CN103268443A - Symbol-based Android malicious code detection method and system - Google Patents
Symbol-based Android malicious code detection method and system Download PDFInfo
- Publication number
- CN103268443A CN103268443A CN2012105795415A CN201210579541A CN103268443A CN 103268443 A CN103268443 A CN 103268443A CN 2012105795415 A CN2012105795415 A CN 2012105795415A CN 201210579541 A CN201210579541 A CN 201210579541A CN 103268443 A CN103268443 A CN 103268443A
- Authority
- CN
- China
- Prior art keywords
- file
- symbol
- symbolic
- information
- sign pattern
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a symbol-based Android malicious code detection method and system. The method comprises the following steps: resolving a file in a program to be detected, acquiring and recording the symbol information of each file, and marking a symbol type; filtering symbol information of the file according to a keyword feature library; and matching all filtered symbol information and symbol types with a symbol rule in a symbol feature library, and if the quantity of successful matching of symbol contents and corresponding symbol types in any symbol rule is larger than a preset value, outputting a virus name which corresponds to the symbol rule, otherwise, ending detection. The invention further provides a symbol-based Android malicious code detection system. Due to the adoption of the method and the system provided by the invention, malicious code detection can be performed on symbol information in the program to be detected, and even if resource files and data change, detection can be performed according to extracted symbol information features.
Description
Technical field
The present invention relates to the malicious code of mobile terminal detection technique, particularly a kind of Android malicious code detecting method and system based on symbol.
Background technology
Along with the development of mobile communications network, the smart mobile phone that merges 3C becomes the development trend of portable terminal.The kind that mobile phone is used has greatly been enriched in the appearance of smart mobile phone, for mobile value-added service provides terminal-based.But meanwhile, smart mobile phone popular also given growing and wreak havoc and having created convenience of mobile phone viruses, and mobile phone is becoming hacker, viral fabricator's fresh target.Therefore in the face of the increasingly serious personal data safety problem of situation, each security firm is all developing the viral testing mechanism of stability and high efficiency more.It generally all is extensively to adopt the eigenwert scanning technique in the file to detect that but present Malware is declared the method for grinding, in case resource file and data change, the eigenwert of file also changes thereupon, so malicious code can change compiling file and escapes detection by revising resource file and data file.
Summary of the invention
The invention provides a kind of Android malicious code detecting method based on symbol, by the symbolic information in the file is detected, solved that eigenwert causes the problem that can't detect with data variation in the eigenwert scan method.
A kind of Android malicious code detecting method based on symbol comprises:
The file for the treatment of in the trace routine is resolved, and obtains and record the symbolic information of each file, and the label symbol type, and the symbolic information of described file is all symbols in the file; The sign pattern of described file comprises at least: API, FILENAME and UNKNOWN;
Symbolic information and the sign pattern of traversal All Files, judge whether sign pattern is UNKNOWN, if, then according to the symbol content matching symbols information in key characteristics storehouse, if described symbolic information is identical with arbitrary symbol content in the key characteristics storehouse, then symbol content corresponding symbol type is the sign pattern of current sign information in the key characteristics storehouse, symbolic information and the sign pattern of output current file; If do not comprise symbol content in the key characteristics storehouse, then carry out the judgement of next file; Otherwise symbolic information and the symbol content of direct output file; Described key characteristics storehouse is the set of symbolic information and the corresponding sign pattern of known file;
Whole symbolic information and the coupling of the symbolic rule in sign pattern and the symbolic feature storehouse with output, if with symbol content in arbitrary symbolic rule and the quantity of corresponding symbol type matching success greater than preset value, the corresponding Virus Name of output symbol rule then, otherwise detection of end; Described symbolic feature comprises symbolic rule and Virus Name in the storehouse at least, and described symbolic rule is whole symbolic information of known malicious code and the set of corresponding sign pattern.
In the described method, the file in the described program to be detected comprises at least: dex file, apk file, resource file and elf file.
In the described method, the symbolic information of described file comprises at least: overall static data symbol, URL or the SP number among the rodata in the file path of each Archive sit, the resource symbol in the resource file, the elf file in the type function in the dex file, the apk file.
