CN107103235A - A kind of Android malware detection method based on convolutional neural networks - Google Patents
A kind of Android malware detection method based on convolutional neural networks Download PDFInfo
- Publication number
- CN107103235A CN107103235A CN201710107578.0A CN201710107578A CN107103235A CN 107103235 A CN107103235 A CN 107103235A CN 201710107578 A CN201710107578 A CN 201710107578A CN 107103235 A CN107103235 A CN 107103235A
- Authority
- CN
- China
- Prior art keywords
- mrow
- msub
- malware
- detection method
- convolutional neural
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of Android malicious code detecting methods based on convolutional neural networks, this method obtains its dex file and is mapped as view data first to known Malware sample decompiling;Again using obtained view data as input value, and using 1 × n-tuple as output valve, be put into convolutional neural networks and be trained, make its meet with species Malware output valve deviation it is as small as possible, the output valve deviation of variety classes Malware is as big as possible.It is trained by using a large amount of known samples, obtains a grader that can be used for detecting unknown software.Then, each unknown software is that can determine whether whether it contains malicious code directly using the grader.Technical scheme of the present invention can accurately identify Malware generic, and can be effectively improved the accuracy of Malware sample classification.
Description
Technical field
The present invention relates to Malicious Code Detection research field in Android platform, in order to preferably protect Android
The security of platform user information, proposes a kind of Android malicious code samples classification and Detection side based on convolutional neural networks
Method, this method can accurately identify Malware generic, so as to effectively realize the detection to Malware.
Background technology
In recent years, Malware had become one of key factor of menace network and information security.According to Symantec's
2016 annual internet securities threaten report to reveal, and newly-increased Malware quantity is directed to privacy and stolen up to 4.3 hundred million within 2015
The personal information for taking or leaking is more than 500,000,000.Due to the limitation of Malicious Code Detection technology, there are a large amount of malicious codes can not
Effective killing.The malicious code of Code obfuscation and its emergence of mutation are particularly carried out, is Malicious Code Detection situation day
Beneficial severe basic reason.Android platform is one of two big mobile-terminal platforms of current main-stream, Android mobile terminal
Malicious code family constantly increases year by year, meanwhile, the mutation number also sharp increase of malicious code, this shows that malicious code is developed
Personnel are more that prototype malicious code is made somewhat to change or repack and then derive new mutation and propagate.Therefore
Need fast and effeciently detect the detection method of variant virus.
Malicious Code Detection technology can be divided into two classes, be respectively static Malicious Code Detection and dynamic malicious code inspection
Survey.Static Malicious Code Detection is in the case of not operation code, using inverse compiling technique, using control flow analysis, data
The method such as flow point analysis and semantic analysis carrys out the behavioural characteristic of recognition application.This method have the advantages that it is quick, efficient, but
It is to be difficult to the protection techniques such as confrontation Code obfuscation.Dynamic Malicious Code Detection is then the row for focusing on application program actual motion
For, by run application program to be detected in an executable environment and monitor in real time its system call, network access, text
The behavior such as part operation and internal memory modification, to judge whether the application program has malicious act.With static Malicious Code Detection side
Method is compared, and dynamic malicious code detecting method effectively can not audit to all codes, because some codes are needed in spy
It can be just triggered under the conditions of different.In Malicious Code Detection field, substantial amounts of research work has been carried out in domestic and international many scholars
Make.Wang Rui and Feng Dengguo (Wang Rui, Feng Deng-guo, Yang Yi, Su Pu-rui.An Malware detection
method based on the semantic of feature extraction[J].Journal of Software,
2012,2:378-393) propose the detection method that a kind of static malicious code behavioural characteristic based on semantic analysis is extracted.Kong De
(Kong De-guang, Tan Xiao-bin, Xi Hong-sheng, Gong Tao, the Shuai Jian- such as light and Tan little Bin
