CN104809397A - Android malicious software detection method and system based on dynamic monitoring - Google Patents
Android malicious software detection method and system based on dynamic monitoring Download PDFInfo
- Publication number
- CN104809397A CN104809397A CN201510240338.9A CN201510240338A CN104809397A CN 104809397 A CN104809397 A CN 104809397A CN 201510240338 A CN201510240338 A CN 201510240338A CN 104809397 A CN104809397 A CN 104809397A
- Authority
- CN
- China
- Prior art keywords
- behavior
- application
- module
- function address
- dynamic monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides an Android malicious software detection method and system based on dynamic monitoring. The method comprises the following steps: S1, establishing a rule library of various information of a mobile terminal; S2, after a target function address is looked up, replacing the target function address with a function address comprising monitoring codes; S3, when an application of the mobile terminal is started, monitoring the behavior of the application; S4, judging whether or not the behavior of the application is a sensitive behavior executed by Android malicious software. According to the Android malicious software detection method and system based on dynamic monitoring, the aim of effectively monitoring malicious software is fulfilled by simulating running of third-party application software, monitoring sensitive data streams and analyzing sensitive data leakage of application software and making a safety alarm when the sensitive data is tampered.
Description
Technical field
The present invention relates to a kind of detection method of Malware, particularly relate to a kind of detection method and system of the Android malware based on dynamic monitoring.
Background technology
Android is a kind of mobile device operation system of increasing income based on Linux, main with what smart mobile phone and panel computer, but its platform open characteristics makes Android malware One's name is legion, becomes the severely afflicated area of mobile terminal safety.On the one hand, cell phone manufacturer can revise flexibly and customize the mobile phone operating system for Own Brand, and the process done security of system between different vendor is internally inconsistent, Malware is had chance; On the other hand, its opening also makes the number of research Android malware increase, and has even expedited the emergence of the developer of some Malwares.
Along with smart mobile phone, panel computer universal, the malicious code for mobile phone also occurs successively, and presents explosive growth.Malware is mainly game class or tool-class software, as the popular softwares such as temple escape, flight inquiring were all once pretended or revised.Generally, the harm of Malware comprises: privacy is stolen, Long-distance Control, virus propagations, system destruction, trick swindle, maliciously to deduct fees and indecent behavior etc.
But the behavior monitoring that in prior art, Android platform does not have an application programs provides strong analysis tool.Refuse some and utilization rate, the reduction power consumption that backstage can reduce mobile phone CPU and internal memory is resided to user's software unnecessary, helpful to lifting Consumer's Experience.Therefore, the significant research of item is become to the monitoring of Malware and interception.
In prior art, typical malware detection techniques comprises the detection method based on signature behavior, but could detect such Malware after must having the signature storehouse of a class Malware, therefore effectively cannot detect unknown malicious application.
The Malicious Code Detection of Behavior-based control mainly adopts dynamic and static state two kinds of methods at present.Static method mainly uses dis-assembling inverse compiling technique or carry out control flow check and data stream analysis techniques on the code of middle layer, carries out Malicious Code Detection.The advantage of the method is that code coverage is high; Shortcoming detection of code to obscure, at encryption and malicious code of could decoding in Dynamic Execution.Dynamic approach by limits application operationally addressable system resource, beat again bag application program, amendment application program entry, thus reaches the object of monitoring application program.But amendment application program must application programs be signed again, destroys the integrality of application program.
In sum, there is following problem in existing malware detection scheme:
(1) safety coefficient of security model is not high
Whether current static detection method mainly extracts the security feature information such as request permissions from the Manifest file of application program, then matched with security feature by the behavior of data-flow analysis application software.But, just cannot detect once Malware walks around authority application.
Also have researcher to propose some Android security models, one of them important model is the security model based on license.According to this model, each application software has different device resource user demands, is agreed to or refuse mounting software by cellphone subscriber.Even if but user receives warning message before the strange software of installation, the Malware on mobile phone is propagated still rapid.This is because Malware part adopts the mode of user cheating usually, make user believe the reliability of its all application, and install on mobile phone.
Also have a kind of way to be extract author information and the code command of official and third-party application respectively, calculate their cryptographic hash, determine whether Malware by the similarity comparing them.But, once official or third-party application cannot be distinguished, then cannot effectively judge.
