83 results about "Android malware" patented technology

The invention discloses an automatic detection method for Android malicious software, and belongs to the technical field of system security. The method comprises the following steps: 1) setting a plurality of application programming interface (API) functions as sensitive APIs, disassembling software to be detected and analyzing all sensitive APIs and function call paths from a disassembled code; 2) judging the trigger mode of each sensitive API, analyzing control information triggering the sensitive API, inputting the control information into a dynamic detection sandbox and executing the control to automatically trigger a malicious act if the trigger mode is a user trigger mode, and sending system messages to the dynamic detection sandbox to trigger the malicious act if the trigger mode is a system message trigger mode; and (3) monitoring and recording the conditions of calling the sensitive API by the software and operating data through the dynamic detection sandbox, and judging the software as the malicious software if the call of the sensitive API and the operating data of the call indeed exist. By the method, manual intervention is not required, and the method provides powerful support for detecting large-scale malicious software.

The invention discloses a detection method for repackage application in an android market. The method comprises the steps: calculating the length of character string used according to dex files of android applications so that the lengths are taken as feature codes for distinguishing different applications, calculating the edition distance between the features codes of the different applications to obtain the similarity of different android applications, comparing the similarity with a given threshold, thus determining whether the repackage application exists. The detection method can be used as an effective assistant means for detecting android malware.

The invention provides an Android malicious software detection method based on a method call graph. A heterogeneous method call graph for constructing Android application Apk software is adopted, a sensitivity function is calibrated, and malicious codes are subjected to location and family classification by using the connectivity of the graph. The specific flow comprises the following steps: scanning the connectivity of the graph on the heterogeneous method call graph to obtain each sub-graph; grading the sensitivity function of each sub-graph, wherein the sub-graphs surpassing a threshold value are determined as malicious code modules, and similar malicious code sub-graph structures in different Android software are determined as malicious code families. According to the Android malicious software detection method, unknown malicious software can be found heuristically, families of the unknown malicious software are calibrated, and safe scanning and protection are provided for broad Android third-party markets and personal users.

The invention discloses a permission-based Android malicious software hybrid detection method. The method comprises the following steps: steps one, decompiling an Android application program and obtaining application program application permissions; step two, combining a system setting permission to carry out permission detection on the application program application permissions; dividing all applications to be detected into a kind application set, a malicious application set and a suspicious application set according to the difference of the conditions of the application program application permissions; step three, dynamically acquiring and detecting the behaviors of the application programs in the suspicious application set, collecting interface calling related to sensitive applications, giving vector space representation, and performing application program vectorization; step four, obtaining the detection result of kind application programs meeting safety detection standard through safety detection. Compared with the prior art, the permission-based Android malicious software hybrid detection method integrates two affecting factors of euclidean distance and cosine similarity, and the obtained detection result is more comprehensive and higher in accuracy.

The invention discloses an efficient Android malware detection model DroidDet based on rotating forest and belongs to the technical field of information security. According to the invention, a decompilation tool is used to decompile the Apk file in an Android application program and a combination of four groups of features is analyzed and extracted as the input for building a rotating forest classifier model. The model is characterized in that 1) the integrated learning method-rotating forest algorithm is initially adopted; further, each base learning device is trained through adopting PCA major constituent analysis and self-service sampling method and using a whole training set; accordingly, the model created in the invention has superior generalization performance; 2) the rotating forest algorithm has the feature of selecting the optimal characteristics so as to avoid noise data. The 10-fold cross-validation method is used for verifying the validity of the model created in the invention and the predicting accuracy of the model in the invention reaches 88.26%, which is 3.13% higher than the 84.93% of typical support vector machines. The model of the invention has wide application prospect in user information security.

The invention provides an Android malware detection method based on an improved Bayesian algorithm. The feature attributes of Android malicious programs and well-behaved programs are analyzed and classified through the improved Bayesian algorithm to realize the malware detection method based on the improved Bayesian algorithm. A judgment on whether software is malware is implemented from the aspect of permission application of applications. According to the method, a permission request label in an Android permission request mechanism is taken as a detection data source. The malware and well-behaved software are distinguished in a permission request label combination way, and a detection model is built by using the improved Bayesian algorithm. The improved Bayesian algorithm is characterized in that mutual independence among attributes of the data source is considered, and a naive Bayesian classifier is used for performing data modeling, so that the detection index is increased greatly, the detection accuracy is increased, and the false alarm rate is lowered.

The invention provides an Android malicious software detection method and system based on dynamic monitoring. The method comprises the following steps: S1, establishing a rule library of various information of a mobile terminal; S2, after a target function address is looked up, replacing the target function address with a function address comprising monitoring codes; S3, when an application of the mobile terminal is started, monitoring the behavior of the application; S4, judging whether or not the behavior of the application is a sensitive behavior executed by Android malicious software. According to the Android malicious software detection method and system based on dynamic monitoring, the aim of effectively monitoring malicious software is fulfilled by simulating running of third-party application software, monitoring sensitive data streams and analyzing sensitive data leakage of application software and making a safety alarm when the sensitive data is tampered.

The invention relates to an Android malicious behavior dynamic detection method based on binary dynamic instrumentation, and belongs to the technical field of computer and information science. The method comprises the following steps: firstly, triggering all potential malicious behaviors of tested software through an Android dynamic detection framework; then, through a dynamic binary instrumentation technology, constructing a calling sequence of a program to a system API, using an N-Gram model to extract call timing relationship characteristics of a function; finally, inputting the generated time sequence relation characteristics into a trained GBDT (Gradient Boosting Decision Tree, Gradient Boosting Decision Tree) multi-classification algorithm detection model, identifying malicious software, and carrying out fine-grained classification on malicious behaviors of the software. According to the invention, a dynamic binary instrumentation technology is used.A system function calling timesequence feature of the software is extracted without knowing a program source code. Compared with the prior art, the Android malicious behavior detection method has high accuracy for Android malicious behavior detection, malicious behaviors of the software can be divided into six classes. More detailed detection conclusion granularity is achieved, and the detection efficiency of the Android malicious software is effectively improved.

The invention relates to a large-scale malicious Android software automatic detection system and method based on multi-class features and machine learning. The method includes: collecting security andmalware libraries, using software analysis tools such as Androguard and Droidbox, collecting the characteristics of each software from both dynamic and static angles, processing the receipts of the forms, defining the thresholds in different angles, when a certain feature does not meet the threshold requirements, deleting the feature, and utilizing a support vector machine, a neural network, an ensemble learning algorithm and other algorithms for detection, and obtaining the optimal results of detection results are obtained, so as to realize the automatic detection of large-scale malware. Theinvention can be used for detecting and identifying large-scale malicious mobile phone software and protecting the privacy and safety of users.

The invention provides an Android malicious software detection method. Graphs are called by adopting an isomerism method for constructing Apk software of Android application, sensitive functions are calibrated, and malicious codes are positioned according to the continuity of the graphs. The method specifically comprises the following steps of performing graph continuity scanning on the graphs called by the isomerism method to obtain all sub-graphs, performing sensitive function marking on all the sub-graphs, and determining that the sub-graphs of which the marks exceed a threshold value are malicious code modules. According to the method, unknown malicious software can be heuristically found, and security scanning and protection are supplied to a large range of Android third-party markets and individual users.

The invention provides an Android malicious software detection system and an Android malicious software detection method. The method comprises the steps of extracting API (Application Program Interface) characteristics and permission characteristics by use of a characteristic extraction module; calculating TF-SFD of each API characteristic and permission characteristic according to a characteristic selection module, ranking the numbers of TF-SFD from large to small, selecting first M1 API characteristics and M2 permission characteristics to form a characteristic matrix; and training the characteristic matrix through a class identification module to obtain a classification model, and identifying the classification module. The above-mentioned detection method is simple, small in calculated amount and relatively high in detection effect.

The invention discloses an improved forest algorithm-based Android malicious software detection method. The method comprises an S01 stage of obtaining a data set, an S02 stage of carrying out reverse processing, an S03 stage of extraction feature vectors, an S04 stage of optimizing the feature vectors, an S05 stage of generating a decision tree set, an S06 stage of calculating a decision tree weight, an S07 stage of generating a final classification result and an S08 stage of assessing the classification result. Compared with the traditional detection method, the improved forest algorithm-based Android malicious software detection method has higher classification precision, and has the effects of improving the correctness of malicious software detection and reducing the probability that Android systems are attacked due to detection errors.

The invention provides an Android malicious software detection method and system based on RNN and CNN, and the method comprises the steps: carrying out the feature extraction of an original installation file of a training sample, and obtaining an operation code sequence; training a BLSTM network by using the operation code sequence; extracting the operation code sequence as a feature picture by using the trained BLSTM network; training a convolutional neural network by utilizing the feature pictures. Firstly, feature extraction is conducted on an installation file of a to-be-detected Android application, and an operation code sequence of the to-be-detected Android application is obtained. The operation code sequence is input into a trained BLSTM network, and a feature picture is extracted.Finally, the feature picture is input into a trained convolutional neural network, and a classification result that whether the feature picture belongs to malicious software or not is output. According to the method, recognition and distinguishing of good software and malicious software under the Android platform are achieved, and the safety of the Android software platform is improved.

The invention provides the design scheme of an Android malicious software detection method based on a program slicing technology. According to the scheme, starting from an installation file APK of an installation application, source codes of the application are analyzed through the program slicing technology, key nodes affecting the safety of the application are found out, Android malicious software is detected, and the purpose of reducing manual operation is achieved. The test result shows that the Android malicious software detection method based on the program slicing technology can reliably detect the Android malicious software; the method based on the program slicing is more accurate than a traditional detection method; the Android malicious software is analyzed from the angle of the source codes, and flexibility is higher for continuously updated viruses and Trojan variants.