In the described method, the type function in the described dex file is to press class name and function name to the spliced functional symbol information of the API information group of each function.
A kind of Android malicious code detection system based on symbol comprises:
Parsing module is resolved for the file for the treatment of trace routine, obtains and record the symbolic information of each file, and the label symbol type, and the symbolic information of described file is all symbols in the file; The sign pattern of described file comprises at least: API, FILENAME and UNKNOWN;
Filtering module, the symbolic information and the sign pattern that are used for the traversal All Files, judge whether sign pattern is UNKNOWN, if, then according to the symbol content matching symbols information in key characteristics storehouse, if described symbolic information is identical with arbitrary symbol content in the key characteristics storehouse, then symbol content corresponding symbol type is the sign pattern of current sign information in the key characteristics storehouse, exports symbolic information and the sign pattern of current file; If do not comprise symbol content in the key characteristics storehouse, then carry out the judgement of next file; Otherwise symbolic information and the symbol content of direct output file;
Matching module, symbolic rule coupling for the whole symbolic information that will export and sign pattern and symbolic feature storehouse, if with symbol content in arbitrary symbolic rule and the quantity of corresponding symbol type matching success greater than preset value, the corresponding Virus Name of output symbol rule then, otherwise detection of end; Described symbolic feature comprises symbolic rule and Virus Name in the storehouse at least, and described symbolic rule is whole symbolic information of known malicious code and the set of corresponding sign pattern.
In the described system, the file in the described program to be detected comprises at least: dex file, apk file, resource file and elf file.
In the described system, the symbolic information of described file comprises at least: overall static data symbol, URL or the SP number among the rodata in the file path of each Archive sit, the resource symbol in the resource file, the elf file in the type function in the dex file, the apk file.
In the described system, the type function in the described dex file is to press class name and function name to the spliced functional symbol information of the API information group of each function.
Method and system of the present invention, detection to the mobile phone malicious code does not rely on dex file and data code segment data, detect and the symbolic information that malice file in the mobile phone file is often used extracted, even resource file and data change, also can detect according to the symbolic information feature of extracting, malicious code can not be changed compiling file by modification resource file and data file escape detection, improve the malicious code recall rate.
Description of drawings
In order to be illustrated more clearly in the present invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, the accompanying drawing that describes below only is some embodiment that put down in writing among the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of Android malicious code detecting method process flow diagram based on symbol of the present invention;
Fig. 2 is a kind of Android malicious code detecting method embodiment process flow diagram based on symbol of the present invention;
Fig. 3 is a kind of Android malicious code detection system structural representation based on symbol of the present invention.
Embodiment
In order to make those skilled in the art person understand technical scheme in the embodiment of the invention better, and above-mentioned purpose of the present invention, feature and advantage can be become apparent more, below in conjunction with accompanying drawing technical scheme among the present invention is described in further detail.
Utilizable symbolic information can comprise that Apk installation kit file name information is the symbolic information of path type at the detection of the mobile phone Malware of Android platform; The symbolic information that URL or the SP type of number are arranged among the resource.arsc; The symbolic information that URL or the SP type of number are arranged in the elf file; The symbolic information that type function is arranged in the Dex file in call parameters, also has the symbolic information of URL or the SP type of number simultaneously.Wherein, the Dex file is to adopt the OO constructive system that is similar to java, to the class symbol, there are strict requirement and definition in functional symbol and path, and adopted a large amount of technology based on functional symbol, for example reflection is called, function addressing etc., and these provide strong data message support all for the detection of malicious code.No matter be one in the APK routine package file or independent dex file, all comprise the symbolic information that mass efficient can be used for detecting, can be used as a kind of malicious code gene tester based on symbol, a kind of android malicious code detecting method that possesses higher heuristic ability and accuracy is provided.
The invention provides a kind of Android malicious code detecting method based on symbol, by the symbolic information in the file is detected, solved that eigenwert causes the problem that can't detect with data variation in the eigenwert scan method.
