Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious software detection method based on mixing of improved naive Bayesian algorithm and gated loop unit

A technology of Bayesian algorithm and recurrent unit, which is applied in the direction of neural learning method, calculation, computer security device, etc., and can solve the problem of poor detection effect of Android malware

Inactive Publication Date: 2021-09-10
HARBIN UNIV OF SCI & TECH
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In view of the widespread use of obfuscation techniques in current Android malware, and the poor detection effect of Android malware using obfuscation techniques, the purpose of the present invention is to solve the above problems, and propose a method based on improved naive Bayesian algorithm A Malware Detection Method Hybrid with Gated Recurrent Units

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software detection method based on mixing of improved naive Bayesian algorithm and gated loop unit
  • Malicious software detection method based on mixing of improved naive Bayesian algorithm and gated loop unit
  • Malicious software detection method based on mixing of improved naive Bayesian algorithm and gated loop unit

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach 1

[0068] Malware detection method of the present embodiment is based on improved mixing and Naive Bayes algorithm gating circulation unit, such as figure 1 Shown, the method is implemented by the following steps:

[0069] A step of using software to be detected apktool sample set file decompile obtain decompile application's resource file, comprising: AndroidManifest.xml manifest file and the smali bytecode file;

[0070] Step two, extracted from decompile resource file feature set, comprising: Permission set, the Intent set and the sensitive API set; the extracted feature geometry per use from lowest to highest, to select a high frequency characteristic merged feature set, and quantizing the feature set; wherein,

[0071] Permission obtained from the collection of set and Intent AndroidManifest.xml file;

[0072] Smali sensitive API set obtained from the file;

[0073] By baksmali tool classes.dex decompile file parsed to determine API call interfaces, for example, the chmod user p...

specific Embodiment approach 2

[0076] And a different specific embodiment is directed to an embodiment according to the present embodiment, the step of extracting a feature from a resource file decompile Improved Naive Bayes algorithm mixing and circulation unit gated malware detection method according to a set of two, particularly utilizing rule mining (ARM) algorithms and processing methods associated with the TF-IDF algorithm static characteristics, remove larger correlation characteristic extracting static feature, naive Bayes algorithm and weighting process, feature dimensions reduce, remove redundant features to optimize computational efficiency; wherein the static features include requesting permission component, the API intent and sensitivity;

[0077] Naive Bayes algorithm although better classification results, but the correlation is large, naive Bayes good number of attributes among multiple property or effect classification algorithms, and conventional naive Bayes Algorithm attribute of default feat...

specific Embodiment approach 3

[0079] And the exemplary embodiment except that a two or three of the malware detection method of the present embodiment based on the embodiment of the mixing and improved Naive Bayes algorithm gating circulation unit, the circulation unit gated step process having a timing variation features, particularly for detection of the dynamic characteristics, by moving the mounting Xpoesd emulator or frame of the apparatus, to obtain root privileges, to extract the dynamic features through automated testing tools Monkey Runner + dynamic analysis tools Inspeckage;

[0080] Wherein the dynamic behavior characteristic feature refers Android application software is running, comprising the behavior file read and write operations, a call request, the request message, data encryption and decryption operations, data input and output network, reading private information, such acts can be expressed applications intention;

[0081] Action_sendnet dynamic characteristics represented by the data trans...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious software detection method based on mixing of an improved naive Bayes algorithm and a gated loop unit, and belongs to the field of software detection. A traditional Android defense mechanism is difficult to deal with rapid increase of the number and types of malicious software. The malicious software detection method based on mixing of an improved naive Bayesian algorithm and a gating loop unit comprises the steps that a to-be-detected software sample set file is decompiled through apktool, a decompilation resource file of an application program is obtained, a feature set is extracted from the decompilation resource file, the extracted features are geometrically sorted from low to high according to the number of times of use, the features with high frequency are selected and combined into a feature set, and the feature set is quantized; and a gating loop unit is employed to process the features with time sequence variation to detect the dynamic features. According to the method, the malicious software using the confusion technology can be effectively detected, and the detection accuracy is improved.

Description

Technical field [0001] The present invention relates to a method for detecting malware Naive Bayes algorithm based on improved circulation unit and gating mixed. Background technique [0002] In recent years, the rapid development of mobile Internet makes smart phones becoming the national basic information equipment in my country. Today, smart phones used in a set all kinds, such as photographs, maps, navigation, instant messaging, online payment, online shopping, entertainment, online learning. Therefore, the smart phone stores a lot of personal information, including private information, such as personal photos, call records; account, such as online banking accounts, social networking accounts, etc.; device information, such as location, phone number and so on. Due to the nature of smart phones in real-time network connection, the user's personal information vulnerable to malicious applications disclose, use, so it has potential security issues. [0003] In the smart phone ope...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F8/53G06N3/04G06N3/08
CPCG06F21/566G06F21/562G06F8/53G06N3/08G06N3/045
Inventor 杨明极赵艺博
Owner HARBIN UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com