mei.Lifting multidimensional characteristics testing confuse malicious code
[J].Journal of Software,2011,3:522-533) propose from statistical property and with reference to function call in code
And system call flow chart, family's malicious code is detected, these static detection methods have higher detection efficiency, but
It is to not strong using the malicious code resistance of Code Obfuscation Security Technology.The Dinaburg of the georgia ,U.S.A Institute of Technology is proposed
(Dinaburg A,Royal P,Sharif M,et al.Ether:malware analysis via hardware
Virtualization extensions [C], Proceedings of the 15th ACM conference on
Computer and communications security.ACM,2008:51-62) by setting up a virtual application journey
Sequence performing environment the event such as calls to monitor internal memory operation during application program to be detected operation, the privileged level being related to, system,
For these events come the malicious act of recognition application.Spain De Wusi give oneself airs learn Santos propose (Santos I,
Brezo F,Nieves J,et al.Idea:Opcode-sequence-based malware detection [C],
International Symposium on Engineering Secure Software and Systems.Springer
Berlin Heidelberg,2010:The association in application program between each category feature 35-43) is calculated using method in information theory
Degree, is maliciously gone by calculating contacting between application program to be detected and known Malware to determine if to have
For.Burguera (Burguera I, the Zurutuza U, Nadjm-Tehrani of Montella tribute university of Spain
S.Crowdroid:behavior-based malware detection system for android[C]//
Proceedings of the 1st ACM workshop on Security and privacy in smartphones
and mobile devices.ACM,2011:15-26) propose that collector and detector are directly embedded into Android behaviour by one kind
Make the method for system to collect the behavioural information of application program in users' mobile phone, detected beyond the clouds and by the knot of detection
Fruit notifies user in time.Kevin (Allix K, Bissyand é T F, J é the rome Q, et of university of Luxembourg
al.Empirical assessment of machine learning-based malware detectors for
Android[J].Empirical Software Engineering,2016,21(1):183-211) utilize the side of machine learning
Method extracts the feature of authority used in Android application programs, and for Malicious Code Detection.Taiwan University of Science and Technology
Dong-Jie Wu scholars (Wu D J, Mao C H, Wei T E, et al.Droidmat:Android malware
Detection through manifest and api calls tracing [C], Information Security (Asia
JCIS),2012 Seventh Asia Joint Conference on.IEEE,2012:62-69) then with substantial amounts of sample number
Based on, the feature with known malware is therefrom extracted, and using these features come for the detection to new samples.These
Method is all that unknown software is identified by extracting the feature of Malware, due in practical application software it is various
Property, easily there is the situation of flase drop.The present invention proposed by the mutation from Malware, using the thought of deep learning come
Detect congener Malware.
The content of the invention
The present invention is for Malware sample radix in current Android platform is big, the present situation more than number of varieties, proposes a kind of
The method that same kind Malware in Android platform can be quickly and efficiently detected, frame diagram is as shown in 1.The party
Method combination convolutional neural networks, the automatic classification to Malware sample is realized by deep learning, is known with good classification
Other effect.
The present invention is on the basis of great amount of samples data are possessed, to extract dex files in each APK application packages,
And the corresponding view data of each APK bag is generated using both hash algorithms of SimHash and Djb2.Again by these
View data through having divided classification in advance utilizes a large amount of known class other style as input value, and using the vector of n × 1 as output
Notebook data is trained to convolutional neural networks.It can be used for one will be obtained after excessive wheel repetitive exercise to new maliciously soft
Part carries out the grader of Classification and Identification, is designated as CN.For each new unknown software, method generation pair as above is utilized
The view data answered, is designated as X.The view data is calculated into corresponding output as the classification CN trained input value again
Value Y=CN (X), wherein Y are 1 × n vector, the distance between the vector and known vector are calculated using Euclidean distance, when this
When the vectorial Euclidean distance between a certain classification is less than threshold epsilon, then it represents that new samples belong to the category, also indicate that and detect
The Malware of known class.
Compared with prior art, the invention has the advantages that:
This method utilizes the thought of deep learning, and Malware is classified, and is recognized again according to classification, with other detections
Method is compared, with simple to operate, and recognition accuracy is high and the characteristics of fast detection speed.This method is only needed to substantial amounts of malice
Software sample is gathered as training, through for repetitive exercise being excessively that can obtain good grader.Carried out to new Malware
During identification, the grader directly trained with this can be calculated.
Brief description of the drawings
Fig. 1 Malware classifying and identifying system frame diagrams.Come first with the Android malware Sample Storehouse of known class
In training, figure shown in numbering 1;Unknown software is detected with the obtained Malware grader of training again, numbering 2 in figure
It is shown.
Fig. 2 apk file translations are view data flow figure.
Fig. 3 convolutional neural networks structure charts.
Embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings, but the implementation of the present invention is not limited to this.
Referring to Fig. 2, it is necessary first to Apk bags are converted into view data, comprised the following steps that:
Using inverse compiling technique, the dex files in Apk bags are extracted, and are divided into n groups, each group of size is M/
N, wherein M represent the length of dex files, and n is the quantity of packet.By each data group is Lai a long-living pixel.
Pixel position is calculated, is designated as (x, y).16bit cryptographic Hash is produced by using SimHash algorithms,
And using preceding 8bit as x values, rear 8bit is used as y values.
The RGB color of each point is calculated, is designated as (r, g, b).32bit Hash is produced by using djb2 algorithms
Value, and using 24~17bit as r values, 16~9bit is used as b values as g values, 8~1bit.
Carry out each packet of cycle calculations using 2,3 steps, you can each dex file is separately converted to 256 × 256
Rgb image data.
After view data is obtained, the sample data of substantial amounts of known class is trained to convolutional neural networks,
As shown in Figure 3.
It is set during the training to meet the Euclidean distance of output valve between same kind of apk as small as possible, it is different
The Euclidean distance of output valve is as big as possible between the apk of species.Object function is set to:
Wherein, G represents the set of identical type apk output valves in convolutional neural networks, and G ' is represented in convolutional neural networks
The set of variety classes apk output valves, dis () represents two vectorial Euclidean distances.β is each several part weighted value, passes through actual test
As a result it is adjusted.
Finally, unknown software is detected using the grader CN trained, and calculates the unknown software in process
The minimum range between output vector and each known class Malware after classifier calculated, formula is as follows:
Wherein CN represents the grader trained, and p represents the view data that unknown software is changed into,Represent i-th
All malicious applications are in the vectorial average value obtained after CN classifier calculateds in classification, and n represents known malice
The categorical measure of software.
When e is less than threshold epsilon, then it represents that new samples belong to the category, then it represents that detect the Malware of known class.
The specific embodiment of the present invention is described above.It is to be appreciated that the invention is not limited in above-mentioned
Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow
Ring the substantive content of the present invention.
Claims (8)
1. a kind of Android malware detection method based on convolutional neural networks, it is characterised in that:
Step 1: APK bags are converted into image data file;
Step 2: obtaining after view data, the sample data of known class is trained to convolutional neural networks;
Step 3: being detected using the grader CN trained to unknown software.
2. detection method according to claim 1, it is characterised in that:The step one is to utilize SimHash and Djb2 two
Plant hash algorithm and APK bags are converted into image data file.
3. detection method according to claim 1, it is characterised in that:The step 2 is specifically:Utilize deep learning
Method, with the greatly target as far as possible of Euclidean distance between Euclidean distance between same species Apk bags as far as possible small, variety classes Apk bags
Function, is trained.
4. detection method according to claim 3, it is characterised in that:The object function is set to:
<mrow>
<mi>f</mi>
<mrow>
<mo>(</mo>
<mi>y</mi>
<mo>,</mo>
<mi>&beta;</mi>
<mo>)</mo>
</mrow>
<mo>=</mo>
<mrow>
<mo>(</mo>
<mn>1</mn>
<mo>-</mo>
<mi>&beta;</mi>
<mo>)</mo>
</mrow>
<munder>
<mo>&Sigma;</mo>
<mrow>
<msub>
<mi>t</mi>
<mi>i</mi>
</msub>
<mo>&Element;</mo>
<mi>G</mi>
</mrow>
</munder>
<mi>d</mi>
<mi>i</mi>
<mi>s</mi>
<mrow>
<mo>(</mo>
<mi>y</mi>
<mo>-</mo>
<msub>
<mi>t</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>+</mo>
<mi>&beta;</mi>
<mfrac>
<mn>1</mn>
<mrow>
<msub>
<mo>&Sigma;</mo>
<mrow>
<msub>
<mi>t</mi>
<mi>i</mi>
</msub>
<mo>&Element;</mo>
<msup>
<mi>G</mi>
<mo>&prime;</mo>
</msup>
</mrow>
</msub>
<mi>d</mi>
<mi>i</mi>
<mi>s</mi>
<mrow>
<mo>(</mo>
<mi>y</mi>
<mo>-</mo>
<msub>
<mi>t</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
</mrow>
</mfrac>
</mrow>
Wherein, G represents the set of identical type apk output valves in convolutional neural networks, and G ' represents different in convolutional neural networks
The set of species apk output valves, dis () represents two vectorial Euclidean distances, and β is each several part weighted value, and y, ti represents each respectively
The corresponding output vector of apk bags.
5. detection method according to claim 1, it is characterised in that:The step 3 includes:Utilize the classification trained
Device CN detects to unknown software, and calculate the unknown software the output vector after classifier calculated with it is each known
Minimum range between classification Malware, formula is as follows:
<mrow>
<mi>e</mi>
<mo>=</mo>
<munder>
<mrow>
<mi>m</mi>
<mi>i</mi>
<mi>n</mi>
</mrow>
<mrow>
<mi>i</mi>
<mo>=</mo>
<mn>1...</mn>
<mi>n</mi>
</mrow>
</munder>
<mo>{</mo>
<mi>d</mi>
<mi>i</mi>
<mi>s</mi>
<mrow>
<mo>(</mo>
<mi>C</mi>
<mi>N</mi>
<mo>(</mo>
<mi>p</mi>
<mo>)</mo>
<mo>,</mo>
<msub>
<mover>
<mi>g</mi>
<mo>&OverBar;</mo>
</mover>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>}</mo>
</mrow>
Wherein CN represents the grader trained, and p represents the view data that unknown software is changed into,Represent the i-th classification
In all malicious applications in the vectorial average value obtained after CN classifier calculateds, n represents known Malware
Categorical measure;
When e is less than threshold epsilon, then it represents that new samples belong to the category, then it represents that detect the Malware of known class.
6. detection method according to claim 1, it is characterised in that:Disliked using the sample data of known class to unknown
Meaning software is detected, and finds out mutation Malware.
7. detection method according to claim 2, it is characterised in that:Using the characteristic of SimHash hash algorithms, to calculate
The each decile data block of file is produced to be generated pixel position corresponding to image.
8. detection method according to claim 2, it is characterised in that:Generation file is calculated using Djb2 hash algorithms every
First-class divided data block to be generated the RGB color of pixel corresponding to image.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710107578.0A CN107103235A (en) | 2017-02-27 | 2017-02-27 | A kind of Android malware detection method based on convolutional neural networks |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710107578.0A CN107103235A (en) | 2017-02-27 | 2017-02-27 | A kind of Android malware detection method based on convolutional neural networks |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107103235A true CN107103235A (en) | 2017-08-29 |
Family
ID=59675540
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710107578.0A Pending CN107103235A (en) | 2017-02-27 | 2017-02-27 | A kind of Android malware detection method based on convolutional neural networks |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107103235A (en) |
Cited By (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107665307A (en) * | 2017-09-13 | 2018-02-06 | 北京金山安全软件有限公司 | Application identification method and device, electronic equipment and storage medium |
CN107703186A (en) * | 2017-09-26 | 2018-02-16 | 电子科技大学 | Hardware Trojan horse detection method based on chip temperature field-effect |
CN108038374A (en) * | 2017-12-26 | 2018-05-15 | 郑州云海信息技术有限公司 | It is a kind of to detect the method threatened in real time |
CN108304540A (en) * | 2018-01-29 | 2018-07-20 | 腾讯科技(深圳)有限公司 | A kind of text data recognition methods, device and relevant device |
CN108647518A (en) * | 2018-03-16 | 2018-10-12 | 广东工业大学 | A kind of Android platform malware detection method based on deep learning |
CN108829607A (en) * | 2018-07-09 | 2018-11-16 | 华南理工大学 | A kind of Software Defects Predict Methods based on convolutional neural networks |
CN108924090A (en) * | 2018-06-04 | 2018-11-30 | 上海交通大学 | A kind of shadowsocks flow rate testing methods based on convolutional neural networks |
CN108985361A (en) * | 2018-07-02 | 2018-12-11 | 北京金睛云华科技有限公司 | A kind of malicious traffic stream detection implementation method and device based on deep learning |
CN109002715A (en) * | 2018-07-05 | 2018-12-14 | 东北大学秦皇岛分校 | A kind of Malware recognition methods and system based on convolutional neural networks |
CN109165510A (en) * | 2018-09-04 | 2019-01-08 | 中国民航大学 | Android malicious application detection method based on binary channels convolutional neural networks |
CN109165688A (en) * | 2018-08-28 | 2019-01-08 | 暨南大学 | A kind of Android Malware family classification device construction method and its classification method |
CN109284370A (en) * | 2018-08-20 | 2019-01-29 | 中山大学 | A kind of mobile application description and permission fidelity determination method and device based on deep learning |
CN109492395A (en) * | 2018-10-31 | 2019-03-19 | 厦门安胜网络科技有限公司 | A kind of method, apparatus and storage medium detecting rogue program |
CN109583567A (en) * | 2018-11-29 | 2019-04-05 | 四川大学 | A kind of Web autoscanner fingerprint recognition model based on CNN |
CN109636792A (en) * | 2018-12-14 | 2019-04-16 | 易思维(杭州)科技有限公司 | A kind of defect of lens detection method based on deep learning |
CN109684072A (en) * | 2017-10-18 | 2019-04-26 | 卡巴斯基实验室股份制公司 | The system and method for being used to detect the computing resource of malicious file based on machine learning model management |
CN109711160A (en) * | 2018-11-30 | 2019-05-03 | 北京奇虎科技有限公司 | Application program detection method, device and nerve network system |
CN109784056A (en) * | 2019-01-02 | 2019-05-21 | 大连理工大学 | A kind of malware detection method based on deep learning |
CN109800797A (en) * | 2018-12-29 | 2019-05-24 | 360企业安全技术(珠海)有限公司 | File black and white judgment method, device and equipment based on AI |
CN110096878A (en) * | 2019-04-26 | 2019-08-06 | 武汉智美互联科技有限公司 | A kind of detection method of Malware |
CN110427756A (en) * | 2019-06-20 | 2019-11-08 | 中国人民解放军战略支援部队信息工程大学 | Android malware detection method and device based on capsule network |