A kind of Android malicious code detecting method based on symbol as shown in Figure 1, comprising:
S101: the file for the treatment of in the trace routine is resolved, and obtains and record the symbolic information of each file, and the label symbol type, and the symbolic information of described file is all symbols in the file; The sign pattern of described file comprises at least: API, FILENAME and UNKNOWN;
S102: symbolic information and the sign pattern of traversal All Files, judge whether sign pattern is UNKNOWN, if then carry out S104, otherwise carry out S105;
S103: according to the symbol content matching symbols information in key characteristics storehouse, judge that described symbolic information is whether identical with arbitrary symbol content in the key characteristics storehouse, if, then carry out S104, return S102, carry out the judgement of next file; Described key characteristics storehouse is the set of symbolic information and the corresponding sign pattern of known file;
S104: symbol content corresponding symbol type is the sign pattern of current sign information in the key characteristics storehouse, and symbolic information and the sign pattern of output current file are carried out S106;
S105: symbolic information and the sign pattern of direct output file;
S106: the symbolic rule coupling in the whole symbolic information that will export and sign pattern and the symbolic feature storehouse, if with symbol content in arbitrary symbolic rule and the quantity of corresponding symbol type matching success greater than preset value, the corresponding Virus Name of output symbol rule then, otherwise detection of end; Described symbolic feature comprises symbolic rule and Virus Name in the storehouse at least, and described symbolic rule is whole symbolic information of known malicious code and the set of corresponding sign pattern.
In the described method, the file in the described program to be detected comprises at least: dex file, apk file, resource file and elf file.
In the described method, the symbolic information of described file comprises at least: overall static data symbol, URL or the SP number among the rodata in the file path of each Archive sit, the resource symbol in the resource file, the elf file in the type function in the dex file, the apk file.
In the described method, the type function in the described dex file is to press class name and function name to the spliced functional symbol information of the API information group of each function.
For better understanding the inventive method, as shown in Figure 2, the inventive method is illustrated.
Before carrying out the malicious code detection, set up key characteristics storehouse and symbolic feature storehouse in advance, the key characteristics storehouse is designated as SymKeyDatabase in the present embodiment, and symbol content and sign pattern are designated as an iKeySymList array; The symbolic feature storehouse is designated as SymRuleDatabase, it is the array that has recorded symbolic rule and corresponding virus name in the symbolic feature storehouse, described array is designated as iRuleList, each array node is designated as SymRule, comprise symbolic rule and corresponding Virus Name, symbolic rule is the array iSymList that has recorded sign pattern and corresponding symbol content, and each array node is designated as SymNode, sign pattern is designated as type, and symbol content is designated as symbol.
S201: the file for the treatment of in the trace routine is resolved, and obtains and record the symbolic information of each file, and the label symbol type; Be that example describes to detect dex file, apk file, resource.arsc file and elf file;
Detect the dex file, the dex file is carried out format analysis, identify all structures, then method_ids is scanned, and according to class name and function name the API information of each function is spliced, formation function symbolic information group deposits in the SymNode array complete API symbolic information as the symbol symbol content in, and the corresponding symbol type is API;
Detect the apk file, file is carried out format analysis, all fileinfo nodes in the identification file structure are stored as among the SymNode file path as the symbol symbolic information, and the corresponding symbol type is FILENAME;
Detect the resource.arsc file, this document is carried out format analysis, identify all resource symbol information, resource symbol is stored as among the SymNode as the symbol symbolic information, the corresponding symbol type is UNKNOWN;
Detect the elf file, file is carried out format analysis, identify the overall static data symbolic information among all rodata, and it is stored as among the SymNode as the symbol symbolic information, the corresponding symbol type is UNKNOWN.
S202: travel through each SymNode, judge whether sign pattern is UNKNOWN, if then carry out S203, otherwise directly export SymNode as symbol to be detected;
S203: call key characteristics storehouse matching symbols information, judge the symbol content that whether comprises among the symbolic information symbol among the crucial subcharacter storehouse SymKeyDatabase, if then symbol content corresponding symbol type is designated as the sign pattern of current SymNode, and export SymNode as symbol to be detected, otherwise return S202;
S204: the SymNode that travels through each coupling back output, mate with the array iSymList of each symbol content among the SymRule among the SymRuleDatabase of symbolic feature storehouse, if with wherein a certain array node is identical, the virus name of then output correspondence, otherwise detection of end.
With the mode of symbolic feature storehouse coupling in, can be according to the default different matching condition of actual conditions, as identical, comprise or default identical threshold value etc.
A kind of Android malicious code detection system based on symbol as shown in Figure 3, comprising:
In the described system, the file in the described program to be detected comprises at least: dex file, apk file, resource file and elf file.
In the described system, the symbolic information of described file comprises at least: overall static data symbol, URL or the SP number among the rodata in the file path of each Archive sit, the resource symbol in the resource file, the elf file in the type function in the dex file, the apk file.
In the described system, the type function in the described dex file is to press class name and function name to the spliced functional symbol information of the API information group of each function.
Method and system of the present invention, detection to the mobile phone malicious code does not rely on dex file and data code segment data, detect and the symbolic information that malice file in the mobile phone file is often used extracted, even resource file and data change, also can detect according to the symbolic information feature of extracting, malicious code can not be changed compiling file by modification resource file and data file escape detection, improve the malicious code recall rate.
Method and system of the present invention, detection to the mobile phone malicious code does not rely on dex file and data code segment data, detect and the symbolic information that malice file in the mobile phone file is often used extracted, even resource file and data change, also can detect according to the symbolic information feature of extracting, malicious code can not be changed compiling file by modification resource file and data file escape detection, improve the malicious code recall rate.
The invention provides a kind of Android malicious code detecting method and system based on symbol, comprising: the file for the treatment of in the trace routine is resolved, and obtains and record the symbolic information of each file, and the label symbol type; According to the key characteristics storehouse, the symbolic information of kill file; With after filtering whole symbolic information and the symbolic rule in sign pattern and the symbolic feature storehouse mate, if with symbol content in arbitrary symbolic rule and the quantity of corresponding symbol type matching success greater than preset value, the corresponding Virus Name of output symbol rule then, otherwise detection of end.The present invention also provides the Android malicious code detection system based on symbol.By method and system of the present invention, can carry out the malicious code detection by the symbolic information for the treatment of in the trace routine, even resource file and data change, also can detect according to the symbolic information feature of extracting.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, and identical similar part is mutually referring to getting final product between each embodiment, and each embodiment stresses is difference with other embodiment.Especially, for system embodiment, because it is substantially similar in appearance to method embodiment, so description is fairly simple, relevant part gets final product referring to the part explanation of method embodiment.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (8)
1. the Android malicious code detecting method based on symbol is characterized in that, comprising:
The file for the treatment of in the trace routine is resolved, and obtains and record the symbolic information of each file, and the label symbol type; The sign pattern of described file comprises at least: API, FILENAME and UNKNOWN;
Symbolic information and the sign pattern of traversal All Files, judge whether sign pattern is UNKNOWN, if, then according to the symbol content matching symbols information in key characteristics storehouse, if described symbolic information is identical with arbitrary symbol content in the key characteristics storehouse, then symbol content corresponding symbol type is the sign pattern of current sign information in the key characteristics storehouse, symbolic information and the sign pattern of output current file; If do not comprise symbol content in the key characteristics storehouse, then carry out the judgement of next file; Otherwise symbolic information and the symbol content of direct output file; Described key characteristics storehouse is the set of symbolic information and the corresponding sign pattern of known file;
Whole symbolic information and the coupling of the symbolic rule in sign pattern and the symbolic feature storehouse with output, if with symbol content in arbitrary symbolic rule and the quantity of corresponding symbol type matching success greater than preset value, the corresponding Virus Name of output symbol rule then, otherwise detection of end; Described symbolic feature comprises symbolic rule and Virus Name in the storehouse at least, and described symbolic rule is whole symbolic information of known malicious code and the set of corresponding sign pattern.
2. the method for claim 1 is characterized in that, the file in the described program to be detected comprises at least: dex file, apk file, resource file and elf file.
3. method as claimed in claim 2, it is characterized in that the symbolic information of described file comprises at least: overall static data symbol, URL or the SP number among the rodata in the file path of each Archive sit, the resource symbol in the resource file, the elf file in the type function in the dex file, the apk file.
4. method as claimed in claim 3 is characterized in that, the type function in the described dex file is to press class name and function name to the spliced functional symbol information of the API information group of each function.
5. the Android malicious code detection system based on symbol is characterized in that, comprising:
Parsing module is resolved for the file for the treatment of trace routine, obtains and record the symbolic information of each file, and the label symbol type; The sign pattern of described file comprises at least: API, FILENAME and UNKNOWN;
Filtering module, the symbolic information and the sign pattern that are used for the traversal All Files, judge whether sign pattern is UNKNOWN, if, then according to the symbol content matching symbols information in key characteristics storehouse, if described symbolic information is identical with arbitrary symbol content in the key characteristics storehouse, then symbol content corresponding symbol type is the sign pattern of current sign information in the key characteristics storehouse, exports symbolic information and the sign pattern of current file; If do not comprise symbol content in the key characteristics storehouse, then carry out the judgement of next file; Otherwise symbolic information and the symbol content of direct output file; Described key characteristics storehouse is the set of symbolic information and the corresponding sign pattern of known file;
Matching module, symbolic rule coupling for the whole symbolic information that will export and sign pattern and symbolic feature storehouse, if with symbol content in arbitrary symbolic rule and the quantity of corresponding symbol type matching success greater than preset value, the corresponding Virus Name of output symbol rule then, otherwise detection of end; Described symbolic feature comprises symbolic rule and Virus Name in the storehouse at least, and described symbolic rule is whole symbolic information of known malicious code and the set of corresponding sign pattern.
6. system as claimed in claim 5 is characterized in that, the file in the described program to be detected comprises at least: dex file, apk file, resource file and elf file.
7. system as claimed in claim 6, it is characterized in that the symbolic information of described file comprises at least: overall static data symbol, URL or the SP number among the rodata in the file path of each Archive sit, the resource symbol in the resource file, the elf file in the type function in the dex file, the apk file.
8. system as claimed in claim 7 is characterized in that, the type function in the described dex file is to press class name and function name to the spliced functional symbol information of the API information group of each function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210579541.5A CN103268443B (en) | 2012-12-27 | 2012-12-27 | A kind of Android malicious code detecting method based on symbol and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210579541.5A CN103268443B (en) | 2012-12-27 | 2012-12-27 | A kind of Android malicious code detecting method based on symbol and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103268443A true CN103268443A (en) | 2013-08-28 |
| CN103268443B CN103268443B (en) | 2016-08-10 |
Family
ID=49012071
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210579541.5A Active CN103268443B (en) | 2012-12-27 | 2012-12-27 | A kind of Android malicious code detecting method based on symbol and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103268443B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104700030A (en) * | 2013-12-04 | 2015-06-10 | 腾讯科技(深圳)有限公司 | Virus data searching method, device and server |
| CN106295343A (en) * | 2016-08-24 | 2017-01-04 | 北京奇虎测腾科技有限公司 | A kind of source code distributed detection system based on serializing intermediate representation and method |
| CN107819783A (en) * | 2017-11-27 | 2018-03-20 | 深信服科技股份有限公司 | A kind of network security detection method and system based on threat information |
| CN108111508A (en) * | 2017-12-19 | 2018-06-01 | 浙江维融电子科技股份有限公司 | A kind of print control instrument security protection system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080016573A1 (en) * | 2006-07-13 | 2008-01-17 | Aladdin Knowledge System Ltd. | Method for detecting computer viruses |
| CN101162485A (en) * | 2006-10-11 | 2008-04-16 | 飞塔信息科技(北京)有限公司 | Method and system for processing computer malicious code |
| US7861304B1 (en) * | 2004-05-07 | 2010-12-28 | Symantec Corporation | Pattern matching using embedded functions |
| CN102779257A (en) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | Security detection method and system of Android application program |
-
2012
- 2012-12-27 CN CN201210579541.5A patent/CN103268443B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7861304B1 (en) * | 2004-05-07 | 2010-12-28 | Symantec Corporation | Pattern matching using embedded functions |
| US20080016573A1 (en) * | 2006-07-13 | 2008-01-17 | Aladdin Knowledge System Ltd. | Method for detecting computer viruses |
| CN101162485A (en) * | 2006-10-11 | 2008-04-16 | 飞塔信息科技(北京)有限公司 | Method and system for processing computer malicious code |
| CN102779257A (en) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | Security detection method and system of Android application program |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104700030A (en) * | 2013-12-04 | 2015-06-10 | 腾讯科技(深圳)有限公司 | Virus data searching method, device and server |
| CN104700030B (en) * | 2013-12-04 | 2017-12-01 | 腾讯科技(深圳)有限公司 | A kind of viral data search method, device and server |
| CN106295343A (en) * | 2016-08-24 | 2017-01-04 | 北京奇虎测腾科技有限公司 | A kind of source code distributed detection system based on serializing intermediate representation and method |
| CN106295343B (en) * | 2016-08-24 | 2019-03-12 | 北京奇虎测腾安全技术有限公司 | A kind of source code distributed detection system and method based on serializing intermediate representation |
| CN107819783A (en) * | 2017-11-27 | 2018-03-20 | 深信服科技股份有限公司 | A kind of network security detection method and system based on threat information |
| CN108111508A (en) * | 2017-12-19 | 2018-06-01 | 浙江维融电子科技股份有限公司 | A kind of print control instrument security protection system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103268443B (en) | 2016-08-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102243699B (en) | Malicious code detection method and system | |
| KR101162051B1 (en) | Using string comparison malicious code detection and classification system and method | |
| US8713680B2 (en) | Method and apparatus for modeling computer program behaviour for behavioural detection of malicious program | |
| US9824212B2 (en) | Method and system for recognizing advertisement plug-ins | |
| CN103268445B (en) | A kind of android malicious code detecting method based on OpCode and system | |
| CN102663281B (en) | Method and device for detecting malicious software | |
| CN104346569A (en) | Method and device for identifying malicious advertisements in mobile terminal and mobile terminal | |
| CN102647414B (en) | Protocol analysis method, protocol analysis device and protocol analysis system | |
| CN103839005A (en) | Malware detection method and malware detection system of mobile operating system | |
| CN103595774A (en) | System application uninstalling method and device with terminal based on server side | |
| RU2011152811A (en) | METHOD FOR IDENTIFYING FALSE POSITIVE RESULTS OF SCANNING FILES FOR Malicious software | |
| CN103473346A (en) | Android re-packed application detection method based on application programming interface | |
| CN105426761A (en) | Identification method for illegal application and mobile terminal | |
| CN103268443A (en) | Symbol-based Android malicious code detection method and system | |
| CN103905379A (en) | Method for identifying internet users and device thereof | |
| CN108416212A (en) | Method for identifying application program and device | |
| CN106790727A (en) | Information push method and device | |
| CN104123496B (en) | The hold-up interception method and device of a kind of rogue software, terminal | |
| CN104361285A (en) | Method and device for detecting security of application programs of mobile devices | |
| CN105718795A (en) | Malicious code evidence obtaining method and system on the basis of feature code under Linux | |
| CN106845227A (en) | A kind of malicious script detection method and system based on ragel state machines | |
| CN103914654A (en) | Method and system for detecting malicious code during operation of Android ART | |
| CN105653949A (en) | Malicious program detection method and device | |
| CN102547710B (en) | The method and apparatus of detecting virus in mobile communication system | |
| CN105320886B (en) | Detect the method and mobile terminal that whether there is Malware in mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 430000, Hubei province East Lake Wuhan New Technology Development Zone Software Park East Road 1 software industry phase 4-1, B4, building 12, room 01 Applicant after: Wuhan Antian Information Technology Co., Ltd. Address before: 430000 Hubei Development Zone, East Lake, Optics Valley Venture Street, building 6, building 2, building Applicant before: Wuhan Antian Information Technology Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |