CN104834859A - Method for dynamically detecting malicious behavior in Android App (Application) - Google Patents
Method for dynamically detecting malicious behavior in Android App (Application) Download PDFInfo
- Publication number
- CN104834859A CN104834859A CN201510203050.4A CN201510203050A CN104834859A CN 104834859 A CN104834859 A CN 104834859A CN 201510203050 A CN201510203050 A CN 201510203050A CN 104834859 A CN104834859 A CN 104834859A
- Authority
- CN
- China
- Prior art keywords
- code
- program
- pitching pile
- soot
- java
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a method for dynamically detecting a malicious behavior in an Android App (Application), and aims to prevent a user of the Android App from the harms of bad software and a malicious code in the bad software. The method comprises the following steps of acquiring an apk file of an Android App to be analyzed, and decompiling the apk file to obtain decompiled Java codes; then loading the acquired Java codes into a converter to convert the Java codes into intermediate representations for subsequent instrumentation; performing instrumentation operation on the codes by virtue of a Soot tool, namely performing instrumentation at the related code such as a code involving short message and Http (Hyper Text Transport Protocol) link request sending, a code involving dangerous API (Application Programming Interface) calling and a conditional statement to be enforced to extract information, loading the instrumented codes into a compiler, and performing compiling to form a new apk file; running the new file, storing information acquired by instrumentation into a database for further researches, and analyzing log information in the database by using a malicious behavior and good behavior distinguishing method proposed before.
Description
Technical field
The present invention relates to a kind of detection method of the Malware for terminal operating system, belong to mobile internet technical field.
Background technology
In recent years, along with the develop rapidly of mobile Internet, the smart mobile phone with Mobile operating system has become the main flow of current mobile terminal development.Smart mobile phone is no longer traditional means of communication, and similarly is more palm PC, is provided with oneself independently operating system.At this wherein, the Android mobile terminal operating system based on linux kernel is with the fastest developing speed.
The most significant characteristic of android system is exactly its increasing income property, and any user when escaping from prison, can download easily and install various software application in third party software market, and this is wherein no lack of and there is many Malwares.These Malwares as potential target of attack, bring many loss to user using the intelligent terminal of user.Deduct fees with the form generation malice called as by sending note; Produce unnecessary HTTP request in the application; Other software etc. is installed in the unwitting situation of user.Therefore, how to detect that these malicious codes be hidden in Android application become the focus of numerous domestic and international researcher's research in the last few years.
For the detection of malicious code in Android application, domestic and international researcher mainly takes following 2 kinds of methods, first method is the detection method based on signature (signature-based), and the characteristic signature (as: one section of special code or character string) whether this method has known malware by file judges whether it is Malware.Second method is the detection method of Behavior-based control (behavior-based), and according to the difference on the opportunity of detection, behavior-based detection method can be divided into dynamically (dynamic) and static (static) two kinds.Dynamic behaviour detects in the process run in program and performs, and static behavior detects and carried out before program performs.Because the method obscured and encrypt can not the behavior pattern of reprogramming, therefore detection of dynamic prevents this type of from attacking effectively.
Dynamic behaviour detects, and is to perform, compared with Static Detection in the process of program operation, owing to performing when program is run, detection of dynamic is higher to requirement of real-time, must guarantee to detect threat before rogue program produces infringement to system, and this will bring larger energy consumption.But because the method obscured and encrypt can not the behavior pattern of reprogramming, therefore detection of dynamic prevents this type of from attacking effectively, and this is that static analysis institute is inaccessiable.Existing dynamic behaviour detection method mainly carrys out logging program behavior by the daily record of system log (SYSLOG) and network packet daily record.There is following defect in these class methods: on the one hand, records these daily records by resources a large amount of for consumption systems, and contain information useless too much in these daily records.On the other hand, Dynamic Execution has just run a few paths in program, can not ensure the covering to all responsive behaviors.
Summary of the invention
The object of the invention is the detection of dynamic problem in order to solve Malware in above-mentioned Android application, and the coverage rate of program operation can be increased, to improve the accuracy of performance analysis result.In order to solve the problem; the invention provides the dynamic testing method of malicious act in a kind of Android application; Android application program is detected; detect the malicious code in Android application software and hidden malicious act; for Android user avoids unnecessary loss, protection Android user is not by the injury of Malware.
The present invention specifically comprises the steps:
1, the APK of Android application program bag is converted into corresponding Java code:
Obtain the APK file of the Android application program of Water demand and decompiling is carried out to it, obtaining the Java code after decompiling, afterwards the Java code of acquisition is put into converter, be converted into intermediate representation form, so that pitching pile work below;
2, pitching pile operation is carried out to the Java code in Android application:
Needing the place of information extraction to carry out code pitching pile, and compiler compiling put into again by the code completed by pitching pile, forms new APK file; Enforce all conditions statement, in order to expand the coverage rate of code by code analysis tool simultaneously; .
3, the new APK file that last step is formed is run, the information obtained because of pitching pile is preserved in database, and extract the information needed, recycling Java code analysis tool Soot instrument produce this Android application program corresponding call flow graph (call graph) and controlling stream graph (control flow graph) thereof; Log information (containing above-mentioned information extraction call flow graph and controlling stream graph) in database is analyzed, whether mating with user behavior by analyzing it, judging whether it belongs to malicious act.
4, malicious act is further analyzed, analyzes it and belong to which kind of malicious act.
Further, soot instrument is used to be specially the step that the java code obtained carries out pitching pile:
Step 2.1 adds soot software package in eclipse;
Obtained java code is Jimple intermediate language by soot tool change by step 2.2, the operation after convenient;
Step 2.3 is write soot program and is carried out pitching pile operation to the java program obtained;
Step 2.3.1 writes soot program, and traversal obtains each class in java bag;
Step 2.3.2 writes soot program, travels through all methods in each class;
Step 2.3.3 for the assignment statement in said method, according to the difference of its middle method for expressing form, the corresponding code of pitching pile;
Step 2.3.4 for the conditional statement in said method, according to the difference of its middle method for expressing form, the corresponding code of pitching pile, and enforce each condition;
Step 2.3.5 for the loop statement in said method, according to the difference of its middle method for expressing form, the corresponding code of pitching pile.
Further, in step 3, the process of analytical database log information is specially:
Step 3.1 runs the soot code after writing;
The information that after step 3.2 obtains pitching pile, soot software exports;
The information of step 3.3 by obtaining after pitching pile, uses soot software, draws out the call graph of former java program;
The information of step 3.4 by obtaining after pitching pile, uses soot software, draws out the controlling stream graph of former java program;
Step 3.5 passes through call graph and the controlling stream graph of program, is intended to compare, whether there is malicious act to analyze this program with user behavior;
Step 3.6, for the program that there is malicious act, analyzes the position that it comprises the program segment of malicious act.
Further, the process that step 4 is further analyzed for the malicious act existed is specially:
Step 4.1 obtains the program segment analyzed and locate the malicious act obtained afterwards;
Step 4.2, by call graph and controlling stream graph, finds the statement relevant to this program segment;
These statements are expressed as corresponding logical expression with the form of predicate logic by step 4.3;
These logical expressions are put into solver and are solved by step 4.4, and whether can obtain with the model of the program malicious act place program segment solution that is result, if there is solution, then the program that represents has path can run to this section of code.
Further, for the selection of pitching pile position, mainly contain and send note or have Http linking request or call the place of dangerous API.
Further, the process in step 1, the APK of Android application program bag being converted into corresponding Java code is specific as follows:
Step 1.1 downloads the required APK file analyzing Android application;
Step 1.2 changes APK file suffix into zip and decompress(ion), obtains classes.dex wherein;
Classes.dex is copied to dex2jar.bat place catalogue by step 1.3;
Step 1.4 navigates to dex2jar.bat place catalogue under order line, runs dex2jar.batclasses.dex, generates classes_dex2jar.jar;
Step 1.5 enters the jd-gui.exe in jdgui file, opens the jar generated above and wraps classes_dex2jar.jar, check source code.
The present invention, by the detection using the method for detection of dynamic to carry out malicious code, more effectively can detect the covert behavior in App; And be intended to whether there is consistance according to goal behavior and user behavior and distinguish malicious act and optimum behavior; Use instrument is enforced for condition judgment statement, expands the coverage rate of statement as far as possible; Soot instrument is used to carry out pitching pile, the sequence of operations such as analysis to the code obtained, convenient and swift; The associative operations such as use mathematical logic content, acquisition program runs to the model of malicious act section code, the test after convenient.The inventive method can overcome the defect that in Android application, the detection of dynamic coverage rate of Malware is low, effectively improves the accuracy of performance analysis result.
Accompanying drawing explanation
Fig. 1 is the general flow chart of the inventive method.
Fig. 2 be the inventive method be java code flow figure by the decompiling of Android application program.
Fig. 3 be the inventive method write soot pitching pile program flow diagram.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.
As shown in Figure 1, implementation step is the main-process stream of the preferred embodiment of the inventive method:
1, the APK of Android application program bag is converted into corresponding Java code (particular flow sheet is as shown in Figure 2):
Step 1.1) download the required APK file analyzing Android application;
Step 1.2) change APK file suffix into zip and decompress(ion), obtain classes.dex wherein;
Step 1.3) classes.dex is copied to dex2jar.bat place catalogue;
Step 1.4) under order line, navigate to dex2jar.bat place catalogue, run dex2jar.batclasses.dex, generate classes_dex2jar.jar;
Step 1.5) enter jdgui file double-click jd-gui.exe, open the jar generated above and wrap classes_dex2jar.jar, check source code;
2, use soot software to carry out pitching pile to the java code obtained, write soot pitching pile program circuit as shown in Figure 3:
Step 2.1) in eclipse, add soot software package;
Step 2.3) by obtained java code by the function in soot software, be converted into Jimple intermediate language, the operation after convenient;
Step 2.3) write soot program to obtain java program carry out pitching pile operation;
Step 2.3.1) write soot program, traversal obtains each class in java bag;
Step 2.3.2) write soot program, travel through all methods in each class;
Step 2.3.3) for the assignment statement in method, according to the difference of its middle method for expressing form, the corresponding code of pitching pile;
Step 2.3.4) for the conditional statement in method, according to the difference of its middle method for expressing form, the corresponding code of pitching pile, and enforce each condition;
Step 2.3.5) for the loop statement statement in method, according to the difference of its middle method for expressing form, the corresponding code of pitching pile;
3, run the soot program code after writing, and analyze, analytic process is as follows:
Step 3.1) run the soot code write;
Step 3.2) obtain the information that soot software exports after pitching pile;
Step 3.3) information by obtaining after pitching pile, use soot software, draw out the call graph of former java program;
Step 3.4) information by obtaining after pitching pile, use soot software, draw out the controlling stream graph of former java program;
Step 3.5) by the call graph of program and controlling stream graph, analyze this program and whether there is malicious act;
Step 3.6) for the program that there is malicious act, analyze the position that it comprises the program segment of malicious act;
4, the malicious act existed is further analyzed:
Step 4.1) obtain to analyze and locate the malicious act program segment obtained afterwards;
Step 4.2) by call graph and controlling stream graph, find the statement relevant to this program segment;
Step 4.3) these statements are expressed as corresponding logical expression with the form of logic for this reason;
Step 4.4) these logical expressions are put into solver solve, see and whether can obtain with program malice
Behavior place program segment is the model of the solution of result.
The invention is not restricted to above-described embodiment, all technical schemes adopting equivalent replacement or equivalence replacement to be formed all belong to the scope of protection of present invention.
Claims (7)
1. the dynamic testing method of malicious act in Android application, is characterized in that, comprise the steps:
The APK of Android application program bag is converted into the step of corresponding Java code;
Java code in Android application is carried out to the step of pitching pile operation: needing the place of information extraction to carry out code pitching pile, and compiler compiling put into by the code completed by pitching pile, forms new APK file; Enforce all conditions statement, in order to expand the coverage rate of code by code analysis tool simultaneously;
Run the new APK file that last step is formed, the information obtained because of pitching pile preserved in database, and extract the information needed, recycle Java code analysis tool produce this Android application program corresponding call flow graph and controlling stream graph thereof; Log information in database is analyzed, whether mating with user behavior by analyzing it, judging whether it belongs to malicious act;
For being judged to be malicious act, it to be further analyzed, to determine the type that this malicious act is concrete.