(2) performance analysis error is large
When carrying out performance analysis, need user first manually to run official's application of some Malware samples and correspondence, utilize mean algorithm the data of collection to be divided into conventional and malice two groups, using the feature database as application program.But in the method, find Malware sample and the application of a corresponding official inherently very difficult thing.
In addition, some malice samples can also be utilized, the name of its calling system function and parameter extraction are out set up a rule base, then operationally collect the recalls information of application software, by with rule base compare whether detect be unknown malice sample.But the shortcoming of the method is that testing result is accurate not, and error is larger.
Summary of the invention
The shortcoming of prior art in view of the above, the object of the present invention is to provide a kind of detection method and system of the Android malware based on dynamic monitoring, by dry run third-party application software, monitor that the sensitive data of sensitive traffic, application software for XRF analysis is revealed, and send safety alarm when sensitive data is tampered, thus reach the object of effective monitoring Malware.
For achieving the above object and other relevant objects, the detection method that the invention provides a kind of Android malware based on dynamic monitoring comprises the following steps: step S1, set up the rule base of the various information of mobile terminal; Step S2, find objective function address after, replace objective function address be the function address comprising monitor code; Step S3, when the application start of mobile terminal, to application behavior monitor; Step S4, judge that whether the behavior of applying is the responsive behavior performed by Android malware.
According to the detection method of the above-mentioned Android malware based on dynamic monitoring, wherein: described step S1 comprises:
1) information of each mobile terminal is collected;
2) for the information of each type, rule base is set up as sample.
According to the detection method of the above-mentioned Android malware based on dynamic monitoring, wherein: in described step S2, after finding objective function address by ELF document analysis, be the function address comprising monitor code by embedding monitor code replacement objective function address.
According to the detection method of the above-mentioned Android malware based on dynamic monitoring, wherein: in described step S3, when the behavior of application is monitored, if allow the services request of application to pass through, then record is carried out to the behavior; If the services request of refusal application, then stop the services request applied.
According to the detection method of the above-mentioned Android malware based on dynamic monitoring, wherein: in described step S4, described responsive behavior refers to the behavior obtaining sensitive data; Described sensitive data comprises the individual privacy data of user, comprises geographic position, SMS, cell phone address book, cellphone information and personal data.
Meanwhile, the present invention also provides a kind of detection system of the Android malware based on dynamic monitoring, comprises rule base and sets up module, address replacement module, behavior monitoring module and behavior judge module;
Described rule base sets up module for setting up the rule base of the various information of mobile terminal;
Described address replacement module is used for after finding objective function address, and replacing objective function address is the function address comprising monitor code;
Described behavior monitoring module is used for monitoring the behavior of application when the application start of mobile terminal;
Described behavior judge module is for judging that whether the behavior of applying is the responsive behavior performed by Android malware.
According to the detection system of the above-mentioned Android malware based on dynamic monitoring, wherein: described rule base is set up module and comprised information collection module and Sample Establishing module; Described information collection module is for collecting the information of each mobile terminal; Described Sample Establishing module is used for the information for each type, sets up rule base as sample.
According to the detection system of the above-mentioned Android malware based on dynamic monitoring, wherein: after described address replacement module finds objective function address by ELF document analysis, replacing objective function address by embedding monitor code is the function address comprising monitor code.
According to the detection system of the above-mentioned Android malware based on dynamic monitoring, wherein: when the behavior of described behavior monitoring module to application is monitored, if allow the services request of application to pass through, then record is carried out to the behavior; If the services request of refusal application, then stop the services request applied.
According to the detection system of the above-mentioned Android malware based on dynamic monitoring, wherein: described responsive behavior refers to the behavior obtaining sensitive data; Described sensitive data comprises the individual privacy data of user, comprises geographic position, SMS, cell phone address book, cellphone information and personal data.
As mentioned above, the detection method of the Android malware based on dynamic monitoring of the present invention and system, have following beneficial effect:
(1) based on dynamic analysis technology, the behavior of application software is monitored, utilize Dynamic injection internal memory, objective function is replaced, realize the detection to malicious act and intercept process, thus realize the monitoring to Malware behavior;
(2) according to the access track of the responsive behavior of application software and file object, generate monitoring daily record and examining report in real time, make to detect more flexibly and convenient.
Accompanying drawing explanation
Fig. 1 is shown as the process flow diagram of the detection method of the Android malware based on dynamic monitoring of the present invention;
Fig. 2 is shown as the general frame figure of the detection system of the Android malware based on dynamic monitoring of the present invention;
Fig. 3 is shown as the structural representation of the detection system of the Android malware based on dynamic monitoring of the present invention.
Element numbers explanation
1 rule base sets up module
2 address replacement module
3 behavior monitoring modules
4 behavior judge modules
Embodiment
Below by way of specific instantiation, embodiments of the present invention are described, those skilled in the art the content disclosed by this instructions can understand other advantages of the present invention and effect easily.The present invention can also be implemented or be applied by embodiments different in addition, and the every details in this instructions also can based on different viewpoints and application, carries out various modification or change not deviating under spirit of the present invention.
It should be noted that, the diagram provided in the present embodiment only illustrates basic conception of the present invention in a schematic way, then only the assembly relevant with the present invention is shown in graphic but not component count, shape and size when implementing according to reality is drawn, it is actual when implementing, and the kenel of each assembly, quantity and ratio can be a kind of change arbitrarily, and its assembly layout kenel also may be more complicated.
With reference to Fig. 1, the detection method of the Android malware based on dynamic monitoring of the present invention comprises the following steps:
Step S1, set up the rule base of the various information of mobile terminal.
Wherein, rule base is arranged on the Native layer of android system.It should be noted that, mobile terminal involved in the present invention comprises and is not limited to smart mobile phone, panel computer, PDA, and other have the handheld device of data processing function.Usually, mobile terminal refers to have independently operating system, can by user's program of providing of the third party service provider such as mounting software, game voluntarily, constantly the function of terminal is expanded by this class method, and such class mobile terminal of wireless network access can be realized by mobile communication network.
When mobile terminal there being application program launching background service, android system can produce monitoring and reminding to ccf layer, and then reports user.User just can browse in this mobile terminal the specifying information having which application and respective application, as the authority of use, the utilization rate etc. of CPU of application.
Particularly, comprise the following steps:
1) information of each mobile terminal is collected, as user geographic position, address list, note, user account etc.;
2) for the information of each type, rule base is set up as sample.
Preferably, rule base adopts C language to realize.
Step S2, find objective function address after, replace objective function address be the function address comprising monitor code.
Particularly, the c program comprising monitor code is compiled into chained library file or file destination (ELF form), by the assembly code of amendment Android Native layer, the chained library of generation is added to program to perform in the parameter of instruction, so just can perform amended objective function; After recompility, link, the objective function address in ELF file will be replaced by the function address comprising monitor code.
Step S3, when the application start of mobile terminal, to application behavior monitor.
Particularly, in whole monitoring flow process, first application initiates services request, and android system process transfer is by the system function of hook, and the process function of namely asking, monitor code will be performed.Monitor code searches corresponding strategy by the uid of this application and the service of application in rule base.If allow this services request to pass through, then call by the system function of hook, continue this application to the request of service with call, and feed back to the interactive interface of supervisory system, record is carried out to the behavior; If refuse this services request, then stop the services request applied.
It should be noted that, in android system, acquiescence allows all services.
Step S4, judge that whether the behavior of applying is the responsive behavior performed by Android malware.
Sensitive data refers to the individual privacy data of user, comprises geographic position, SMS, cell phone address book, cellphone information and personal data etc.Responsive behavior refers to the behavior obtaining sensitive data.
The authority of application application is added in global listings when mounted, operationally carries out scope check.Only when meeting authority, just can call corresponding system function.And these system functions normally in the form of services, perform the service of client-requested or return the result that client wants.
If it is determined that attempt the responsive behavior obtaining sensitive data, then can remind Android user with forms such as voice, vibrations, warnings, this is applied as the software of malice, and advises that user refuses to install, upgrade this application; Otherwise, enter normal installation procedure.
Responsive behavior monitoring is the Core Feature of dynamic monitoring system, and by injecting the monitor code part of target process, and the user interactive module of application program one end, Java side, database, statistical graph, background service module etc. realize.See Fig. 3, the service of ccf layer is resided backstage and is performed, and Sum fanction storehouse is mutual, verifies according to the information that rule base is included, and rule base adopts C exploitation, can direct control Android physical layer interface, and efficiency is higher; Meanwhile, service layer can with contact bed instant messaging, whether moment monitoring exists obtains sensitive data, steal the privacy informations such as individual account, and regular testing result being saved in database, or Dynamic Announce on interface in graphical form.
