CN104008332A - Intrusion detection system based on Android platform - Google Patents
Intrusion detection system based on Android platform Download PDFInfo
- Publication number
- CN104008332A CN104008332A CN201410180420.2A CN201410180420A CN104008332A CN 104008332 A CN104008332 A CN 104008332A CN 201410180420 A CN201410180420 A CN 201410180420A CN 104008332 A CN104008332 A CN 104008332A
- Authority
- CN
- China
- Prior art keywords
- data
- android
- detection system
- mobile phone
- data analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an intrusion detection system based on an Android platform. The intrusion detection system mainly comprises a data extraction module, a data analysis engine and a response processing module. The data extraction module is mainly used for extracting characteristics of body activity information of a mobile phone with an Android system. The data analysis engine is used for analyzing extracted and sorted data through a detection algorithm and judging whether intrusion behaviors or abnormal behaviors exist or not. The response processing module is used for executing corresponding processing operations according to an analysis result of the data analysis engine. The intrusion detection system monitors the resource use condition, course information and network flow of the mobile phone in real time and judges whether a system is intruded or not through a Bayes classifier algorithm, and abnormality of the Android mobile phone can be effectively detected through the intrusion detection system.
Description
Technical field
The present invention relates to the Intrusion Detection Technique of intelligent terminal, be specifically related to a kind of intruding detection system based on Android platform.
Background technology
Mobile terminal is followed the Mobile Communication Development history of existing decades as simple communication equipment, development along with intellectualized technology, derivative and next mobile intelligent terminal, especially Android system and IOS system, fundamentally changed the tradition location of terminal as mobile network's tip, and crucial entrance and the main innovation platform of Internet service have been become, new media, ecommerce and information service platform, the most important hinge of Internet resources, mobile network resource and environmental interaction resource.
Along with the develop rapidly of intelligent terminal technology, smart mobile phone has become the important component part of people's life.The market share of smart mobile phone increases severely, wherein Android mobile phone occuping market leading position.The Android of Google is the comprehensive software frame proposing for Intelligent mobile equipment, is to take Linux as the basic operating system of increasing income.Android is as a framework of increasing income, and it provides API for most software and hardware assembly.Third party developer can develop the application program of oneself by the API that uses Android SDK (Software Development Kit) (SDK) to provide.Moreover, developer can also develop and revise the function of kernel level, and this has brought serious security threat to intelligent mobile phone platform.Although Android itself just has good security mechanism, as realized security of system by inheriting the Kernel security mechanism of Linux, by sandbox, realize the isolation of application code, by authority mechanism, realize the pressure access control to data, but in the face of more and more senior, hidden security threat, there are security breaches in the primary security mechanism of Android, is far from being enough.
Accompanying the universal fast of mobile Internet and mobile intelligent terminal, security issues become increasingly urgent for mobile Internet or mobile intelligent terminal.Due to opening, movability and the programmability of Android, make smart mobile phone more easily be subject to the attack of various malice, as mobile phone corpse virus, wooden horse, worm, mobile Botnet etc.The attack activity of these malice has caused serious infringement to smart phone user, comprises that the system of impact is normally used, privacy of user etc. is deducted fees, stolen to malice, as malice, orders, automatically dials information service center, automatic networking etc., causes user's telephone expenses loss; Utilize wooden horse software control user's mobile terminal, steal account, monitor call, send local information etc.Yet, except above-mentioned traditional threat, Android terminal security is facing unprecedented challenge in recent years, this mainly comes from a organized way, has the extremely long high-risk sustainability for specific objective of specific objective, duration to attack (APT, Advanced Persistent Threat).This class is attacked the various attacks means of utilizing, comprise various state-of-the-art unknown rogue program Means of Intrusions, the development of novel Botnet and social engineering method, even assailant can be for by the attacker of object of attack write specialized, but not uses some general attack codes.Therefore APT attacks and has very high disguise, continuation, thus obtain step by step the authority that enters organization internal, constantly collect various information, until steal vital strategic secrets data, key document, trade secret etc.Mobile intelligent terminal more and more relates to the sensitive informations such as secret of the trade and individual privacy, APT attacks and more may utilize the opening of mobile intelligent terminal to attack national basis facility, give terminal user, communication network, and even national security and social stability make a very bad impression, become and hinder national information network health stumbling-block preventing the development.
Frequently existing in order to tackle Android mobile intelligent terminal Loopholes of OS, cause virus, wooden horse, worm, corpse etc. to be propagated in a large number in terminal; API protection mechanism shortcoming; by Malware/virus, utilized; cause user's tariff safety; privacy of user waits safely terminal device safety problem; on market, also occurred many moneys security protection class software, the security protection product on most of mobile phone is that the security protection thinking of using for reference conventional P C develops.The computing power of smart mobile phone and electric weight resource-constrained, have some security solutions for PC due to needs consumption a large amount of CPU, internal memory and electric weight, therefore also inapplicable on smart mobile phone.The security challenge facing for smart mobile phone, sets up the significant and practical value of intruding detection system towards mobile intelligent terminal.
Summary of the invention
The weak point existing technically for existing Android system security mechanism, the present invention proposes the intruding detection system based on Android cell phone platform of a lightweight, helps user and finds behavioral activity suspicious on mobile phone.
The invention discloses a kind of intruding detection system based on Android platform, its technical scheme that solve the technical problem employing is as follows: should the intruding detection system based on android platform mainly three parts, consist of, i.e. data extraction module, data analysis engine and response processing module; Wherein, described data extraction module is mainly that the subject activity information of Android system mobile phone is carried out to feature extraction, is mainly that the system status information on mobile phone, progress information and network flow data are carried out to pre-service; Described data analysis engine is to utilize detection algorithm to the data analysis that extracts and arrange, and judges whether to exist intrusion behavior or abnormal behaviour; Described response processing module is carried out the corresponding operation of processing according to the analysis result of data analysis engine;
This intruding detection system is monitored in real time by resource service condition, progress information and network traffics to mobile phone, and uses Bayes classifier algorithm to judge that whether system is invaded, completes the detection to the intrusion behavior on mobile phone.
The beneficial effect of the intruding detection system based on Android platform disclosed by the invention is:
Be somebody's turn to do the intruding detection system based on Android platform, monitoring intelligent mobile phone is in normal condition, the information under state under fire constantly, and the information of collecting from Android cell phone system is carried out to feature extraction, as process number of network traffics, electric quantity consumption, CPU usage, operation etc., and use Bayes classifier algorithm to judge whether system exists invasion; In order further to analyze Android system exception and location extremely, in supervisory system state, and to progress information and network traffic information process monitoring; By intruding detection system of the present invention, can effectively detect the abnormal of Android mobile phone.
Accompanying drawing explanation
Accompanying drawing 1 is the system framework of the intruding detection system based on android platform of the present invention;
Accompanying drawing 2 is that Android system state feature is described.
Embodiment
Below by drawings and Examples, the intruding detection system based on android platform of the present invention is described in further details, do not cause limitation of the present invention.
Accompanying drawing 1 is the system framework of the intruding detection system based on android platform of the present invention, as shown in Figure 1, intruding detection system based on android platform of the present invention, is mainly comprised of three parts, i.e. data extraction module, data analysis engine and response processing module.Wherein, data extraction module is mainly carried out feature extraction to the subject activity information of Android system mobile phone, at this, is mainly that the system status information on mobile phone, progress information and network flow data are carried out to pre-service; Data analysis engine utilizes detection algorithm to the data analysis that extracts and arrange, and judges whether to exist intrusion behavior or abnormal behaviour; Response processing module is carried out the corresponding operation of processing according to the analysis result of data analysis engine.
Respectively the data extraction module of the intruding detection system based on android platform of the present invention, data analysis engine and response processing module are elaborated below.
1. data are extracted
Data extraction module is mainly that subject activity record and information on mobile phone are carried out to effective information extraction work.Mobile phone is under normal service condition, and system keeps a metastable state.Once mobile phone viruses invasion or malicious code are attacked, system state can show in various degree abnormal.Such as " following the tracks of The Invisible " mobile phone viruses can send on backstage note and networking, a large amount of rate and flows that consume user, also have some mobile phone corpse viruses can initiate Denial of Service attack, cause communication network information to be stopped up, affect the normal use of user to mobile phone.Therefore, in order to find timely under fire performance abnormal afterwards of mobile phone, the more accurate profile of the descriptive system normal behaviour of image, effectively feature selecting and extract most important.
As can be seen from Figure 1, data extraction module mainly contains three functional modules and forms, i.e. system status monitoring, process monitoring and network flow monitoring.Wherein, the behavioral activity of system status monitoring real-time monitoring system, and the system features data of extraction are offered to data analysis engine, data analysis engine utilizes detection algorithm analysis to judge whether Android system exists extremely, but only finds that it is inadequate extremely that Android system exists.In order further to analyze Android system exception and to locate Malware, also need process monitoring and network flow monitoring assembly to provide more detailed data source for data analysis engine;
Correlation behavior information during the operation of the main extract real-time statistics of 1.1 system status monitoring Android system, if CPU usage, battery power consumption, memory usage, number of processes, inflow network traffics, outflow network traffics, the note quantity of transmission are, the multimedia message quantity of transmission etc.Under normal circumstances, the service condition of these resources all can maintain a metastable state, and once there be malicious act to occur, acute variation can occur the service condition of system resource, and then causes system state to produce fluctuation.Thereby, extremely can the showing by resource service condition of system;
The situation that affects on Android system according to the feature of smart mobile phone and Malware, has constructed a stack features vector herein
the status flag that reflects Android system, each element in vector
represent a status flag of Android system.Android system state feature is described as shown in Figure 2:
Each feature in figure
there is corresponding value, take CPU usage as example, have:
1.2 process monitorings are mainly that all progress informations to moving on mobile phone carry out feature extraction work.Process monitoring not only will record the process number moving, but also to monitor in real time all processes on mobile phone, and extract the details of each process, comprise process number ID, process CPU takies situation, and proceeding internal memory takies situation, the file number that process is opened, the socket number that process is opened, the information such as state of a process;
Become a mandarin out the data traffic of mobile phone of 1.3 network flow monitoring convection current is analyzed and feature extraction.Because user can not effectively identify the credibility of mobile application software, some Malwares can adopt the mode of social engineering to lure user to download and install, and in the unwitting situation of user, cause the consequences such as malice is deducted fees, privacy leakage.Most Malware all will carry out activity by internet, and the normal use of mobile phone and lower network flow situation under attack exist obvious difference, and the network flow data of therefore analyzing mobile phone is necessary.In order to guarantee to obtain objectivity and the accuracy of flow, at bottom kernel spacing, catch the network packet of inflow and outflow mobile phone.After capturing packet, can the network of all foundation be connected and be analyzed, at this, mainly Transmission Control Protocol, udp protocol and ICMP protocol traffic be resolved.For a network, connect, can extract source IP address, object IP address, protocol type (TCP/UDP/ICMP), source port number, destination slogan information.The promoter who simultaneously connects in order to identify each network, therefore network need to be connected with progress information and associates, and identify a network linkage record with the form of seven tuples, the form of seven tuples is: <ID, Name, SrcIp, DstIp, ProType, SrcPort, DstPort>;
Wherein each member is explained as follows in detail:
(1) ID represents process number;
(2) Name represents process name;
(3) SrcIp represents source IP address;
(4) DstIp represents object IP address;
(5) ProType represents protocol type;
(6) SrcPort represents source port number;
(7) DstPort represents destination slogan;
Above-mentioned three assembly independent operatings, and Android system state, process and network traffics are monitored in real time, the data of extracting and arrange are offered to data analysis engine in real time, and data analysis engine is by data analysis and then judge whether to exist intrusion behavior.
2. data analysis engine
Data analysis engine is the nucleus module of intruding detection system.The data analysis that data analysis engine arranges data extraction module.According to extracted data characteristics, adopt Bayes classifier Algorithm Analysis to judge whether Android system exists abnormal behaviour herein.First according to the behavioural characteristic of training sample set, set up the normal behavior profile of Android system, then from extracting data to be tested, go out behavioural characteristic and set up current behavior profile, and itself and normal behavior profile are compared, if surpass set threshold values, think and have abnormal behaviour, produce warning information and transfer to response processing module further to process, otherwise, be considered as normal behaviour;
The principle of classification of Bayes classifier is the prior probability by certain object, utilizes Bayesian formula to calculate its posterior probability, and this object belongs to the probability of a certain class, selects the class with maximum a posteriori probability as the class under this object.Bayes classifier is proved to be very effective in a lot of practical applications, comprises text classification, medical diagnosis and system action management [10,11,12].Naive Bayesian probability estimate conditional probability distribution P (C|X), wherein, C representation class variable, X represents data to be sorted.In this article, the value of class is the classification of behavior, and testing data is the behavior that needs test, thereby mates this probability model.Wherein
characteristic of division value:
According to known features, select the class with maximum a posteriori probability as the class under this object, normal or abnormal:
Embodiment:
In intruding detection system based on android platform of the present invention, use Naive Bayes Classifier algorithm to carry out behavioural analysis, this algorithm is divided into two stages of training and testing:
In the training stage, first to construct a training sample set pair Bayes classifier algorithm and train, generate a Bayes classifier algorithm training; At test phase, test set is directed in Bayes classifier algorithm, thereby draws the result of judgement.
In this intruding detection system, the object of detection is to judge whether Android system exists extremely, so class variable C has two kinds of values, i.e. and c1=" normally " and c2=" extremely ".The concrete steps of the algorithm of Naive Bayes Classifier described in the present invention are as follows:
(1) extract proper vector: monitor in real time the running status si of Android system, Automatic Extraction
proper vector
,
, proper vector
value by 10 features forms;
(2) mark candidate samples: for each
mark its classification results
, each sample is comprised of feature value vector and class variable, can be expressed as two tuples
;
(3) structure training sample set: randomly draw and attack sample and normal sample, mix composing training sample set according to the ratio of 1:H
,
;
(4) calculate prior probability: by calculating the prior probability that can obtain concentrating at training sample each classification
, and the conditional probability of each characteristic attribute to each classification
;
(5) given test data, extracts feature value vector
;
(6) prior probability obtaining according to training calculates posterior probability
;
(7) compare two posterior probability, the affiliated classification that the maximal value of the value of gained is x after calculating, draws result of determination.That is:
。
By above-mentioned algorithm, can find the Android system exception being caused by Malware, but in order further to analyze and to cause abnormal reason, also need the data of Android system exception and process monitoring and network flow monitoring to associate analysis, and then accurately navigate to Malware.In summary, by testing the present invention is based on the intruding detection system of android platform, experimental result shows that intruding detection system of the present invention can detect the abnormal of Android mobile phone effectively.
The foregoing is only embodiments of the invention, within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (7)
1. the intruding detection system based on Android platform, is characterized in that, should the intruding detection system based on android platform mainly three parts, consist of, i.e. data extraction module, data analysis engine and response processing module; Wherein, described data extraction module is mainly that the subject activity information of Android system mobile phone is carried out to feature extraction, is mainly that the system status information on mobile phone, progress information and network flow data are carried out to pre-service; Described data analysis engine is to utilize detection algorithm to the data analysis that extracts and arrange, and judges whether to exist intrusion behavior or abnormal behaviour; Described response processing module is carried out the corresponding operation of processing according to the analysis result of data analysis engine;
Should the intruding detection system based on Android platform monitor in real time by resource service condition, progress information and network traffics to mobile phone, and use detection algorithm to judge that whether system is invaded, complete the detection to the intrusion behavior on mobile phone.
2. the intruding detection system based on Android platform according to claim 1, it is characterized in that, described data extraction module mainly contains three functional modules and forms, be system status monitoring, process monitoring and network flow monitoring, these three functional module independent operatings, and Android system state, process and network traffics are monitored in real time, the data of extracting and arrange are offered to data analysis engine in real time;
Wherein, the behavioral activity of described system status monitoring real-time monitoring system, and the system features data of extraction are offered to data analysis engine;
Described process monitoring is mainly that all progress informations to moving on mobile phone carry out feature extraction work, the process number that record is moving, and monitor in real time all processes, and extract the details of each process, and comprising process number ID, process CPU takies situation, proceeding internal memory takies situation, the file number that process is opened, the socket number that process is opened, state of a process information;
Described network flow monitoring is that become a mandarin out the data traffic of mobile phone of convection current is analyzed and feature extraction.
3. the intruding detection system based on Android platform according to claim 2, it is characterized in that, described process monitoring need to associate the progress information moving on each network connection and mobile phone, and identifies a network linkage record with the form of seven tuples, and the form of seven tuples is:
<ID, Name, SrcIp, DstIp, ProType, SrcPort, DstPort>; Wherein
(1) ID represents process number;
(2) Name represents process name;
(3) SrcIp represents source IP address;
(4) DstIp represents object IP address;
(5) ProType represents protocol type;
(6) SrcPort represents source port number;
(7) DstPort represents destination slogan.
4. the intruding detection system based on Android platform according to claim 1, it is characterized in that, described data analysis engine is the nucleus module of this intruding detection system, the data analysis that data analysis engine arranges data extraction module, and according to extracted data characteristics, adopt Bayes classifier Algorithm Analysis to judge whether Android system exists abnormal behaviour.
5. the intruding detection system based on Android platform according to claim 4, is characterized in that, described data analysis engine adopts Naive Bayes Classifier Algorithm Analysis to judge whether Android system exists abnormal behaviour; In naive Bayesian probability estimate conditional probability distribution P (C|X), C representation class variable, X represents data to be sorted, in this intruding detection system, class variable C has two kinds of values, i.e. c1=" normally " and c2=" extremely ";
Use the concrete steps of described Naive Bayes Classifier algorithm to be:
(1) extract proper vector: monitor in real time the running status si of Android system, Automatic Extraction
proper vector
,
, proper vector
value by 10 features forms;
(2) mark candidate samples: for each
mark its classification results
, each sample is comprised of feature value vector and class variable, can be expressed as two tuples
;
(3) structure training sample set: randomly draw and attack sample and normal sample, mix composing training sample set according to the ratio of 1:H
,
;
(4) calculate prior probability: by calculating the prior probability that can obtain concentrating at training sample each classification
, and the conditional probability of each characteristic attribute to each classification
;
(5) given test data, extracts feature value vector
;
(6) prior probability obtaining according to training calculates posterior probability
;
(7) compare two posterior probability, the affiliated classification that the maximal value of the value of gained is x after calculating, that is:
, draw result of determination.
6. the intruding detection system based on Android platform according to claim 4, it is characterized in that, described data analysis engine is first according to the behavioural characteristic of training sample set, set up the normal behavior profile of Android system, then from extracting data to be tested, go out behavioural characteristic and set up current behavior profile, and itself and normal behavior profile are compared, if surpass set threshold values, think that system exists abnormal behaviour, produce warning information and transfer to response processing module further to process; Otherwise, be considered as system normal behaviour.
7. the intruding detection system based on Android platform according to claim 4, is characterized in that,
This intruding detection system can be found the Android system exception being caused by Malware by Bayes classifier algorithm; The data of Android system exception and process monitoring, network flow monitoring are associated to analysis, can accurately navigate to the Malware leading to system abnormity.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410180420.2A CN104008332A (en) | 2014-04-30 | 2014-04-30 | Intrusion detection system based on Android platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410180420.2A CN104008332A (en) | 2014-04-30 | 2014-04-30 | Intrusion detection system based on Android platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104008332A true CN104008332A (en) | 2014-08-27 |
Family
ID=51368982
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410180420.2A Pending CN104008332A (en) | 2014-04-30 | 2014-04-30 | Intrusion detection system based on Android platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104008332A (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104378353A (en) * | 2014-10-16 | 2015-02-25 | 江苏博智软件科技有限公司 | Internet of things information security method based on Bayesian clustering |
CN105629947A (en) * | 2015-11-30 | 2016-06-01 | 东莞酷派软件技术有限公司 | Household equipment monitoring method, household equipment monitoring device and terminal |
CN105681286A (en) * | 2015-12-31 | 2016-06-15 | 中电长城网际系统应用有限公司 | Association analysis method and association analysis system |
CN106022129A (en) * | 2016-05-17 | 2016-10-12 | 北京江民新科技术有限公司 | File data characteristic extraction method and device and virus characteristic detection system |
CN106203098A (en) * | 2016-07-14 | 2016-12-07 | 中国科学院信息工程研究所 | Application layer eavesdropping means of defence and device |
WO2017016231A1 (en) * | 2015-07-27 | 2017-02-02 | 深圳市中兴微电子技术有限公司 | Policy management method, system and computer storage medium |
CN107196930A (en) * | 2017-05-12 | 2017-09-22 | 苏州优圣美智能系统有限公司 | Method, system and the mobile terminal of computer network abnormality detection |
CN107888590A (en) * | 2017-11-10 | 2018-04-06 | 中孚信息股份有限公司 | A kind of detection method of the unknown wooden horse based on GPU and Bayesian Network Inference |
CN108898418A (en) * | 2018-05-31 | 2018-11-27 | 康键信息技术(深圳)有限公司 | User account detection method, device, computer equipment and storage medium |
WO2019210484A1 (en) * | 2018-05-03 | 2019-11-07 | Siemens Aktiengesellschaft | Analysis device, method and system for operational technology system and storage medium |
CN110737891A (en) * | 2018-07-19 | 2020-01-31 | 北京京东金融科技控股有限公司 | host intrusion detection method and device |
CN111651754A (en) * | 2020-04-13 | 2020-09-11 | 北京奇艺世纪科技有限公司 | Intrusion detection method and device, storage medium and electronic device |
CN112114878A (en) * | 2019-06-21 | 2020-12-22 | 宏碁股份有限公司 | Accelerated startup system and accelerated startup method |
CN114285619A (en) * | 2021-12-20 | 2022-04-05 | 北京安天网络安全技术有限公司 | Network information display method and device and electronic equipment |
CN114285621A (en) * | 2021-12-20 | 2022-04-05 | 北京安天网络安全技术有限公司 | Network threat monitoring method and device and electronic equipment |
CN114285620A (en) * | 2021-12-20 | 2022-04-05 | 北京安天网络安全技术有限公司 | Network threat monitoring method and device and electronic equipment |
CN114866296A (en) * | 2022-04-20 | 2022-08-05 | 武汉大学 | Intrusion detection method, device, equipment and readable storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005057382A1 (en) * | 2003-12-15 | 2005-06-23 | Abb Research Ltd | Network security system |
CN102209326A (en) * | 2011-05-20 | 2011-10-05 | 北京中研瑞丰信息技术研究所(有限合伙) | Malicious behavior detection method and system based on smartphone radio interface layer |
-
2014
- 2014-04-30 CN CN201410180420.2A patent/CN104008332A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005057382A1 (en) * | 2003-12-15 | 2005-06-23 | Abb Research Ltd | Network security system |
CN102209326A (en) * | 2011-05-20 | 2011-10-05 | 北京中研瑞丰信息技术研究所(有限合伙) | Malicious behavior detection method and system based on smartphone radio interface layer |
Non-Patent Citations (3)
Title |
---|
ASAFSHABTAI等: ""Andromaly":abehavioralmalwaredetection", 《JOURNAL OF INTELLIGENT INFORMATION SYSTEM》 * |
周忠军等: "Android智能手机入侵检测系统设计", 《科技资讯》 * |
田源: "基于异常的Android手机系统入侵检测研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104378353A (en) * | 2014-10-16 | 2015-02-25 | 江苏博智软件科技有限公司 | Internet of things information security method based on Bayesian clustering |
WO2017016231A1 (en) * | 2015-07-27 | 2017-02-02 | 深圳市中兴微电子技术有限公司 | Policy management method, system and computer storage medium |
CN105629947B (en) * | 2015-11-30 | 2019-02-01 | 东莞酷派软件技术有限公司 | Home equipment monitoring method, home equipment monitoring device and terminal |
CN105629947A (en) * | 2015-11-30 | 2016-06-01 | 东莞酷派软件技术有限公司 | Household equipment monitoring method, household equipment monitoring device and terminal |
CN105681286A (en) * | 2015-12-31 | 2016-06-15 | 中电长城网际系统应用有限公司 | Association analysis method and association analysis system |
CN106022129A (en) * | 2016-05-17 | 2016-10-12 | 北京江民新科技术有限公司 | File data characteristic extraction method and device and virus characteristic detection system |
CN106022129B (en) * | 2016-05-17 | 2019-02-15 | 北京江民新科技术有限公司 | Data characteristics extracting method, device and the virus characteristic detection system of file |
CN106203098A (en) * | 2016-07-14 | 2016-12-07 | 中国科学院信息工程研究所 | Application layer eavesdropping means of defence and device |
CN107196930B (en) * | 2017-05-12 | 2019-11-29 | 苏州优圣美智能系统有限公司 | The method of computer network abnormality detection |
CN107196930A (en) * | 2017-05-12 | 2017-09-22 | 苏州优圣美智能系统有限公司 | Method, system and the mobile terminal of computer network abnormality detection |
CN107888590A (en) * | 2017-11-10 | 2018-04-06 | 中孚信息股份有限公司 | A kind of detection method of the unknown wooden horse based on GPU and Bayesian Network Inference |
CN107888590B (en) * | 2017-11-10 | 2020-08-28 | 中孚信息股份有限公司 | Unknown Trojan horse detection method based on GPU and Bayesian network inference |
WO2019210484A1 (en) * | 2018-05-03 | 2019-11-07 | Siemens Aktiengesellschaft | Analysis device, method and system for operational technology system and storage medium |
US12081567B2 (en) | 2018-05-03 | 2024-09-03 | Siemens Aktiengesellschaft | Analysis device, method and system for operational technology system and storage medium |
CN112074834A (en) * | 2018-05-03 | 2020-12-11 | 西门子股份公司 | Analysis device, method, system and storage medium for operating a technical system |
CN108898418A (en) * | 2018-05-31 | 2018-11-27 | 康键信息技术(深圳)有限公司 | User account detection method, device, computer equipment and storage medium |
CN110737891A (en) * | 2018-07-19 | 2020-01-31 | 北京京东金融科技控股有限公司 | host intrusion detection method and device |
CN112114878A (en) * | 2019-06-21 | 2020-12-22 | 宏碁股份有限公司 | Accelerated startup system and accelerated startup method |
CN112114878B (en) * | 2019-06-21 | 2024-03-12 | 宏碁股份有限公司 | Acceleration starting-up system and acceleration starting-up method |
CN111651754B (en) * | 2020-04-13 | 2024-06-14 | 北京奇艺世纪科技有限公司 | Intrusion detection method and device, storage medium and electronic device |
CN111651754A (en) * | 2020-04-13 | 2020-09-11 | 北京奇艺世纪科技有限公司 | Intrusion detection method and device, storage medium and electronic device |
CN114285619A (en) * | 2021-12-20 | 2022-04-05 | 北京安天网络安全技术有限公司 | Network information display method and device and electronic equipment |
CN114285621A (en) * | 2021-12-20 | 2022-04-05 | 北京安天网络安全技术有限公司 | Network threat monitoring method and device and electronic equipment |
CN114285620A (en) * | 2021-12-20 | 2022-04-05 | 北京安天网络安全技术有限公司 | Network threat monitoring method and device and electronic equipment |
CN114866296A (en) * | 2022-04-20 | 2022-08-05 | 武汉大学 | Intrusion detection method, device, equipment and readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104008332A (en) | Intrusion detection system based on Android platform | |
Shabtai et al. | Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method | |
CN101803337B (en) | Intrusion detection method and system | |
US20190222601A1 (en) | Network anomaly detection and profiling | |
Ramprakash et al. | Host-based intrusion detection system using sequence of system calls | |
Mok et al. | Random effects logistic regression model for anomaly detection | |
Asif et al. | Network intrusion detection and its strategic importance | |
Hussein et al. | Evaluation effectiveness of hybrid IDs using snort with naive Bayes to detect attacks | |
Bai et al. | Rdp-based lateral movement detection using machine learning | |
Shang et al. | Discovering unknown advanced persistent threat using shared features mined by neural networks | |
Jasiul et al. | Identification of malware activities with rules | |
Wang et al. | Droidchain: A novel malware detection method for android based on behavior chain | |
Qadri et al. | A Review of Significance of Energy-Consumption Anomaly in Malware Detection in Mobile Devices. | |
CN117749426A (en) | Abnormal flow detection method based on graph neural network | |
Yuan et al. | Research of intrusion detection system on android | |
Iorliam | Cybersecurity in Nigeria: A Case Study of Surveillance and Prevention of Digital Crime | |
Kim et al. | A study on a cyber threat intelligence analysis (CTI) platform for the proactive detection of cyber attacks based on automated analysis | |
Sharma et al. | Detection of threats in Honeynet using Honeywall | |
Kosamkar et al. | Data Mining Algorithms for Intrusion Detection System: An Overview | |
Bhuyan et al. | Alert management and anomaly prevention techniques | |
Maslan et al. | DDoS detection on network protocol using cosine similarity and N-Gram+ Method | |
Yang et al. | A distributed denial of service attack sources detection technology for cloud computing | |
Hou et al. | Implementation of an IP management and risk assessment system based on PageRank | |
Abbas et al. | Hierarchical Framework for Runtime Intrusion Detection in Embedded Systems | |
Deraman et al. | Public domain datasets for optimizing network intrusion and machine learning approaches |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140827 |