CN105022959B - A kind of malicious code of mobile terminal analytical equipment and analysis method - Google Patents
A kind of malicious code of mobile terminal analytical equipment and analysis method Download PDFInfo
- Publication number
- CN105022959B CN105022959B CN201510435727.7A CN201510435727A CN105022959B CN 105022959 B CN105022959 B CN 105022959B CN 201510435727 A CN201510435727 A CN 201510435727A CN 105022959 B CN105022959 B CN 105022959B
- Authority
- CN
- China
- Prior art keywords
- application program
- behavior
- pause
- analysis
- malicious code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 94
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 19
- 238000012545 processing Methods 0.000 claims abstract description 12
- 230000006399 behavior Effects 0.000 claims description 102
- 238000000034 method Methods 0.000 claims description 54
- 230000008569 process Effects 0.000 claims description 51
- 238000010230 functional analysis Methods 0.000 claims description 11
- 238000004064 recycling Methods 0.000 claims description 8
- 230000004048 modification Effects 0.000 claims description 7
- 238000012986 modification Methods 0.000 claims description 7
- 230000009471 action Effects 0.000 claims description 6
- 238000004886 process control Methods 0.000 claims description 5
- 239000000725 suspension Substances 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 7
- 241000700605 Viruses Species 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 3
- 238000003860 storage Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Debugging And Monitoring (AREA)
- Telephone Function (AREA)
Abstract
The present invention provides a kind of malicious code of mobile terminal analytical equipment, the analytical equipment includes linux kernel monitor, unusual checking module, conversed analysis module and processing module, by the cooperating of four devices, the conversed analysis to malicious code of mobile terminal is completed.The present invention also provides a kind of malicious code of mobile terminal analysis methods.Using the present invention, conversed analysis can be carried out to abnormal behaviour after application program operation, to detect whether application program contains malicious code, strengthen the security of mobile terminal with this, protect the privacy of user.
Description
Technical field
The present invention relates to terminal virus prevention and control field, espespecially a kind of malicious code of mobile terminal analytical equipment and analysis side
Method.
Background technology
With the development of mobile Internet, mobile security problem becomes increasingly conspicuous, virus, malicious act for mobile terminal
It is more and more, and growth trend is presented.
At present, the trend of outburst, but the safety protection technique of corresponding mobile terminal system is presented in mobile applications
It does not keep up with accordingly, substantial amounts of mobile phone viruses is caused to break out.
Present mobile terminal is come real to the big department of the protection of malicious act by static analysis or dynamic analysis technology
Existing, they inevitably omit the malicious act of some application programs.
In order to the malicious act of the application program to omission be detected, it is necessary to it is a kind of after application program operation to exception
Behavior carries out the technology of conversed analysis, for detecting whether application program contains malicious code, strengthens mobile terminal system with this
The security of system keeps the privacy of user.
The content of the invention
The present invention in order to solve the problems, such as that above-mentioned technology easily omits the malicious act of some application programs on mobile terminal,
A kind of malicious code of mobile terminal analytical equipment and analysis method are provided, after application program operation, monitor application program automatically
Every behavior, malicious act is prejudged and high in the clouds conversed analysis, it is related to stop after malicious act is determined as
The process of application program, protection mobile terminal data safety.
To achieve these goals, the present invention provides a kind of malicious code of mobile terminal analytical equipment, the analysis is set
It is standby to include:
Linux kernel monitor for the behavior of supervision application program, and is examined in the behavior of application program with abnormal behaviour
Survey module prestore abnormal behaviour matching when, the behavior of the application program of pause is sent to by the behavior of automatic pause application program
Conversed analysis module;
Unusual checking module, for the various abnormal behaviours that prestore;
Conversed analysis module causes the process of the behavior of the application program of pause, application program for conversed analysis and is
System code, supports high in the clouds to automatically analyze;
Processing module, caused by the behavior for determining the application program of pause in conversed analysis module is malicious code
When, automatic suspension causes the operation of the process of the behavior of the application program of pause, and user is prompted to carry out relevant operation, reverse
Analysis module determines the behavior for the application program for causing pause when not being caused by malicious code, continues the application journey for causing pause
The operation of the process of the behavior of sequence.
Optionally, in the analytical equipment:The behavior of linux kernel monitor automatic pause application program includes, and will draw
The occupied cpu resource of process for playing the behavior of the application program of pause forces recycling, makes the row for the application program for causing pause
For process enter blocked state, wait the subsequent action of processing module.
Optionally, in the analytical equipment:Linux kernel monitor be to the operation of process by its process control block (PCB) into
Row.
Optionally, in the analytical equipment:The various abnormal behaviours that unusual checking module is prestored include modification
Unite code, to sensitive information read-write, suspicious network behavior and flow, obtain location information.
Optionally, in the analytical equipment:Conversed analysis module is to causing the process of the behavior of the application program of pause
Conversed analysis includes the analysis to the data flow of process;Conversed analysis module is to causing the application of the behavior of the application program of pause
The conversed analysis of program includes:Application program is uploaded into high in the clouds, application program decoding, dis-assembling and work(are carried out by high in the clouds successively
Can analysis, according to caused by functional analysis result determines whether the behavior for the application program for causing pause be malicious code;Inversely
Analysis module is to causing the conversed analysis of the system code of the behavior of the application program of pause to include the crucial mould to system code
The analysis of block HASH values.
The present invention also provides a kind of malicious code of mobile terminal analysis method, the analysis method includes:
Step 1:The behavior of supervision application program, and when the behavior of application program is matched with the abnormal behaviour that prestores, automatically
Suspend the behavior of application program;
Step 2:Conversed analysis causes the process, application program and system code of the behavior of the application program of pause, wherein
It is automatically analyzed using high in the clouds;
Step 3:It is automatic to stop to cause pause when caused by being malicious code in the behavior for the application program for determining to suspend
The operation of the process of the behavior of application program, and user is prompted to carry out relevant operation, in the application program for determining to cause pause
When behavior is not caused by malicious code, continue the operation of the process of the behavior for the application program for causing pause.
Optionally, in the analysis method:In step 1, the behavior of automatic pause application program includes, and will cause pause
The occupied cpu resource of process of the behavior of application program forces recycling, makes the process of the behavior for the application program for causing pause
Into blocked state, subsequent action is waited.
Optionally, in the analysis method:The occupied cpu resource of process of the behavior of the application program of pause will be caused
It forces in recycling, the operation to process is carried out by process control block (PCB).
Optionally, in the analysis method:The abnormal behaviour that prestores include modification system code, to sensitive information read-write, can
Doubtful network behavior and flow obtain location information.
Optionally, in the analysis method:The conversed analysis of the process of the behavior of the application program that causes pause is included
Analysis to the data flow of process;The conversed analysis of the application program of the behavior of the application program that causes pause is included:It should
High in the clouds is uploaded to program, application program decoding, dis-assembling and functional analysis are carried out by high in the clouds successively, according to functional analysis result
Caused by determining whether the behavior for the application program for causing pause is malicious code;To the behavior of the application program that causes pause
The conversed analysis of system code includes the analysis to the key modules HASH values of system code.
The present invention is by adopting the above-described technical solution, so as to has the following advantages:
1) present invention is capable of the security of strengthening system, keeps the privacy of user, avoids the malicious act quilt of application program
Omit analysis;
2) present invention can improve the speed of malicious act analysis as a result of long-range high in the clouds analytical technology, so as to for
User provides more auxiliary reference data.
Description of the drawings
The present invention is described in further detail with reference to the accompanying drawings and detailed description:
Fig. 1 is the first embodiment schematic diagram of the malicious code of mobile terminal analytical equipment of the present invention;
Fig. 2 is the second embodiment schematic diagram of the malicious code of mobile terminal analytical equipment of the present invention;
Fig. 3 is the first embodiment flow diagram of the malicious code of mobile terminal analysis method of the present invention.
Specific embodiment
It in order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is attached drawing needed in technology description to be briefly described, it should be apparent that, explanation and attached drawing are for the present invention below
It is exemplary, and is understood not to the limitation present invention.Following description describe numerous details to facilitate to this hair
Sensible solution.However, in some instances, well known or conventional details does not specify simultaneously, to meet the succinct requirement of specification.
In the prior art, there is also the processing scheme that some are directed to mobile terminal virus, but mobile terminal is to malicious act
The big department of protection be to be realized by static analysis or dynamic analysis technology, they are inevitably to some application programs
Malicious act omit.
To solve the above-mentioned problems, the present invention provides a kind of malicious code of mobile terminal analytical equipment and analysis method,
The malicious act of the application program of omission can be detected, conversed analysis is carried out to the abnormal behaviour of application program, is used for
It determines whether application program contains malicious code, the anti-virus ability of mobile terminal is improved with this.
First, please refer to Fig.1, Fig. 1 is the first embodiment signal of the malicious code of mobile terminal analytical equipment of the present invention
Figure, the analytical equipment include:
Linux kernel monitor for the behavior of supervision application program, and is examined in the behavior of application program with abnormal behaviour
Survey module prestore abnormal behaviour matching when, the behavior of the application program of pause is sent to by the behavior of automatic pause application program
Conversed analysis module;
Unusual checking module, for the various abnormal behaviours that prestore;
Conversed analysis module causes the process of the behavior of the application program of pause, application program for conversed analysis and is
System code, supports high in the clouds to automatically analyze;
Processing module, caused by the behavior for determining the application program of pause in conversed analysis module is malicious code
When, automatic suspension causes the operation of the process of the behavior of the application program of pause, and user is prompted to carry out relevant operation, reverse
Analysis module determines the behavior for the application program for causing pause when not being caused by malicious code, continues the application journey for causing pause
The operation of the process of the behavior of sequence.
Wherein, in the analytical equipment:The behavior of linux kernel monitor automatic pause application program includes, and will cause
The occupied cpu resource of process of the behavior of the application program of pause forces recycling, makes the behavior for the application program for causing pause
Process enter blocked state, wait the subsequent action of processing module;Linux kernel monitor be to the operation of process by its into
Program-controlled clamp dog carries out;The various abnormal behaviours that unusual checking module is prestored include modification system code, to sensitive information
Read-write, suspicious network behavior and flow obtain location information;Sensitive information includes short message, multimedia message, call log, contact person
Voice mail, schedule, notepad, multimedia, financial application, personal mail, browsing search record and digital certificate etc.;Reverse point
Analysis module is to causing the conversed analysis of the process of the behavior of the application program of pause to include the analysis to the data flow of process;Inversely
Analysis module includes the conversed analysis for causing the application program of the behavior of the application program of pause:Application program is uploaded into cloud
End, carries out application program decoding, dis-assembling and functional analysis by high in the clouds, determines to cause pause according to functional analysis result successively
Caused by whether the behavior of application program is malicious code;And conversed analysis module is to causing the row of the application program of pause
For the conversed analysis of system code include analysis to the key modules HASH values of system code.
Then, please referring to Fig.2, Fig. 2 is the second embodiment signal of the malicious code of mobile terminal analytical equipment of the present invention,
The analytical equipment equally includes linux kernel monitor, unusual checking module, conversed analysis module and processing module,
The function of aforementioned four device is identical with Fig. 1, their cooperatings are schemed with completing the conversed analysis to malicious code of mobile terminal
2 give specific location of the aforementioned four device in mobile terminal, wherein, unusual checking module is located at linux kernel prison
Between visual organ and conversed analysis module and processing module.
Finally, Fig. 3 is refer to, Fig. 3 is the first embodiment flow of the malicious code of mobile terminal analysis method of the present invention
Schematic diagram, the analysis method include:
Step 1:The behavior of supervision application program, and when the behavior of application program is matched with the abnormal behaviour that prestores, automatically
Suspend the behavior of application program;
Step 2:Conversed analysis causes the process, application program and system code of the behavior of the application program of pause, wherein
It is automatically analyzed using high in the clouds;
Step 3:It is automatic to stop to cause pause when caused by being malicious code in the behavior for the application program for determining to suspend
The operation of the process of the behavior of application program, and user is prompted to carry out relevant operation, in the application program for determining to cause pause
When behavior is not caused by malicious code, continue the operation of the process of the behavior for the application program for causing pause.
Wherein, in the analysis method:In step 1, the behavior of automatic pause application program includes, and will cause answering for pause
Force recycling with the occupied cpu resource of the process of the behavior of program, make the application program for causing pause behavior process into
Enter blocked state, wait subsequent action;The occupied cpu resource of the process of the behavior for the application program for causing pause is forced back
In receipts, the operation to process is carried out by process control block (PCB);The abnormal behaviour that prestores includes modification system code, sensitive information is read
It writes, suspicious network behavior and flow, obtain location information;Sensitive information includes short message, multimedia message, call log, contact human speech
Say mailbox, schedule, notepad, multimedia, financial application, personal mail, browsing search record and digital certificate etc.;To causing temporarily
The conversed analysis of the process of the behavior for the application program stopped includes the analysis to the data flow of process;To causing the application journey of pause
The conversed analysis of the application program of the behavior of sequence includes:Application program is uploaded into high in the clouds, application program is carried out by high in the clouds successively
Decoding, dis-assembling and functional analysis, whether the behavior for the application program for determining to cause pause according to functional analysis result is malice
Caused by code;And the conversed analysis of the system code of the behavior of the application program to causing pause is included to system code
Key modules HASH values analysis.
In addition, the mobile terminal in the present invention includes processor, containing single core processor or polycaryon processor.Processor also may be used
Referred to as one or more microprocessors, central processing unit (CPU) etc..More specifically, processor can be complicated instruction set
Calculate (CISC) microprocessor, reduced instruction set computing (RISC) microprocessor, very long instruction word (VLIW) microprocessor, realization
The processor of other instruction set or the processor for realizing instruction set combination.Processor can also be one or more application specific processors,
Such as application-specific integrated circuit (ASIC), field programmable gate array (FPGA), digital signal processor (DSP), network processing unit,
Graphics processor, network processing unit, communication processor, cipher processor, coprocessor, embeded processor can be handled
The logical block of any other type of instruction.Processor is used to perform the operation discussed and the instruction of step of the invention.
Mobile terminal in the present invention includes memory, it may include one or more volatile storage devices are such as deposited at random
Access to memory (RAM), dynamic ram (DRAM), synchronous dram (SDRAM), static state RAM (SRAM) or other kinds of storages are set
It is standby.Memory can be stored including the information by processor or the command sequence of any other equipment execution.For example, a variety of operation systems
System, device driver, firmware (for example, input and output fundamental system or BIOS) and/or application program executable code and/
Or data can be loaded in memory and be performed by processor.
One skilled in the art would recognize that above-mentioned specific embodiment is only exemplary, it is to make ability
Field technique personnel can be better understood from this patent content, should not be understood as the limitation to the scope of this patent, as long as
Any equivalent change or modification that the spirit according to disclosed in this patent is made, each fall within the scope of this patent.
Claims (8)
1. a kind of malicious code of mobile terminal analytical equipment, which is characterized in that the analytical equipment includes:
Linux kernel monitor, for the behavior of supervision application program, and in the behavior of application program and unusual checking mould
Block prestore abnormal behaviour matching when, the behavior of the application program of pause is sent to inversely by the behavior of automatic pause application program
Analysis module;
Unusual checking module, for the various abnormal behaviours that prestore;
Conversed analysis module causes the process, application program and system generation of the behavior of the application program of pause for conversed analysis
Code supports high in the clouds to automatically analyze;
Processing module, for conversed analysis module determine pause application program behavior be malicious code caused by when, from
Dynamic suspension causes the operation of the process of the behavior of the application program of pause, and user is prompted to carry out relevant operation, in conversed analysis
Module determines the behavior for the application program for causing pause when not being caused by malicious code, continues the application program for causing pause
The operation of the process of behavior;
The behavior of linux kernel monitor automatic pause application program includes, will cause the application program of pause behavior into
The occupied cpu resource of journey forces recycling, and the process of the behavior for the application program for causing pause is made to enter blocked state, at wait
Manage the subsequent action of module.