2. method according to claim 1, is characterized in that, use soot instrument to carry out pitching pile to the java code obtained, concrete steps are:
Soot software package is added in eclipse;
Be Jimple intermediate language by obtained java code by soot tool change;
Write soot program and pitching pile operation is carried out to the java program obtained;
Write soot program, traversal obtains each class in java bag;
Write soot program, travel through all methods in each class;
For the assignment statement in described method, according to the difference of its middle method for expressing form, the corresponding code of pitching pile;
For the conditional statement in described method, according to the difference of its middle method for expressing form, the corresponding code of pitching pile, and enforce each condition;
For the loop statement in described method, according to the difference of its middle method for expressing form, the corresponding code of pitching pile.
3. method according to claim 2, is characterized in that, the process of analytical database log information is specially:
Run the soot code after writing;
The information that after obtaining pitching pile, soot software exports;
By the information obtained after pitching pile, use soot software, draw out the call graph of former java program;
By the information obtained after pitching pile, use soot software, draw out the controlling stream graph of former java program;
By call graph and the controlling stream graph of program, be intended to compare with user behavior, whether there is malicious act to analyze this program;
For the program that there is malicious act, analyze the position that it comprises the program segment of malicious act.
4. according to the method in Claim 1-3 described in any one, it is characterized in that, the process be further analyzed for the malicious act existed is specially:
Obtain the program segment analyzed and locate the malicious act obtained afterwards;
By call graph and controlling stream graph, find the statement relevant to this program segment;
These statements are expressed as corresponding logical expression with the form of predicate logic;
Described logical expression is put into solver solve.
5. method according to claim 4, is characterized in that, the position of pitching pile is chosen as, and carries out pitching pile there being the place sending note or have Http linking request or call dangerous API.
6. method according to claim 4, it is characterized in that, the described step APK of Android application program bag being converted into corresponding Java code is specially, obtain the APK file of the Android application program of Water demand and decompiling is carried out to it, obtain the Java code after decompiling, afterwards the Java code of acquisition is put into converter, be converted into intermediate representation form, so that pitching pile work below.
7. method according to claim 6, is characterized in that, by specific as follows for the process that the APK of Android application program bag is converted into corresponding Java code:
Download the required APK file analyzing Android application;
Change APK file suffix into zip and decompress(ion), obtain classes.dex wherein;
Classes.dex is copied to dex2jar.bat place catalogue;
Under order line, navigate to dex2jar.bat place catalogue, run dex2jar.bat classes.dex, generate classes_dex2jar.jar;
Enter the jd-gui.exe in jdgui file, open the jar generated above and wrap classes_dex2jar.jar, check source code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510203050.4A CN104834859B (en) | 2015-04-24 | 2015-04-24 | The dynamic testing method of malicious act in a kind of Android applications |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510203050.4A CN104834859B (en) | 2015-04-24 | 2015-04-24 | The dynamic testing method of malicious act in a kind of Android applications |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104834859A true CN104834859A (en) | 2015-08-12 |
| CN104834859B CN104834859B (en) | 2018-04-10 |
Family
ID=53812741
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510203050.4A Active CN104834859B (en) | 2015-04-24 | 2015-04-24 | The dynamic testing method of malicious act in a kind of Android applications |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104834859B (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105279091A (en) * | 2015-11-19 | 2016-01-27 | 中国人民大学 | According-to-requirement tracking method based on dynamic taint analysis and device thereof |
| CN105550594A (en) * | 2015-12-17 | 2016-05-04 | 西安电子科技大学 | Security detection method for android application file |
| CN105550581A (en) * | 2015-12-10 | 2016-05-04 | 北京奇虎科技有限公司 | Malicious code detection method and device |
| CN105574409A (en) * | 2015-12-10 | 2016-05-11 | 北京奇虎科技有限公司 | Injection code extraction method and device |
| CN105677569A (en) * | 2016-01-11 | 2016-06-15 | 南京理工大学 | Automatic Android testing tool based on event processor and testing method |
| CN106022116A (en) * | 2016-05-12 | 2016-10-12 | 南京大学 | Inter-android application attack-based automatic patching system and method |
| CN106203113A (en) * | 2016-07-08 | 2016-12-07 | 西安电子科技大学 | The privacy leakage monitoring method of Android application file |
| CN107038103A (en) * | 2017-04-14 | 2017-08-11 | 上海交通大学 | Android program monitoring system and method based on bytecode pitching pile |
| CN108959071A (en) * | 2018-06-14 | 2018-12-07 | 湖南鼎源蓝剑信息科技有限公司 | A kind of detection method and system of the PHP deformation webshell based on RASP |
| CN109447184A (en) * | 2018-11-28 | 2019-03-08 | 南京理工大学 | Android application network behavior classification method and system based on deep learning |
| CN109522235A (en) * | 2018-11-29 | 2019-03-26 | 南京大学 | A method of it is detected for the privacy leakage of Android dynamically load |
| CN109558725A (en) * | 2018-12-05 | 2019-04-02 | 南京大学 | A kind of method for secret protection for android system dynamically load situation based on pitching pile |
| CN109948338A (en) * | 2019-03-19 | 2019-06-28 | 中南大学 | Android application Path-sensitive triggering method based on static analysis |
| CN110347954A (en) * | 2019-05-24 | 2019-10-18 | 北京因特睿软件有限公司 | Service method towards complicated Web application |
| CN110399292A (en) * | 2019-06-21 | 2019-11-01 | 平安普惠企业管理有限公司 | Record code running track method, apparatus, computer equipment and storage medium |
| CN110795358A (en) * | 2020-01-06 | 2020-02-14 | 同盾控股有限公司 | Code instrumentation detection method, apparatus, device and medium |
| CN111026630A (en) * | 2018-10-09 | 2020-04-17 | 阿里巴巴集团控股有限公司 | Statistical method, device and system for code coverage rate |
| CN111176981A (en) * | 2019-12-11 | 2020-05-19 | 南京理工大学 | Method for testing related behaviors of Android application network |
| WO2020232685A1 (en) * | 2019-05-22 | 2020-11-26 | 深圳市欢太科技有限公司 | Malicious quickapp detection method and terminal |
| CN112100054A (en) * | 2020-08-12 | 2020-12-18 | 北京大学 | Data management and control oriented program static analysis method and system |
| CN115688109A (en) * | 2023-01-04 | 2023-02-03 | 杭州云缔盟科技有限公司 | Malicious code detection method based on malicious code detection alarm system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102012987A (en) * | 2010-12-02 | 2011-04-13 | 李清宝 | Automatic behavioural analysis system for binary malicious codes |
| CN102222041A (en) * | 2011-06-15 | 2011-10-19 | 深圳市运通信息技术有限公司 | Test analysis system and method based on embedded software |
| CN102938040A (en) * | 2012-09-29 | 2013-02-20 | 中兴通讯股份有限公司 | Malicious Android application program detection method, system and device |
| CN103207969A (en) * | 2013-04-12 | 2013-07-17 | 百度在线网络技术(北京)有限公司 | Device and method for detecting Android malware |
| CN104217164A (en) * | 2014-09-11 | 2014-12-17 | 工业和信息化部电子第五研究所 | Method and device for detecting malicious software of intelligent mobile terminal |
-
2015
- 2015-04-24 CN CN201510203050.4A patent/CN104834859B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102012987A (en) * | 2010-12-02 | 2011-04-13 | 李清宝 | Automatic behavioural analysis system for binary malicious codes |
| CN102222041A (en) * | 2011-06-15 | 2011-10-19 | 深圳市运通信息技术有限公司 | Test analysis system and method based on embedded software |
| CN102938040A (en) * | 2012-09-29 | 2013-02-20 | 中兴通讯股份有限公司 | Malicious Android application program detection method, system and device |
| CN103207969A (en) * | 2013-04-12 | 2013-07-17 | 百度在线网络技术(北京)有限公司 | Device and method for detecting Android malware |
| CN104217164A (en) * | 2014-09-11 | 2014-12-17 | 工业和信息化部电子第五研究所 | Method and device for detecting malicious software of intelligent mobile terminal |
Non-Patent Citations (3)
| Title |
|---|
| 崔晨: "固件代码控制流图恢复技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 张一弛: "程序恶意行为识别及其恶意性判定研究", 《中国博士学位论文全文数据库信息科技辑》 * |
| 蔡建平 等: "覆盖测试中高效代码插桩技术的研究", 《微计算机信息》 * |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105279091B (en) * | 2015-11-19 | 2018-01-16 | 中国人民大学 | A kind of tracking on demand and device based on the analysis of dynamic stain |
| CN105279091A (en) * | 2015-11-19 | 2016-01-27 | 中国人民大学 | According-to-requirement tracking method based on dynamic taint analysis and device thereof |
| CN105550581B (en) * | 2015-12-10 | 2018-09-25 | 北京奇虎科技有限公司 | A kind of malicious code detecting method and device |
| CN105574409A (en) * | 2015-12-10 | 2016-05-11 | 北京奇虎科技有限公司 | Injection code extraction method and device |
| CN105550581A (en) * | 2015-12-10 | 2016-05-04 | 北京奇虎科技有限公司 | Malicious code detection method and device |
| CN105574409B (en) * | 2015-12-10 | 2018-09-04 | 北京奇虎科技有限公司 | A kind of injecting codes extracting method and device |
| CN105550594A (en) * | 2015-12-17 | 2016-05-04 | 西安电子科技大学 | Security detection method for android application file |
| CN105550594B (en) * | 2015-12-17 | 2018-05-25 | 西安电子科技大学 | The safety detecting method of Android application file |
| CN105677569A (en) * | 2016-01-11 | 2016-06-15 | 南京理工大学 | Automatic Android testing tool based on event processor and testing method |
| CN105677569B (en) * | 2016-01-11 | 2018-02-02 | 南京理工大学 | Android automated test tools and method of testing based on event handler |
| CN106022116B (en) * | 2016-05-12 | 2018-11-06 | 南京大学 | The automation patch system and method attacked between being applied based on Android program |
| CN106022116A (en) * | 2016-05-12 | 2016-10-12 | 南京大学 | Inter-android application attack-based automatic patching system and method |
| CN106203113A (en) * | 2016-07-08 | 2016-12-07 | 西安电子科技大学 | The privacy leakage monitoring method of Android application file |
| CN106203113B (en) * | 2016-07-08 | 2018-11-16 | 西安电子科技大学 | The privacy leakage monitoring method of Android application file |
| CN107038103A (en) * | 2017-04-14 | 2017-08-11 | 上海交通大学 | Android program monitoring system and method based on bytecode pitching pile |
| CN108959071A (en) * | 2018-06-14 | 2018-12-07 | 湖南鼎源蓝剑信息科技有限公司 | A kind of detection method and system of the PHP deformation webshell based on RASP |
| CN111026630A (en) * | 2018-10-09 | 2020-04-17 | 阿里巴巴集团控股有限公司 | Statistical method, device and system for code coverage rate |
| CN111026630B (en) * | 2018-10-09 | 2023-05-02 | 阿里巴巴集团控股有限公司 | Statistical method, device and system for code coverage rate |
| CN109447184A (en) * | 2018-11-28 | 2019-03-08 | 南京理工大学 | Android application network behavior classification method and system based on deep learning |
| CN109522235A (en) * | 2018-11-29 | 2019-03-26 | 南京大学 | A method of it is detected for the privacy leakage of Android dynamically load |
| CN109522235B (en) * | 2018-11-29 | 2021-04-27 | 南京大学 | Privacy disclosure detection method for android dynamic loading |
| CN109558725A (en) * | 2018-12-05 | 2019-04-02 | 南京大学 | A kind of method for secret protection for android system dynamically load situation based on pitching pile |
| CN109948338A (en) * | 2019-03-19 | 2019-06-28 | 中南大学 | Android application Path-sensitive triggering method based on static analysis |
| CN109948338B (en) * | 2019-03-19 | 2020-03-17 | 中南大学 | Android application sensitive path triggering method based on static analysis |
| WO2020232685A1 (en) * | 2019-05-22 | 2020-11-26 | 深圳市欢太科技有限公司 | Malicious quickapp detection method and terminal |
| CN110347954B (en) * | 2019-05-24 | 2021-06-25 | 因特睿科技有限公司 | Complex Web application-oriented servitization method |
| CN110347954A (en) * | 2019-05-24 | 2019-10-18 | 北京因特睿软件有限公司 | Service method towards complicated Web application |
| CN110399292A (en) * | 2019-06-21 | 2019-11-01 | 平安普惠企业管理有限公司 | Record code running track method, apparatus, computer equipment and storage medium |
| CN111176981A (en) * | 2019-12-11 | 2020-05-19 | 南京理工大学 | Method for testing related behaviors of Android application network |
| CN111176981B (en) * | 2019-12-11 | 2022-10-21 | 南京理工大学 | Method for testing related behaviors of Android application network |
| CN110795358B (en) * | 2020-01-06 | 2020-04-07 | 同盾控股有限公司 | Code instrumentation detection method, apparatus, device and medium |
| CN110795358A (en) * | 2020-01-06 | 2020-02-14 | 同盾控股有限公司 | Code instrumentation detection method, apparatus, device and medium |
| CN112100054A (en) * | 2020-08-12 | 2020-12-18 | 北京大学 | Data management and control oriented program static analysis method and system |
| CN115688109A (en) * | 2023-01-04 | 2023-02-03 | 杭州云缔盟科技有限公司 | Malicious code detection method based on malicious code detection alarm system |
| CN115688109B (en) * | 2023-01-04 | 2023-03-28 | 杭州云缔盟科技有限公司 | Malicious code detection method based on malicious code detection alarm system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104834859B (en) | 2018-04-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104834859A (en) | Method for dynamically detecting malicious behavior in Android App (Application) | |
| Cheng et al. | DTaint: detecting the taint-style vulnerability in embedded device firmware | |
| Pang et al. | Sok: All you ever wanted to know about x86/x64 binary disassembly but were afraid to ask | |
| Peng et al. | {X-Force}:{Force-Executing} binary programs for security applications | |
| Huang et al. | Crax: Software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations | |
| KR101246623B1 (en) | Apparatus and method for detecting malicious applications | |
| Canfora et al. | Acquiring and analyzing app metrics for effective mobile malware detection | |
| KR102415971B1 (en) | Apparatus and Method for Recognizing Vicious Mobile App | |
| Tang et al. | A novel hybrid method to analyze security vulnerabilities in android applications | |
| Lu et al. | DeepAutoD: Research on distributed machine learning oriented scalable mobile communication security unpacking system | |
| CN110245467B (en) | Android application program protection method based on Dex2C and LLVM | |
| CN105335655A (en) | Android application safety analysis method based on sensitive behavior identification | |
| CN102622536A (en) | Method for catching malicious codes | |
| Zhang et al. | {CryptoREX}: Large-scale analysis of cryptographic misuse in {IoT} devices | |
| Fratantonio et al. | Shellzer: a tool for the dynamic analysis of malicious shellcode | |
| Zhao et al. | Compile-time code virtualization for android applications | |
| KR101557455B1 (en) | Application Code Analysis Apparatus and Method For Code Analysis Using The Same | |
| CN105488399A (en) | Script virus detection method and system based on program keyword calling sequence | |
| CN111291377A (en) | Application vulnerability detection method and system | |
| You et al. | Deoptfuscator: Defeating Advanced Control-Flow Obfuscation Using Android Runtime (ART) | |
| Cheng et al. | Automatic inference of taint sources to discover vulnerabilities in soho router firmware | |
| Wang et al. | NativeSpeaker: Identifying crypto misuses in Android native code libraries | |
| Kang | A review on javascript engine vulnerability mining | |
| Lopes | Discovering vulnerabilities in webassembly with code property graphs | |
| KR101530530B1 (en) | Apparatus and Method for Detecting Malicious Process Execution in a Mobile Terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |