CN105022959B - A kind of malicious code of mobile terminal analytical equipment and analysis method - Google Patents
A kind of malicious code of mobile terminal analytical equipment and analysis method Download PDFInfo
- Publication number
- CN105022959B CN105022959B CN201510435727.7A CN201510435727A CN105022959B CN 105022959 B CN105022959 B CN 105022959B CN 201510435727 A CN201510435727 A CN 201510435727A CN 105022959 B CN105022959 B CN 105022959B
- Authority
- CN
- China
- Prior art keywords
- application program
- behavior
- pause
- analysis
- malicious code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 94
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 19
- 238000012545 processing Methods 0.000 claims abstract description 12
- 230000006399 behavior Effects 0.000 claims description 102
- 238000000034 method Methods 0.000 claims description 54
- 230000008569 process Effects 0.000 claims description 51
- 238000010230 functional analysis Methods 0.000 claims description 11
- 238000004064 recycling Methods 0.000 claims description 8
- 230000004048 modification Effects 0.000 claims description 7
- 238000012986 modification Methods 0.000 claims description 7
- 230000009471 action Effects 0.000 claims description 6
- 238000004886 process control Methods 0.000 claims description 5
- 239000000725 suspension Substances 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 7
- 241000700605 Viruses Species 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 3
- 238000003860 storage Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Debugging And Monitoring (AREA)
- Telephone Function (AREA)
Abstract
Description
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510435727.7A CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510435727.7A CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105022959A CN105022959A (en) | 2015-11-04 |
CN105022959B true CN105022959B (en) | 2018-05-18 |
Family
ID=54412921
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510435727.7A Active CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105022959B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106899977B (en) * | 2015-12-18 | 2020-02-18 | 中国电信股份有限公司 | Abnormal flow detection method and device |
CN106547699A (en) * | 2016-11-30 | 2017-03-29 | 安徽金曦网络科技股份有限公司 | Code detection system |
CN106713293A (en) * | 2016-12-14 | 2017-05-24 | 武汉虹旭信息技术有限责任公司 | Cloud platform malicious behavior detecting system and method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102694817A (en) * | 2012-06-08 | 2012-09-26 | 奇智软件(北京)有限公司 | Method, device and system for identifying abnormality of network behavior of program |
CN103368904A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Mobile terminal, and system and method for suspicious behavior detection and judgment |
CN103971055A (en) * | 2014-04-28 | 2014-08-06 | 南京邮电大学 | Android malicious software detection method based on program slicing technology |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120167218A1 (en) * | 2010-12-23 | 2012-06-28 | Rajesh Poornachandran | Signature-independent, system behavior-based malware detection |
-
2015
- 2015-07-22 CN CN201510435727.7A patent/CN105022959B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103368904A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Mobile terminal, and system and method for suspicious behavior detection and judgment |
CN102694817A (en) * | 2012-06-08 | 2012-09-26 | 奇智软件(北京)有限公司 | Method, device and system for identifying abnormality of network behavior of program |
CN103971055A (en) * | 2014-04-28 | 2014-08-06 | 南京邮电大学 | Android malicious software detection method based on program slicing technology |
Also Published As
Publication number | Publication date |
---|---|
CN105022959A (en) | 2015-11-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11269989B2 (en) | Systems and methods of protecting data from injected malware | |
KR101051722B1 (en) | Monitor program, monitoring method and computer program product for hardware related thereto | |
US9037873B2 (en) | Method and system for preventing tampering with software agent in a virtual machine | |
US9177155B2 (en) | Hybrid analysis of vulnerable information flows | |
TWI612439B (en) | Computing device, method and machine readable storage media for detecting unauthorized memory access | |
US10019581B2 (en) | Identifying stored security vulnerabilities in computer software applications | |
EP3374920B1 (en) | Detecting program evasion of virtual machines or emulators | |
WO2014198171A1 (en) | Label based black box testing method and system for android user privacy leaks | |
EP2891104B1 (en) | Detecting a malware process | |
US9953158B1 (en) | Systems and methods for enforcing secure software execution | |
EP3028203A1 (en) | Signal tokens indicative of malware | |
CN105022959B (en) | A kind of malicious code of mobile terminal analytical equipment and analysis method | |
CN107180204A (en) | A kind of method, storage device and mobile terminal for preventing information stolen | |
WO2020114262A1 (en) | Kernel security detection method, apparatus, and device, and storage medium | |
KR20140138206A (en) | Reporting malicious activity to an operating system | |
CN107239698A (en) | A kind of anti-debug method and apparatus based on signal transacting mechanism | |
CN106650434B (en) | A kind of virtual machine anomaly detection method and system based on I/O sequence | |
US10015181B2 (en) | Using natural language processing for detection of intended or unexpected application behavior | |
US10754950B2 (en) | Entity resolution-based malicious file detection | |
CN107133503A (en) | A kind of anti-debug method and apparatus detected based on process status | |
CN103514402A (en) | Intrusion detection method and device | |
US9208314B1 (en) | Systems and methods for distinguishing code of a program obfuscated within a packed program | |
US10846405B1 (en) | Systems and methods for detecting and protecting against malicious software | |
EP2819055A1 (en) | System and method for detecting malicious software using malware trigger scenarios | |
CN104463028A (en) | Safety mode prompting method and movable device for implementing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201120 Address after: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Patentee before: Phicomm (Shanghai) Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201217 Address after: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee after: Bengbu Lichao Information Technology Co.,Ltd. Address before: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210310 Address after: 313000 room 1019, Xintiandi commercial office, Yishan street, Wuxing District, Huzhou, Zhejiang, China Patentee after: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Address before: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee before: Bengbu Lichao Information Technology Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Mobile Terminal Malicious Code Analysis Device and Analysis Method Effective date of registration: 20221204 Granted publication date: 20180518 Pledgee: Huzhou Wuxing Rural Commercial Bank Co.,Ltd. high tech Zone Green sub branch Pledgor: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Registration number: Y2022330003403 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20231205 Granted publication date: 20180518 Pledgee: Huzhou Wuxing Rural Commercial Bank Co.,Ltd. high tech Zone Green sub branch Pledgor: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Registration number: Y2022330003403 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right |