2. malicious code of mobile terminal analytical equipment according to claim 1, it is characterised in that:
Linux kernel monitor to the operation of process is carried out by its process control block (PCB).
3. malicious code of mobile terminal analytical equipment according to claim 1, it is characterised in that:
The various abnormal behaviours that unusual checking module is prestored include modification system code, sensitive information are read and write, is suspicious
Network behavior and flow, obtain location information.
4. malicious code of mobile terminal analytical equipment according to claim 1, it is characterised in that:
Conversed analysis module is to causing the conversed analysis of the process of the behavior of the application program of pause to include the data flow to process
Analysis;
Conversed analysis module includes the conversed analysis for causing the application program of the behavior of the application program of pause:By application program
High in the clouds is uploaded to, application program decoding, dis-assembling and functional analysis are carried out by high in the clouds successively, determine to draw according to functional analysis result
Rise pause application program behavior whether be malicious code caused by;
Conversed analysis module includes to system code the conversed analysis for causing the system code of the behavior of the application program of pause
Key modules HASH values analysis.
5. a kind of malicious code of mobile terminal analysis method, which is characterized in that the analysis method includes:
Step 1:The behavior of supervision application program, and when the behavior of application program is matched with the abnormal behaviour that prestores, automatic pause
The behavior of application program;
Step 2:Conversed analysis causes the process, application program and system code of the behavior of the application program of pause, wherein using
High in the clouds automatically analyzes;
Step 3:When caused by being malicious code in the behavior for the application program for determining to suspend, the automatic application for stopping to cause pause
The operation of the process of the behavior of program, and user is prompted to carry out relevant operation, in the behavior for the application program for determining to cause pause
When not being caused by malicious code, continue the operation of the process of the behavior for the application program for causing pause;
In step 1, the behavior of automatic pause application program includes, will cause the application program of pause behavior process shared by
Cpu resource force recycling, the process of the behavior for the application program for causing pause is made to enter blocked state, waits subsequent action.
6. malicious code of mobile terminal analysis method according to claim 5, it is characterised in that:
The occupied cpu resource of process of the behavior of the application program of pause will be caused to force in recycling, the operation to process is
It is carried out by process control block (PCB).
7. malicious code of mobile terminal analysis method according to claim 5, it is characterised in that:
The abnormal behaviour that prestores includes modification system code, to sensitive information read-write, suspicious network behavior and flow, acquisition position
Information.
8. malicious code of mobile terminal analysis method according to claim 5, it is characterised in that:
Include the analysis to the data flow of process to the conversed analysis of the process of the behavior of the application program that causes pause;
The conversed analysis of the application program of the behavior of the application program that causes pause is included:Application program is uploaded into high in the clouds,
Application program decoding, dis-assembling and functional analysis are carried out by high in the clouds successively, determined to cause answering for pause according to functional analysis result
Caused by whether being malicious code with the behavior of program;
Include the key modules to system code to the conversed analysis of the system code of the behavior of the application program that causes pause
The analysis of HASH values.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510435727.7A CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510435727.7A CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105022959A CN105022959A (en) | 2015-11-04 |
| CN105022959B true CN105022959B (en) | 2018-05-18 |
Family
ID=54412921
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510435727.7A Active CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105022959B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106899977B (en) * | 2015-12-18 | 2020-02-18 | 中国电信股份有限公司 | Abnormal flow detection method and device |
| CN106547699A (en) * | 2016-11-30 | 2017-03-29 | 安徽金曦网络科技股份有限公司 | Code detection system |
| CN106713293A (en) * | 2016-12-14 | 2017-05-24 | 武汉虹旭信息技术有限责任公司 | Cloud platform malicious behavior detecting system and method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102694817A (en) * | 2012-06-08 | 2012-09-26 | 奇智软件(北京)有限公司 | Method, device and system for identifying abnormality of network behavior of program |
| CN103368904A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Mobile terminal, and system and method for suspicious behavior detection and judgment |
| CN103971055A (en) * | 2014-04-28 | 2014-08-06 | 南京邮电大学 | Android malicious software detection method based on program slicing technology |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120167218A1 (en) * | 2010-12-23 | 2012-06-28 | Rajesh Poornachandran | Signature-independent, system behavior-based malware detection |
-
2015
- 2015-07-22 CN CN201510435727.7A patent/CN105022959B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103368904A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Mobile terminal, and system and method for suspicious behavior detection and judgment |
| CN102694817A (en) * | 2012-06-08 | 2012-09-26 | 奇智软件(北京)有限公司 | Method, device and system for identifying abnormality of network behavior of program |
| CN103971055A (en) * | 2014-04-28 | 2014-08-06 | 南京邮电大学 | Android malicious software detection method based on program slicing technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105022959A (en) | 2015-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11269989B2 (en) | Systems and methods of protecting data from injected malware | |
| KR101051722B1 (en) | Monitor program, monitoring method and computer program product for hardware related thereto | |
| US9037873B2 (en) | Method and system for preventing tampering with software agent in a virtual machine | |
| US9177155B2 (en) | Hybrid analysis of vulnerable information flows | |
| TWI612439B (en) | Computing device, method and machine readable storage media for detecting unauthorized memory access | |
| US10019581B2 (en) | Identifying stored security vulnerabilities in computer software applications | |
| EP3374920B1 (en) | Detecting program evasion of virtual machines or emulators | |
| WO2014198171A1 (en) | Label based black box testing method and system for android user privacy leaks | |
| EP2891104B1 (en) | Detecting a malware process | |
| US9953158B1 (en) | Systems and methods for enforcing secure software execution | |
| EP3028203A1 (en) | Signal tokens indicative of malware | |
| CN105022959B (en) | A kind of malicious code of mobile terminal analytical equipment and analysis method | |
| CN107180204A (en) | A kind of method, storage device and mobile terminal for preventing information stolen | |
| WO2020114262A1 (en) | Kernel security detection method, apparatus, and device, and storage medium | |
| KR20140138206A (en) | Reporting malicious activity to an operating system | |
| CN107239698A (en) | A kind of anti-debug method and apparatus based on signal transacting mechanism | |
| CN106650434B (en) | A kind of virtual machine anomaly detection method and system based on I/O sequence | |
| US10015181B2 (en) | Using natural language processing for detection of intended or unexpected application behavior | |
| US10754950B2 (en) | Entity resolution-based malicious file detection | |
| CN107133503A (en) | A kind of anti-debug method and apparatus detected based on process status | |
| CN103514402A (en) | Intrusion detection method and device | |
| US9208314B1 (en) | Systems and methods for distinguishing code of a program obfuscated within a packed program | |
| US10846405B1 (en) | Systems and methods for detecting and protecting against malicious software | |
| EP2819055A1 (en) | System and method for detecting malicious software using malware trigger scenarios | |
| CN104463028A (en) | Safety mode prompting method and movable device for implementing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201120 Address after: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Patentee before: Phicomm (Shanghai) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201217 Address after: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee after: Bengbu Lichao Information Technology Co.,Ltd. Address before: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210310 Address after: 313000 room 1019, Xintiandi commercial office, Yishan street, Wuxing District, Huzhou, Zhejiang, China Patentee after: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Address before: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee before: Bengbu Lichao Information Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Mobile Terminal Malicious Code Analysis Device and Analysis Method Effective date of registration: 20221204 Granted publication date: 20180518 Pledgee: Huzhou Wuxing Rural Commercial Bank Co.,Ltd. high tech Zone Green sub branch Pledgor: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Registration number: Y2022330003403 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20231205 Granted publication date: 20180518 Pledgee: Huzhou Wuxing Rural Commercial Bank Co.,Ltd. high tech Zone Green sub branch Pledgor: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Registration number: Y2022330003403 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |