A method and system for detecting ransomware based on permission mode

A technology of software detection and authorization, which is applied in the direction of instruments, calculations, electrical digital data processing, etc., can solve problems such as unrealized tools, and achieve good detection results, high detection rate, and low false alarm rate

Active Publication Date: 2020-05-08
JINAN UNIVERSITY
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Unfortunately, however, they have not yet implemented the corresponding tool

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for detecting ransomware based on permission mode
  • A method and system for detecting ransomware based on permission mode
  • A method and system for detecting ransomware based on permission mode

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0055] This embodiment discloses a method for detecting ransomware based on authority mode, such as figure 1 As shown, the steps are as follows:

[0056] S1. When receiving the application software to be detected, first decompress the APK file in the application software to be detected;

[0057] S2. Analyzing the AndroidManifest.xml file from the APK file in the application software to be detected; and extracting the permissions applied by the application software to be detected from the AndroidManifest.xml file;

[0058] S3. Judging whether the number of permissions applied by the application software to be detected is less than the fixed value X, if so, then enter step S4, if not, then judge that the application software to be detected is not ransomware; wherein the fixed value X is 17 to 20, in In this embodiment, the fixed value X is 17.

[0059] S4. Match the permission applied for by the application software to be detected with the given permission mode. If the matchin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an authority mode based ransomware detecting method and system. The method comprises the following steps: releasing a received APK document in application software to be detected; parsing an AndroidManifest.xml document out of the APK document in the application software to be detected; detecting authority applied by the application software to be detected from the AndroidManifest.xml document; determining whether the quantity of authority applied by the application software to be detected is less than a fixed value X; if the quantity of authority applied by the application software to be detected is not less than a fixed value X, determining that the application software to be detected is not ransomware; if the quantity of authority applied by the application software to be detected is less than a fixed value X, matching the authority applied by the application software to be detected with a given authority mode; determining that the application software to be detected is ransomware in case of successfully matching, and otherwise, determining that the application software to be detected is not the ransomware. The detecting method is good in detecting effect, high in detecting efficiency, low in system cost, and free from the interference of a code confusion technology.

Description

technical field [0001] The present invention relates to the technical field of Android smart terminal use security, in particular to a method and system for detecting ransomware based on a permission mode. Background technique [0002] While application software brings efficiency and convenience to users, it also exposes some security risks, such as malware infection and privacy leakage. Among them, ransomware malware threatens users to pay for unlocking or decrypting by locking the user's mobile device, encrypting or deleting user files, etc. Currently, ransomware is changing and adding more and more quickly. How to quickly and effectively detect ransom codes in Android (Android) applications has also become one of the hot research issues in the current mobile security field. [0003] There are various attack principles of ransomware, but the purpose is to make users unable to use the screen or files of Android smart terminals such as mobile phones normally. The attack m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/12
CPCG06F21/121G06F21/562
Inventor 孙玉霞刘启明翁健
Owner JINAN UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap