Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Malicious code detection method, system and mobile terminal under Android system

一种恶意代码检测、安卓系统的技术,应用在恶意代码检测领域,达到提高检测精度、检测范围全面、消耗资源少的效果

Active Publication Date: 2019-08-20
WUHAN ANTIY MOBILE SECURITY
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Malicious codes under the current Android system show a more complex development trend. It uses more complex obfuscation and encryption methods, and the encryption algorithm usually uses a custom algorithm, which brings great challenges to the static detection of malicious codes. Malicious codes will Sensitive strings, execution codes, and execution module files are encrypted, so that the existing static detection schemes cannot effectively detect them intelligently

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code detection method, system and mobile terminal under Android system
  • Malicious code detection method, system and mobile terminal under Android system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0043] The present invention provides the method embodiment of the malicious code detection under Android system, as figure 1 shown, including:

[0044] S101: Perform format identification and analysis on executable files under the Android system, and determine the distribution position of the code blocks of each executable file in the memory. This process supports format identification and analysis of various executable files, including APK, DEX , ELF, OAT and other formats of executable files;

[0045] It can be understood that the format recognition and parsing of execut...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for malicious code detection based on a virtual technology in an Android system. The method comprises the steps that at first, executable files in the Android system are recognized and analyzed; machine instructions of each executable file are split; the virtual technology is used to simulate execution of the machine instructions and simulate a physical environment required during running of the instructions; possible system calling and API calling are also simulated; sensitive information generated during the simulated execution and the simulated calling is monitored and recorded; and finally the sensitive information is matched with matched characteristics in a rule base, and whether an executable file containing a malicious code exists is determined. The method and the system disclosed by the invention make up deficiencies in existing technologies aiming at malicious code static detection in the Android system and conduct deep detection of the malicious codes in the Android system.

Description

[0001] Cross References to Related Applications [0002] This application requires the Chinese patent application number "201510889821.X" submitted by Wuhan Antiy Information Technology Co., Ltd. on December 08, 2015, the title of the invention is "Virtual Technology-Based Malicious Code Detection Method and System under Android System" priority. technical field [0003] The present invention relates to the technical field of malicious code monitoring, in particular to a method and system for detecting malicious codes under the Android system. Background technique [0004] Malicious codes under the current Android system show a more complex development trend. It uses more complex obfuscation and encryption methods, and the encryption algorithm usually uses a custom algorithm, which brings great challenges to the static detection of malicious codes. Malicious codes will Sensitive character strings, execution codes, and execution module files are encrypted, so that existing s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 潘宣辰潘博文雷刚武乔伟
Owner WUHAN ANTIY MOBILE SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products