CN110532772A (en) * | 2018-05-23 | 2019-12-03 | 深信服科技股份有限公司 | File test method, model, equipment and computer readable storage medium |
CN110647747A (en) * | 2019-09-05 | 2020-01-03 | 四川大学 | False mobile application detection method based on multi-dimensional similarity |
CN110765458A (en) * | 2019-09-19 | 2020-02-07 | 浙江工业大学 | Malicious software detection method and device based on deep learning |
CN111386526A (en) * | 2018-01-24 | 2020-07-07 | 赫尔实验室有限公司 | System for continuous authentication and protection of mobile applications |
CN112329016A (en) * | 2020-12-31 | 2021-02-05 | 四川大学 | Visual malicious software detection device and method based on deep neural network |
CN108062478B (en) * | 2018-01-04 | 2021-04-02 | 北京理工大学 | Global feature visualization and local feature combined malicious code classification method |
CN113378163A (en) * | 2020-03-10 | 2021-09-10 | 四川大学 | Android malicious software family classification method based on DEX file partition characteristics |
CN114021122A (en) * | 2021-11-02 | 2022-02-08 | 北京航空航天大学 | Interactive enhanced malicious variation detection method based on time sequence network |
CN114579970A (en) * | 2022-05-06 | 2022-06-03 | 南京明博互联网安全创新研究院有限公司 | Convolutional neural network-based android malicious software detection method and system |
CN115062303A (en) * | 2022-05-31 | 2022-09-16 | 四川大学 | Android malicious software classification method based on original payload and deep learning |
EP3918500B1 (en) * | 2019-03-05 | 2024-04-24 | Siemens Industry Software Inc. | Machine learning-based anomaly detections for embedded software applications |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105989288A (en) * | 2015-12-31 | 2016-10-05 | 武汉安天信息技术有限责任公司 | Deep learning-based malicious code sample classification method and system |
CN106096411A (en) * | 2016-06-08 | 2016-11-09 | 浙江工业大学 | A kind of Android malicious code family classification method based on bytecode image clustering |
US20170017793A1 (en) * | 2015-07-15 | 2017-01-19 | Cylance Inc. | Malware detection |
-
2017
- 2017-02-27 CN CN201710107578.0A patent/CN107103235A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170017793A1 (en) * | 2015-07-15 | 2017-01-19 | Cylance Inc. | Malware detection |
CN105989288A (en) * | 2015-12-31 | 2016-10-05 | 武汉安天信息技术有限责任公司 | Deep learning-based malicious code sample classification method and system |
CN106096411A (en) * | 2016-06-08 | 2016-11-09 | 浙江工业大学 | A kind of Android malicious code family classification method based on bytecode image clustering |
Non-Patent Citations (1)
Title |
---|
KYOUNGSOO HAN,BOOJOONG KANG,EUL GYU IM: "Malware Analysis Using Visualized Image Matrices", 《PROCEEDINGS OF THE 2013 RESEARCH IN ADAPTIVE AND CONVERGENT SYSTEMS》 * |
Cited By (47)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107665307A (en) * | 2017-09-13 | 2018-02-06 | 北京金山安全软件有限公司 | Application identification method and device, electronic equipment and storage medium |
CN107703186A (en) * | 2017-09-26 | 2018-02-16 | 电子科技大学 | Hardware Trojan horse detection method based on chip temperature field-effect |
CN109684072A (en) * | 2017-10-18 | 2019-04-26 | 卡巴斯基实验室股份制公司 | The system and method for being used to detect the computing resource of malicious file based on machine learning model management |
CN109684072B (en) * | 2017-10-18 | 2023-06-27 | 卡巴斯基实验室股份制公司 | System and method for managing computing resources for detecting malicious files based on a machine learning model |
CN108038374A (en) * | 2017-12-26 | 2018-05-15 | 郑州云海信息技术有限公司 | It is a kind of to detect the method threatened in real time |
CN108062478B (en) * | 2018-01-04 | 2021-04-02 | 北京理工大学 | Global feature visualization and local feature combined malicious code classification method |
CN111386526A (en) * | 2018-01-24 | 2020-07-07 | 赫尔实验室有限公司 | System for continuous authentication and protection of mobile applications |
CN111386526B (en) * | 2018-01-24 | 2024-02-06 | 赫尔实验室有限公司 | System for continuous authentication and protection of mobile applications |
CN108304540A (en) * | 2018-01-29 | 2018-07-20 | 腾讯科技(深圳)有限公司 | A kind of text data recognition methods, device and relevant device |
CN108647518A (en) * | 2018-03-16 | 2018-10-12 | 广东工业大学 | A kind of Android platform malware detection method based on deep learning |
CN110532772B (en) * | 2018-05-23 | 2024-01-02 | 深信服科技股份有限公司 | File detection method, model, device and computer readable storage medium |
CN110532772A (en) * | 2018-05-23 | 2019-12-03 | 深信服科技股份有限公司 | File test method, model, equipment and computer readable storage medium |
CN108924090A (en) * | 2018-06-04 | 2018-11-30 | 上海交通大学 | A kind of shadowsocks flow rate testing methods based on convolutional neural networks |
CN108924090B (en) * | 2018-06-04 | 2020-12-11 | 上海交通大学 | Method for detecting traffics of shadowsocks based on convolutional neural network |
CN108985361B (en) * | 2018-07-02 | 2021-06-18 | 北京金睛云华科技有限公司 | Malicious traffic detection implementation method and device based on deep learning |
CN108985361A (en) * | 2018-07-02 | 2018-12-11 | 北京金睛云华科技有限公司 | A kind of malicious traffic stream detection implementation method and device based on deep learning |
CN109002715A (en) * | 2018-07-05 | 2018-12-14 | 东北大学秦皇岛分校 | A kind of Malware recognition methods and system based on convolutional neural networks |
CN109002715B (en) * | 2018-07-05 | 2020-09-15 | 东北大学秦皇岛分校 | Malicious software identification method and system based on convolutional neural network |
CN108829607B (en) * | 2018-07-09 | 2021-08-10 | 华南理工大学 | Software defect prediction method based on convolutional neural network |
CN108829607A (en) * | 2018-07-09 | 2018-11-16 | 华南理工大学 | A kind of Software Defects Predict Methods based on convolutional neural networks |
CN109284370A (en) * | 2018-08-20 | 2019-01-29 | 中山大学 | A kind of mobile application description and permission fidelity determination method and device based on deep learning |
CN109284370B (en) * | 2018-08-20 | 2022-05-06 | 中山大学 | Mobile application description and permission fidelity determination method and device based on deep learning |
CN109165688A (en) * | 2018-08-28 | 2019-01-08 | 暨南大学 | A kind of Android Malware family classification device construction method and its classification method |
CN109165510A (en) * | 2018-09-04 | 2019-01-08 | 中国民航大学 | Android malicious application detection method based on binary channels convolutional neural networks |
CN109165510B (en) * | 2018-09-04 | 2021-03-26 | 中国民航大学 | Android malicious application program detection method based on two-channel convolutional neural network |
CN109492395A (en) * | 2018-10-31 | 2019-03-19 | 厦门安胜网络科技有限公司 | A kind of method, apparatus and storage medium detecting rogue program |
CN109583567A (en) * | 2018-11-29 | 2019-04-05 | 四川大学 | A kind of Web autoscanner fingerprint recognition model based on CNN |
CN109711160B (en) * | 2018-11-30 | 2023-10-31 | 北京奇虎科技有限公司 | Application program detection method and device and neural network system |
CN109711160A (en) * | 2018-11-30 | 2019-05-03 | 北京奇虎科技有限公司 | Application program detection method, device and nerve network system |
CN109636792A (en) * | 2018-12-14 | 2019-04-16 | 易思维(杭州)科技有限公司 | A kind of defect of lens detection method based on deep learning |
CN109636792B (en) * | 2018-12-14 | 2020-05-22 | 易思维(杭州)科技有限公司 | Lens defect detection method based on deep learning |
CN109800797A (en) * | 2018-12-29 | 2019-05-24 | 360企业安全技术(珠海)有限公司 | File black and white judgment method, device and equipment based on AI |
CN109784056A (en) * | 2019-01-02 | 2019-05-21 | 大连理工大学 | A kind of malware detection method based on deep learning |
EP3918500B1 (en) * | 2019-03-05 | 2024-04-24 | Siemens Industry Software Inc. | Machine learning-based anomaly detections for embedded software applications |
CN110096878A (en) * | 2019-04-26 | 2019-08-06 | 武汉智美互联科技有限公司 | A kind of detection method of Malware |
CN110427756A (en) * | 2019-06-20 | 2019-11-08 | 中国人民解放军战略支援部队信息工程大学 | Android malware detection method and device based on capsule network |
CN110427756B (en) * | 2019-06-20 | 2021-05-04 | 中国人民解放军战略支援部队信息工程大学 | Capsule network-based android malicious software detection method and device |
CN110647747A (en) * | 2019-09-05 | 2020-01-03 | 四川大学 | False mobile application detection method based on multi-dimensional similarity |
CN110765458A (en) * | 2019-09-19 | 2020-02-07 | 浙江工业大学 | Malicious software detection method and device based on deep learning |
CN113378163A (en) * | 2020-03-10 | 2021-09-10 | 四川大学 | Android malicious software family classification method based on DEX file partition characteristics |
CN112329016A (en) * | 2020-12-31 | 2021-02-05 | 四川大学 | Visual malicious software detection device and method based on deep neural network |
CN114021122A (en) * | 2021-11-02 | 2022-02-08 | 北京航空航天大学 | Interactive enhanced malicious variation detection method based on time sequence network |
CN114021122B (en) * | 2021-11-02 | 2024-05-03 | 北京航空航天大学 | Interactive enhancement type malicious variety detection method based on time sequence network |
CN114579970B (en) * | 2022-05-06 | 2022-07-22 | 南京明博互联网安全创新研究院有限公司 | Convolutional neural network-based android malicious software detection method and system |
CN114579970A (en) * | 2022-05-06 | 2022-06-03 | 南京明博互联网安全创新研究院有限公司 | Convolutional neural network-based android malicious software detection method and system |
CN115062303A (en) * | 2022-05-31 | 2022-09-16 | 四川大学 | Android malicious software classification method based on original payload and deep learning |
CN115062303B (en) * | 2022-05-31 | 2024-04-05 | 四川大学 | Android malicious software classification method based on original payload and deep learning |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107103235A (en) | A kind of Android malware detection method based on convolutional neural networks | |
Shabtai et al. | Applying behavioral detection on android-based devices | |
Ceschin et al. | The need for speed: An analysis of brazilian malware classifiers | |
CN106778268A (en) | Malicious code detecting method and system | |
CN108595955A (en) | A kind of Android mobile phone malicious application detecting system and method | |
Darus et al. | Android malware detection using machine learning on image patterns | |
CN106599688A (en) | Application category-based Android malicious software detection method | |
Tufan et al. | Anomaly-based intrusion detection by machine learning: A case study on probing attacks to an institutional network | |
CN110263538A (en) | A kind of malicious code detecting method based on system action sequence | |
CN105426762A (en) | Static detection method for malice of android application programs | |
Zhang et al. | SaaS: A situational awareness and analysis system for massive android malware detection | |
CN107392021B (en) | A kind of Android malicious application detection method based on multiclass feature | |
CN110392013A (en) | A kind of Malware recognition methods, system and electronic equipment based on net flow assorted | |
CN112422531A (en) | CNN and XGboost-based network traffic abnormal behavior detection method | |
Kedziora et al. | Malware detection using machine learning algorithms and reverse engineering of android java code | |
CN105072214A (en) | C&C domain name identification method based on domain name feature | |
CN105224600A (en) | A kind of detection method of Sample Similarity and device | |
Yuan et al. | IoT malware classification based on lightweight convolutional neural networks | |
US20230418943A1 (en) | Method and device for image-based malware detection, and artificial intelligence-based endpoint detection and response system using same | |
CN106713293A (en) | Cloud platform malicious behavior detecting system and method | |
Darwaish et al. | Rgb-based android malware detection and classification using convolutional neural network | |
Mpanti et al. | A graph-based model for malicious software detection exploiting domination relations between system-call groups | |
Dehkordy et al. | DroidTKM: Detection of trojan families using the KNN classifier based on manhattan distance metric | |
Zou et al. | IMCLNet: A lightweight deep neural network for Image-based Malware Classification | |
Harbola et al. | Improved intrusion detection in DDoS applying feature selection using rank & score of attributes in KDD-99 data set |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170829 |