Function-call-based Android malicious code detection method

A malicious code detection and malicious code technology, applied in the direction of platform integrity maintenance, etc., can solve the problems of building Android program behavior characteristics, inability to fine-grained and other problems

Active Publication Date: 2013-12-11
XI AN JIAOTONG UNIV
View PDF3 Cites 42 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the deficiencies of the prior art, the present invention provides a method for static analysis and detection of Android malicious code based on function calls, aiming to solve the problem that the existing Android malicious code detection technology cannot fine-grainedly construct Android program behavior characteristics

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Function-call-based Android malicious code detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The technical solution of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0021] The overall idea of ​​the present invention is to perform authority-based statistical analysis on the existing Android malicious code, extract the authority with high usage rate as sensitive authority, and then use the APIs that use these authorities as entry points to construct function chains that call these APIs, and perform Android malicious code detection based on function calls.

[0022] refer to figure 1 , in a specific embodiment, the present invention comprises the following steps:

[0023] The first step is to collect Android malicious code samples, conduct manual analysis, and extract key permissions and API functions that execute malicious behaviors. For example, malicious code with the function of sending SMS will apply for the SEND_SMS permission and use the sendTextMessage API.

[0024] The second step is to statisti...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a function-call-based Android malicious code detection method, and aims at solving the problems that the Android program characteristic can be established in a fine-grained manner by adopting an existing Android malicious code detection technology. The method comprises the steps: firstly, conducting authority-based statistic analysis on existing Android malicious codes, extracting an authority with a relatively high utilization rate as a sensitive authority, and then establishing a function chain capable of calling APIs (Application Program Interface) by using the APIs of the authority as entry points, so as to conduct function-call-based Android malicious code detection. Through the function-call-based Android malicious code detection method, the behavior characteristic of the Android program can be established in a fine-grained manner, and therefore, the Android malicious codes can be relatively well detected.

Description

technical field [0001] The invention relates to the technical field of mobile Internet, and mainly relates to a method for detecting malicious codes on an Android system. Background technique [0002] In recent years, smartphones based on the Android system have developed very rapidly. The latest statistical report from IDC shows that in the fourth quarter of 2012, the shipment of smartphones based on the Android system reached 159.8 million units, with a market share of 70.1%. In May, the number of activated Android devices worldwide exceeded 900 million. The number of applications based on the Android system is also increasing, and these applications involve daily life, office entertainment, e-commerce and many other fields. Google claims that as of May 2013, the number of downloads of Google Play applications in the official Android electronic market reached 48 billion . At the same time, in addition to Google Play, there are many third-party electronic markets such as ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
Inventor 陶敬胡文君周文瑜赵双马小博
Owner XI AN JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap