CN110222507B - Intelligent learning and recognition method for malicious software big data based on fuzzy hash - Google Patents

Intelligent learning and recognition method for malicious software big data based on fuzzy hash Download PDF

Info

Publication number
CN110222507B
CN110222507B CN201910424747.2A CN201910424747A CN110222507B CN 110222507 B CN110222507 B CN 110222507B CN 201910424747 A CN201910424747 A CN 201910424747A CN 110222507 B CN110222507 B CN 110222507B
Authority
CN
China
Prior art keywords
mobile software
software
file
mobile
fuzzy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910424747.2A
Other languages
Chinese (zh)
Other versions
CN110222507A (en
Inventor
官全龙
罗伟其
刘楚莹
张焕明
崔林
李哲夫
李荣君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan University
Original Assignee
Jinan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan University filed Critical Jinan University
Priority to CN201910424747.2A priority Critical patent/CN110222507B/en
Publication of CN110222507A publication Critical patent/CN110222507A/en
Application granted granted Critical
Publication of CN110222507B publication Critical patent/CN110222507B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a malicious software big data intelligent learning and identifying method based on fuzzy hash, which comprises the following steps of obtaining a mobile software folder path and reading mobile software according to the folder path; decompiling each mobile software to obtain a source code of the mobile software; preprocessing the source code of the mobile software, namely acquiring a source code characteristic value; acquiring a fuzzy hash value set and a code line number set in each file of mobile software through a source code characteristic value; then similarity score calculation and fuzzy hash value and similarity score weight calculation are carried out, similarity comparison is carried out between mobile software, a comparison result is obtained, and then mobile malicious software is screened; according to the method, the fuzzy hash value corresponding to each file of the mobile software is obtained through the mobile software source code, the similarity score and the weight are calculated by utilizing the fuzzy hash value, so that the mobile software is distinguished, malicious mobile software is effectively monitored and distinguished, a user is far away from the malicious software, and loss is reduced.

Description

Intelligent learning and recognition method for malicious software big data based on fuzzy hash
Technical Field
The invention relates to the research field of malicious software detection, in particular to a fuzzy hash-based intelligent learning and identifying method for large data of malicious software.
Background
With the rapid development of the internet and smart phones, mobile internet software is rapidly popularized, and especially application software using mobile as an operating system is prominent, so that the number of mobile internet software released each year is huge. However, the mobile internet software is increasingly prominent in safety due to the openness and popularity of the mobile internet software, and the openness and popularity of the Android application pose a threat to the safety of the mobile internet software. Lawless persons reissue by adding obfuscation and virus codes to the source code of popular native applications. And the popularity of the original application and a huge user group are utilized to induce the user to download, so that the user privacy, the mobile phone charge, the flow and the like are stolen, and virus software is rapidly transmitted. Malware tends to be reissued by modifying the native App code, and impersonating the native App propagates its malware.
In the face of increasing numbers of malicious Android application software, how to improve the detection efficiency of the malicious software becomes a research-worthy problem.
Disclosure of Invention
The invention mainly aims to overcome the defects and shortcomings of the prior art, and provides a mobile malicious software intelligent detection method based on fuzzy hash under a big data software sample, and the similarity between software can be rapidly calculated through the calculation of the fuzzy hash.
The aim of the invention is achieved by the following technical scheme:
the intelligent learning and recognition method for the big data of the malicious software based on the fuzzy hash is characterized by comprising the following steps of,
s1, acquiring a folder path of mobile software, and reading the mobile software according to the folder path;
s2, decompiling each mobile software to obtain a source code of each mobile software;
s3, preprocessing the source code of the mobile software, namely acquiring a source code characteristic value;
s4, acquiring a fuzzy hash value set and a code line number set in each file of each mobile software through a source code characteristic value;
s5, calculating the similarity of the fuzzy hash values of the source code files and the weight of the similarity score of the source code files between the software according to the fuzzy hash value set and the code line number set in each file of each mobile software, so that a similarity comparison result between the software is obtained, and further the mobile malicious software is identified.
Further, the step S2 specifically includes: and decompiling the mobile software by using a static analysis tool android, and storing source codes in corresponding files after decompiling.
Further, the source code feature value includes: the total number of lines of source codes, the fuzzy hash value and the number of lines of codes in each file of each mobile software.
Further, the pretreatment specifically comprises: acquiring the total line number of the source codes, namely writing all file codes of the mobile software into a text document, and counting the total line number of the text document;
using fuzzy hash tool to process fuzzy hash to code in each decompiled file of mobile software to obtain corresponding fuzzy hash value,
the specific process is as follows: firstly, setting a fragment value to divide codes in a decompiled file into a plurality of fragments, carrying out hash calculation on each fragment of codes by using an FNV (Fowler-Noll-Vo) algorithm to obtain hash values, taking the first 6 bits of the hash values of each fragment, compressing and representing the 6 bits of the hash values by using 1 ASCII code, and finally connecting all compressed values, namely ASCII codes, into a character string to serve as a fuzzy hash value of the source codes of the file;
each fuzzy hash value corresponds to a code in each file of a piece of mobile software; the fuzzy hash value set is as follows:
Hash A ={ahj 1 ,ahj 2 ,…,ahj m };
therein, ahj i (i=1, 2, …, m) represents a fuzzy hash value of a code in an i-th java file of the mobile software a, and m java files are decompiled by the mobile software a; bhj i (i=1, 2, …, n) represents a fuzzy hash value of a code in an i-th java file of the mobile software B, and n java files are decompiled by the mobile software B;
the method comprises the steps of obtaining the number of code lines in each file of each mobile software, wherein the number of code lines in each file of each mobile software is as follows:
L A ={alj 1 ,alj 2 ,…,alj m };
therein, alj i (i=1, 2, …, m) represents the number of lines of code in the i-th java file of the mobile software a; blj i (i=1, 2, …, n) represents the number of lines of code in the i-th java file of the mobile software B.
Further, the fuzzy hash tool is ssdeep.
Further, the number of the code fuzzy hash values of each mobile software depends on the number of files of the mobile software.
Further, the fuzzy hash value is a long string.
Further, the step S4 specifically includes:
acquiring fuzzy hash value sets of two mobile software by the source code eigenvalues:
the fuzzy hash value set of the mobile software a is: hash A ={ahj 1 ,ahj 2 ,…,ahj m };
The fuzzy hash value set of the mobile software B is: hash B ={bhj 1 ,bhj 2 ,…,bhj n };
Therein, ahj i (i=1, 2, …, m) is a fuzzy hash value of a code in an ith Java file of the mobile software a, and m Java files are obtained after decompilation of the mobile software; bhj i (i=1, 2, …, n) is a fuzzy hash value of a code in an ith Java file of the mobile software B, and n Java files are decompiled by the mobile software B;
acquiring a code line number set in a file of two mobile software through a source code characteristic value, wherein the code line number set in each file of each mobile software is as follows:
the Java file code line number set of the mobile software A is as follows: l (L) A ={alj 1 ,alj 2 ,…,alj m };
The Java file code line number set of the mobile software B is as follows: l (L) B ={blj 1 ,blj 2 ,…,blj n };
Therein, alj i (i=1, 2, …, m) is the number of lines of code in the ith Java file of the mobile software a, blj i (i=1, 2, …, n) is the number of lines of code in the i-th Java file of the mobile software B;
further, a similarity score is calculated:
score[i]=max{comp(ahj i ,bhj 1 ),comp(ahj i ,bhj 2 ),…,comp(ahj i ,bhj n )},(i=1,2,…,m);
wherein comp is a similarity algorithm for calculating hash values, comp (ahj) i ,bhj j ) Representing the ith Java file code of the mobile software AText similarity score calculation based on editing distance is carried out on the fuzzy hash value of the (j) th Java file code of the mobile software B and the fuzzy hash value of the (j) th Java file code, and max represents taking the maximum similarity value, score [ i ] in the maximum similarity value]Calculating similarity scores of ith Java file fuzzy hash value of mobile software A and mobile software B;
calculating the weight of each Java file fuzzy hash value of the mobile software A and the similarity score of the mobile software B:
weight[i]=alj i /al A ,(i=1,2,…,m);
therein, alj i The i-th Java file source code line number, al representing mobile software A A Representing the total number of source code lines of the mobile software A;
calculating the similarity score of the mobile software A and the mobile software B:
Figure BDA0002067134980000031
further, the similarity score of the mobile software a versus the mobile software B is different from the score of the mobile software B versus the mobile software a, i.e., the similarity score results are calculated unidirectionally.
Compared with the prior art, the invention has the following advantages and beneficial effects:
the invention obtains the source code of the mobile software through decompilation, preprocesses the source code, and obtains the characteristic value of the source code, which comprises the following steps: the total line number of the source codes, the fuzzy hash value and the line number of codes in each file of each mobile software; and performing similarity score calculation and weight calculation through the fuzzy hash value and the code line number to finally obtain the similarity scores of the two pieces of mobile software, so that the malicious software is rapidly and effectively identified under the condition that the sample data size of the mobile software is large.
Drawings
FIG. 1 is a flow chart of a method for intelligent learning and identifying of malicious software big data based on fuzzy hash;
FIG. 2 is a graph showing the comparison of the calculated time of the present invention with the Androgard algorithm;
FIG. 3 is a schematic diagram of the result of the similarity score calculation with the android algorithm.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but embodiments of the present invention are not limited thereto.
Examples:
an intelligent learning and recognition method for big data of malicious software based on fuzzy hash, as shown in figure 1, comprises the following steps,
the method comprises the steps of firstly, acquiring a folder path of mobile software, and reading a file of the mobile software according to the folder path;
second, decompiling the file of each mobile software to obtain the source code of each mobile software; the method comprises the following steps: and decompiling the mobile software by using a static analysis tool android, and storing source codes in corresponding files after decompiling.
Thirdly, preprocessing the source code of the mobile software to obtain a source code characteristic value; the source code characteristic value includes: the total line number of the source codes, the fuzzy hash value and the line number of codes in each file of each mobile software;
the pretreatment is specifically as follows: acquiring the total line number of the source codes, namely writing all file codes of the mobile software into a text document, and counting the total line number of the text document;
and (3) performing fuzzy hash processing on codes in each decompiled file of the mobile software by using a fuzzy hash tool, namely ssdeep algorithm, so as to obtain corresponding fuzzy hash values, wherein the specific process is as follows: firstly, setting a fragment value to divide codes in a decompiled file into a plurality of fragments, carrying out hash calculation on each fragment of codes by using an FNV (Fowler-Noll-Vo) algorithm to obtain hash values, taking the first 6 bits of the hash values of each fragment, compressing and representing the 6 bits of the hash values by using 1 ASCII code, and finally connecting all compressed values, namely ASCII codes, into a long character string to serve as a fuzzy hash value of the source codes of the file;
each fuzzy hash value corresponds to codes in each file of one mobile software, the number of the code fuzzy hash values of each mobile software depends on the number of the files of the mobile software, and the fuzzy hash values are character strings; the fuzzy hash value set is as follows:
Hash A ={ahj 1 ,ahj 2 ,…,ahj m };
therein, ahj i (i=1, 2, …, m) represents a fuzzy hash value of a code in an i-th java file of the mobile software a, and m java files are decompiled by the mobile software a; bhj i (i=1, 2, …, n) represents a fuzzy hash value of a code in an i-th java file of the mobile software B, and n java files are decompiled by the mobile software B;
the method comprises the steps of obtaining the number of code lines in each file of each mobile software, wherein the number of code lines in each file of each mobile software is as follows:
L A ={alj 1 ,alj 2 ,…,alj m };
therein, alj i (i=1, 2, …, m) represents the number of lines of code in the i-th java file of the mobile software a; blj i (i=1, 2, …, n) represents the number of lines of code in the i-th java file of the mobile software B.
Step four, acquiring a fuzzy hash value set and a code line number set in each file of each mobile software through a source code characteristic value, then carrying out similarity score calculation and weight calculation of the fuzzy hash value and the similarity score, comparing the mobile software to obtain a comparison result, and further screening the mobile malicious software;
the method comprises the following steps:
acquiring fuzzy hash value sets of two mobile software by the source code eigenvalues:
the fuzzy hash value set of the mobile software a is: hash A ={ahj 1 ,ahj 2 ,…,ahj m };
The fuzzy hash value set of the mobile software B is: hash B ={bhj 1 ,bhj 2 ,…,bhj n };
Therein, ahj i (i=1, 2, …, m) is a fuzzy hash value of the code in the ith Java file of the mobile software a, the mobileM Java files are formed after decompiling of dynamic software; bhj i (i=1, 2, …, n) is a fuzzy hash value of a code in an ith Java file of the mobile software B, and n Java files are decompiled by the mobile software B;
acquiring a code line number set in a file of two mobile software through a source code characteristic value, wherein the code line number set in each file of each mobile software is as follows:
the Java file code line number set of the mobile software A is as follows: l (L) A ={alj 1 ,alj 2 ,…,alj m };
The Java file code line number set of the mobile software B is as follows: l (L) B ={blj 1 ,blj 2 ,…,blj n };
Therein, alj i (i=1, 2, …, m) is the number of lines of code in the ith Java file of the mobile software a, blj i (i=1, 2, …, n) is the number of lines of code in the i-th Java file of the mobile software B;
calculating a similarity score:
score[i]=max{comp(ahj i ,bhj 1 ),comp(ahj i ,bhj 2 ),…,comp(ahj i ,bhj n )},(i=1,2,…,m);
wherein comp is a similarity algorithm for calculating hash values, comp (ahj) i ,bhj j ) Text similarity score calculation based on editing distance is carried out on the fuzzy hash value of the ith Java file code of the mobile software A and the fuzzy hash value of the jth Java file code of the mobile software B, and max represents taking the maximum similarity value and score [ i ]]Calculating similarity scores of ith Java file fuzzy hash value of mobile software A and mobile software B; FIG. 2 is a schematic diagram of the comparison result of the calculation time of the invention with the Androgard algorithm, wherein the abscissa is a mobile software pair, the ordinate is the calculation time, the solid bar is the calculation time of the Androgard, and the hollow bar is the calculation time of the invention; FIG. 3 is a schematic diagram of the calculation result of similarity score between the invention and the android algorithm, wherein the abscissa is a mobile software pair, the ordinate is a similarity score, the solid bar is an android similarity score, and the hollow bar is a similarity score; wherein Androgard in the legend represents Androgard calculationIn the method, CFH represents the method of the invention;
calculating the weight of each Java file fuzzy hash value of the mobile software A and the similarity score of the mobile software B:
weight[i]=alj i /al A ,(i=1,2,…,m);
therein, alj i The i-th Java file source code line number, al representing mobile software A A Representing the total number of source code lines of the mobile software A;
calculating the similarity score of the mobile software A and the mobile software B:
Figure BDA0002067134980000061
the similarity score of the mobile software A and the mobile software B is different from the score of the mobile software B and the mobile software A, namely the similarity score result is calculated unidirectionally.
The above examples are preferred embodiments of the present invention, but the embodiments of the present invention are not limited to the above examples, and any other changes, modifications, substitutions, combinations, and simplifications that do not depart from the spirit and principle of the present invention should be made in the equivalent manner, and the embodiments are included in the protection scope of the present invention.

Claims (9)

1. The intelligent learning and recognition method for the big data of the malicious software based on the fuzzy hash is characterized by comprising the following steps of,
s1, acquiring a folder path of mobile software, and reading the mobile software according to the folder path;
s2, decompiling each mobile software to obtain a source code of each mobile software;
s3, preprocessing the source code of the mobile software, namely acquiring a source code characteristic value;
s4, acquiring a fuzzy hash value set and a code line number set in each file of each mobile software through a source code characteristic value;
s5, calculating the weight of the similarity of the fuzzy hash values of the source code files and the similarity score of the source code files between the software according to the fuzzy hash value set and the code line number set in each file of each mobile software, so as to obtain a similarity comparison result between the software, and further identifying the mobile malicious software;
the step S5 specifically comprises the following steps:
calculating a similarity score:
score[i]=max{comp(ahj i ,bhj 1 ),comp(ahj i ,bhj 2 ),…,comp(ahj i ,bhj n )},i=1,2,…,m;
wherein comp is a similarity algorithm for calculating hash values, comp (ahj) i ,bhj j ) Representation will ahj i And bhj j Text similarity score calculation based on coding distance is performed ahj i Fuzzy hash value bhj representing code in ith java file of mobile software a j A fuzzy hash value of codes in a j-th java file of the mobile software B is represented; max represents the maximum similarity value taken from the values of score [ i ]]Calculating similarity scores of ith Java file fuzzy hash value of mobile software A and mobile software B; m represents the total number of Java files after decompiling of the mobile software A; j=1, 2, …, n, n represents the total number of Java files decompiled by the mobile software B;
calculating the weight of each Java file fuzzy hash value of the mobile software A and the similarity score of the mobile software B:
weight[i]=alj i /al A
therein, alj i The i-th Java file source code line number, al representing mobile software A A Representing the total number of source code lines of the mobile software A;
calculating the similarity score of the mobile software A and the mobile software B:
Figure FDA0004255509030000011
2. the intelligent learning and identifying method for the malicious software big data based on fuzzy hashing according to claim 1, wherein the step S2 is specifically: and decompiling the mobile software by using a static analysis tool android, and storing source codes in corresponding files after decompiling.
3. The intelligent learning and identifying method for malicious software big data based on fuzzy hashing according to claim 1, wherein the source code characteristic value comprises: the total number of lines of source codes, the fuzzy hash value and the number of lines of codes in each file of each mobile software.
4. The intelligent learning and identifying method for malicious software big data based on fuzzy hashing according to claim 3, wherein the preprocessing specifically comprises the following steps: acquiring the total line number of the source codes, writing all file codes of the mobile software into a text document, and counting the total line number of the text document;
and carrying out fuzzy hash processing on codes in each decompiled file of the mobile software by using a fuzzy hash tool to obtain corresponding fuzzy hash values, wherein the specific process is as follows: firstly, setting a fragment value to divide codes in a decompiled file into a plurality of fragments, carrying out hash calculation on each fragment of codes by using an FNV (Fowler-Noll-Vo) algorithm to obtain hash values, taking the first 6 bits of the hash values of each fragment, compressing and representing the 6 bits of the hash values by using 1 ASCII code, and finally connecting all compressed values, namely ASCII codes, into a character string to serve as a fuzzy hash value of the source codes of the file;
each fuzzy hash value corresponds to a code in each file of a piece of mobile software; the fuzzy hash value set is as follows:
Hash A ={ahj 1 ,ahj 2 ,…,ahj m };
the method comprises the steps of obtaining the number of code lines in each file of each mobile software, wherein the number of code lines in each file of each mobile software is as follows:
L A ={alj 1 ,alj 2 ,…,alj m }。
5. the intelligent learning and identifying method for malicious software big data based on fuzzy hashing according to claim 4, wherein the fuzzy hashing tool is ssdeep.
6. The intelligent learning and identifying method for malicious software big data based on fuzzy hash according to claim 4, wherein the number of code fuzzy hash values of each mobile software depends on the number of files of the mobile software.
7. The intelligent learning and recognition method for the malicious software big data based on fuzzy hash according to claim 4, wherein the fuzzy hash value is a long character string.
8. The intelligent learning and identifying method for the malicious software big data based on fuzzy hashing according to claim 1, wherein the step S4 is specifically:
acquiring fuzzy hash value sets of two mobile software by the source code eigenvalues:
the fuzzy hash value set of the mobile software a is: hash A ={ahj 1 ,ahj 2 ,…,ahj m };
The fuzzy hash value set of the mobile software B is: hash B ={bhj 1 ,bhj 2 ,…,bhj n };
Acquiring a code line number set in a file of two mobile software through a source code characteristic value, wherein the code line number set in each file of each mobile software is as follows:
the Java file code line number set of the mobile software A is as follows: l (L) A ={alj 1 ,alj 2 ,…,alj m };
The Java file code line number set of the mobile software B is as follows: l (L) B ={blj 1 ,blj 2 ,…,blj n };
Therein, blj j Is the number of lines of code in the j-th Java file of the mobile software B.
9. The intelligent learning and identifying method for malicious software big data based on fuzzy hashing according to claim 1, wherein the similarity score is different from the similarity score of the mobile software a to the mobile software B and the similarity score of the mobile software B to the mobile software a, and the similarity score result is calculated unidirectionally.
CN201910424747.2A 2019-05-21 2019-05-21 Intelligent learning and recognition method for malicious software big data based on fuzzy hash Active CN110222507B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910424747.2A CN110222507B (en) 2019-05-21 2019-05-21 Intelligent learning and recognition method for malicious software big data based on fuzzy hash

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910424747.2A CN110222507B (en) 2019-05-21 2019-05-21 Intelligent learning and recognition method for malicious software big data based on fuzzy hash

Publications (2)

Publication Number Publication Date
CN110222507A CN110222507A (en) 2019-09-10
CN110222507B true CN110222507B (en) 2023-07-07

Family

ID=67821547

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910424747.2A Active CN110222507B (en) 2019-05-21 2019-05-21 Intelligent learning and recognition method for malicious software big data based on fuzzy hash

Country Status (1)

Country Link
CN (1) CN110222507B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112487432A (en) * 2020-12-10 2021-03-12 杭州安恒信息技术股份有限公司 Method, system and equipment for malicious file detection based on icon matching
CN115022011B (en) * 2022-05-30 2024-02-02 北京天融信网络安全技术有限公司 Method, device, equipment and medium for identifying access request of missing scan software

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8312546B2 (en) * 2007-04-23 2012-11-13 Mcafee, Inc. Systems, apparatus, and methods for detecting malware
US8806641B1 (en) * 2011-11-15 2014-08-12 Symantec Corporation Systems and methods for detecting malware variants
CN104978522B (en) * 2014-04-10 2018-05-08 北京启明星辰信息安全技术有限公司 A kind of method and apparatus for detecting malicious code
CN104063318A (en) * 2014-06-24 2014-09-24 湘潭大学 Rapid Android application similarity detection method

Also Published As

Publication number Publication date
CN110222507A (en) 2019-09-10

Similar Documents

Publication Publication Date Title
CN109005145B (en) Malicious URL detection system and method based on automatic feature extraction
CN109359439B (en) software detection method, device, equipment and storage medium
WO2019096099A1 (en) Real-time detection method and apparatus for dga domain name
CN109829306B (en) Malicious software classification method for optimizing feature extraction
WO2015101097A1 (en) Method and device for feature extraction
CN104123501B (en) A kind of viral online test method based on many assessor set
CN107679403B (en) Lesso software variety detection method based on sequence comparison algorithm
Harichandran et al. Bytewise approximate matching: the good, the bad, and the unknown
CN110222507B (en) Intelligent learning and recognition method for malicious software big data based on fuzzy hash
CN106845220B (en) Android malicious software detection system and method
CN111639337A (en) Unknown malicious code detection method and system for massive Windows software
CN111723371B (en) Method for constructing malicious file detection model and detecting malicious file
Naik et al. Evaluating automatically generated YARA rules and enhancing their effectiveness
CN1235108C (en) Computer viruses detection and identification system and method
CN107451467A (en) A kind of weak passwurd check method and device
CN110704841A (en) Convolutional neural network-based large-scale android malicious application detection system and method
Zhao et al. A retrieval algorithm for encrypted speech based on perceptual hashing
Lian et al. Cryptomining malware detection based on edge computing-oriented multi-modal features deep learning
CN105243327B (en) A kind of secure file processing method
CN105468972B (en) A kind of mobile terminal document detection method
CN109284465B (en) URL-based web page classifier construction method and classification method thereof
CN111818067B (en) Flow characteristic extraction method and device
WO2020233322A1 (en) Description-entropy-based intelligent detection method for big data mobile software similarity
CN111553386B (en) AdaBoost and CNN-based intrusion detection method
CN110197068B (en) Android malicious application detection method based on improved grayish wolf algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant