Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Android malicious application detection method fusing multi-feature classification

A malicious application and detection method technology, applied in the direction of computer security devices, instruments, platform integrity maintenance, etc., can solve the problems of high cost, low efficiency, and inability to simulate the real and brisk simulation of the program, so as to reduce the amount of calculation and improve the detection efficiency. Effect

Pending Publication Date: 2020-02-28
BEIJING UNIV OF TECH
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The static analysis method refers to decompiling the application program without executing the application software, and then performing source code-level analysis. Its advantages are fast speed and light weight. The disadvantage is that it cannot simulate the real and lightness of the program, and the false alarm rate is high.
The dynamic monitoring method is to analyze the security of the program by implementing the behavior of the monitoring program during the software execution process and using techniques such as pattern recognition. Its advantage is high detection accuracy, and its relative disadvantages are high overhead and low efficiency.
At present, some works propose to use machine learning and deep learning ideas to detect Android malicious applications. However, most of these methods only analyze the static permissions and API characteristics of Android applications, and there are few methods that consider Android broadcast characteristics.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android malicious application detection method fusing multi-feature classification
  • Android malicious application detection method fusing multi-feature classification
  • Android malicious application detection method fusing multi-feature classification

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0036] The Android malicious application detection method based on the broadcast mechanism of the present invention is schematically shown as figure 1 As shown, the Android malicious application detection method that integrates multi-feature classification, the specific steps are as follows:

[0037] Step 1: The client installs the dynamic monitoring module.

[0038] (1) After installing the Xposed framework on the mobile terminal, the user downloads and installs the client dynamic monitoring module.

[0039] (2) Select the application program to be monitored, and send the program APK to the server.

[0040] Step 2: The server establishes a classification model.

[0041] (1) The server first collects normal and malicious applications as training set samples, decompiles APK to extract all permissions and static broadcast features, and runs th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an Android malicious application detection method fusing multi-feature classification, belongs to the technical field of Android malicious software detection, and particularlyrelates to an Android malicious application detection method fusing multi-feature classification. The method comprises the following steps: extracting Android permission and static broadcast characteristics by adopting a static analysis method; extracting dynamic broadcast and sensitive API features by adopting a dynamic monitoring method; according to the method, and carrying out dimensionality reduction and decorrelation processing on the features based on the Pearson correlation coefficient dimensionality reduction algorithm. Through carrying out classification detection on the extracted features through the random forest algorithm, existing Android malicious application programs can be detected, and meanwhile Android malicious programs leaking privacy through a broadcast mechanism canbe effectively detected.

Description

technical field [0001] The invention belongs to the technical field of Android malicious software detection, and in particular relates to a method for detecting Android malicious applications fused with multi-feature classification. The invention uses a static analysis method to extract Android permissions and static broadcast features, uses a dynamic monitoring method to extract dynamic broadcast and sensitive API features, and performs dimensionality reduction and de-correlation processing on features based on the Pearson correlation coefficient dimensionality reduction algorithm. The extracted permission, broadcast and sensitive API features are classified, which can not only detect existing Android malicious applications, but also effectively detect Android malicious programs that leak privacy through the broadcast mechanism. Background technique [0002] The Android system is currently the most popular smartphone software platform. According to the 2017 Global Smartphon...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/55G06K9/62
CPCG06F21/566G06F21/562G06F21/552G06F2221/033G06F18/213G06F18/24323G06F18/214Y02D10/00
Inventor 林莉覃耀辉
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com