input digital feature vector, and outputting the probability that the application program corresponding to the digital feature vector is a malicious application and/or the probability that the application program corresponding to the digital feature vector is a non-malicious application. The problems of difficulty in rule extraction, low coverage, poor expansibility, easiness in bypassing and the like during traditional malicious application detection are solved, and higher accuracy and timeliness are achieved.

Description

technical field [0001] Embodiments of the present invention relate to the technical field of mobile network security, and in particular to a method and device for detecting malicious application programs based on an AI model. Background technique [0002] In the high-tech period in full swing, the development of Android software has shown explosive growth. According to the "Global Mobile Application Market Review Report 2019" released by App Annie a few days ago, the data shows that the number of global APP downloads exceeded 194 billion in 2018, a growth rate of 35% compared to 2016. Unfortunately, this popularity can also attract malware developers, pre-installed apps, bundled downloads, excessive permissions, copycat apps, etc. are hard to guard against. The prevalence of malicious applications has made users' personal privacy gradually transparent. According to the "2017Q1 China Mobile Security Market Research Report", 89.6% of the interviewed users said that they had s...

AI Technical Summary

Problems solved by technology

[0003] At present, many security vendors are also investing in the field of mobile security, and the basic principle of antivirus software is to confirm the intrusion behavior by matching known malicious Trojan horse characteristics, and carry out active defense with firewalls, dynamic monitoring, etc., but the disadvantage is that it relies on malicious characteristics The update of the library, the ability to learn new malicious detection is weak

[0004] However, new malicious applications emerge in endlessly, and their maliciousness is different. Malicious detection depends on the malicious signature database. If the malicious signature database is not updated in time, it will be difficult to achieve the ideal security protection effect.

Images