According to Fig. 2 and Fig. 3, the detection system of the Android malware based on dynamic monitoring of the present invention comprises rule base and sets up module 1, address replacement module 2, behavior monitoring module 3 and behavior judge module 4.
Rule base sets up module 1 for setting up the rule base of the various information of mobile terminal.
Wherein, rule base is arranged on the Native layer of android system.It should be noted that, mobile terminal involved in the present invention comprises and is not limited to smart mobile phone, panel computer, PDA, and other have the handheld device of data processing function.Usually, mobile terminal refers to have independently operating system, can by user's program of providing of the third party service provider such as mounting software, game voluntarily, constantly the function of terminal is expanded by this class method, and such class mobile terminal of wireless network access can be realized by mobile communication network.
When mobile terminal there being application program launching background service, android system can produce monitoring and reminding to ccf layer, and then reports user.User just can browse in this mobile terminal the specifying information having which application and respective application, as the authority of use, the utilization rate etc. of CPU of application.
Particularly, rule base is set up module 1 and is comprised information collection module and Sample Establishing module.
Wherein, information collection module for collecting the information of each mobile terminal, as user geographic position, address list, note, user account etc.; Sample Establishing module is used for the information for each type, sets up rule base as sample.
Preferably, rule base adopts C language to realize.
Address replacement module 2 is for after finding objective function address, and replacing objective function address is the function address comprising monitor code.
Particularly, after finding objective function address by ELF document analysis, be the function address comprising monitor code by embedding monitor code replacement objective function address.
Behavior monitoring module 3 is for monitoring the behavior of application when the application start of mobile terminal.
Particularly, in whole monitoring flow process, first application initiates services request, and android system process transfer is by the system function of hook, and the process function of namely asking, monitor code will be performed.Monitor code searches corresponding strategy by the uid of this application and the service of application in rule base.If allow this services request to pass through, then call by the system function of hook, continue this application to the request of service with call, and feed back to the interactive interface of supervisory system, record is carried out to the behavior; If refuse this services request, then stop the services request applied.It should be noted that, in android system, acquiescence allows all services.
Behavior judge module 4 is for judging that whether the behavior of applying is the responsive behavior performed by Android malware.
Sensitive data refers to the individual privacy data of user, comprises geographic position, SMS, cell phone address book, cellphone information and personal data etc.Responsive behavior refers to the behavior obtaining sensitive data.
The authority of application application is added in global listings when mounted, operationally carries out scope check.Only when meeting authority, just can call corresponding system function.And these system functions normally in the form of services, perform the service of client-requested or return the result that client wants.
Responsive behavior monitoring is the Core Feature of dynamic monitoring system, and by injecting the monitor code part of target process, and the user interactive module of application program one end, Java side, database, statistical graph, background service module etc. realize.
In sum, the detection method of the Android malware based on dynamic monitoring of the present invention and system are based on dynamic analysis technology, the behavior of application software is monitored, utilize Dynamic injection internal memory, objective function is replaced, realize the detection to malicious act and intercept process, thus realize the monitoring to Malware behavior; According to the access track of the responsive behavior of application software and file object, generate monitoring daily record and examining report in real time, make to detect more flexibly and convenient.So the present invention effectively overcomes various shortcoming of the prior art and tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not for limiting the present invention.Any person skilled in the art scholar all without prejudice under spirit of the present invention and category, can modify above-described embodiment or changes.Therefore, such as have in art usually know the knowledgeable do not depart from complete under disclosed spirit and technological thought all equivalence modify or change, must be contained by claim of the present invention.
Claims (10)
1. based on a detection method for the Android malware of dynamic monitoring, it is characterized in that: comprise the following steps:
Step S1, set up the rule base of the various information of mobile terminal;
Step S2, find objective function address after, replace objective function address be the function address comprising monitor code;
Step S3, when the application start of mobile terminal, to application behavior monitor;
Step S4, judge that whether the behavior of applying is the responsive behavior performed by Android malware.
2. the detection method of the Android malware based on dynamic monitoring according to claim 1, is characterized in that: described step S1 comprises:
1) information of each mobile terminal is collected;
2) for the information of each type, rule base is set up as sample.
3. the detection method of the Android malware based on dynamic monitoring according to claim 1, it is characterized in that: in described step S2, after finding objective function address by ELF document analysis, be the function address comprising monitor code by embedding monitor code replacement objective function address.
4. the detection method of the Android malware based on dynamic monitoring according to claim 1, is characterized in that: in described step S3, when monitoring the behavior of application, if allow the services request of application to pass through, then carries out record to the behavior; If the services request of refusal application, then stop the services request applied.
5. the detection method of the Android malware based on dynamic monitoring according to claim 1, is characterized in that: in described step S4, and described responsive behavior comprises the behavior obtaining sensitive data; Described sensitive data comprises the individual privacy data of user, comprises geographic position, SMS, cell phone address book, cellphone information and personal data.
6. based on a detection system for the Android malware of dynamic monitoring, it is characterized in that: comprise rule base and set up module, address replacement module, behavior monitoring module and behavior judge module;
Described rule base sets up module for setting up the rule base of the various information of mobile terminal;
Described address replacement module is used for after finding objective function address, and replacing objective function address is the function address comprising monitor code;
Described behavior monitoring module is used for monitoring the behavior of application when the application start of mobile terminal;
Described behavior judge module is for judging that whether the behavior of applying is the responsive behavior performed by Android malware.
7. the detection system of the Android malware based on dynamic monitoring according to claim 6, is characterized in that: described rule base is set up module and comprised information collection module and Sample Establishing module; Described information collection module is for collecting the information of each mobile terminal; Described Sample Establishing module is used for the information for each type, sets up rule base as sample.
8. the detection system of the Android malware based on dynamic monitoring according to claim 6, it is characterized in that: after described address replacement module finds objective function address by ELF document analysis, is the function address comprising monitor code by embedding monitor code replacement objective function address.
9. the detection system of the Android malware based on dynamic monitoring according to claim 6, is characterized in that: when the behavior of described behavior monitoring module to application is monitored, if allow the services request of application to pass through, then carries out record to the behavior; If the services request of refusal application, then stop the services request applied.
10. the detection system of the Android malware based on dynamic monitoring according to claim 6, is characterized in that: described responsive behavior comprises the behavior obtaining sensitive data; Described sensitive data comprises the individual privacy data of user, comprises geographic position, SMS, cell phone address book, cellphone information and personal data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510240338.9A CN104809397A (en) | 2015-05-12 | 2015-05-12 | Android malicious software detection method and system based on dynamic monitoring |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510240338.9A CN104809397A (en) | 2015-05-12 | 2015-05-12 | Android malicious software detection method and system based on dynamic monitoring |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104809397A true CN104809397A (en) | 2015-07-29 |
Family
ID=53694210
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510240338.9A Pending CN104809397A (en) | 2015-05-12 | 2015-05-12 | Android malicious software detection method and system based on dynamic monitoring |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104809397A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105635459A (en) * | 2015-12-29 | 2016-06-01 | 努比亚技术有限公司 | Information transmission method and mobile terminal |
| CN106557693A (en) * | 2016-05-09 | 2017-04-05 | 哈尔滨安天科技股份有限公司 | A kind of malice Hook behavioral value method and system |
| CN106845234A (en) * | 2017-01-05 | 2017-06-13 | 中国电子科技网络信息安全有限公司 | A kind of Android malware detection method based on the monitoring of function flow key point |
| CN107291586A (en) * | 2016-04-01 | 2017-10-24 | 腾讯科技(深圳)有限公司 | The analysis method and device of a kind of application program |
| CN108399084A (en) * | 2017-02-08 | 2018-08-14 | 中科创达软件股份有限公司 | A kind of operation method and system of application program |
| CN108509795A (en) * | 2018-04-25 | 2018-09-07 | 厦门安胜网络科技有限公司 | A kind of method, apparatus and storage medium of monitoring ELF file calling system functions |
| CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
| CN111404890A (en) * | 2020-03-05 | 2020-07-10 | 北京字节跳动网络技术有限公司 | Flow data detection method, system, storage medium and electronic device |
| CN112084494A (en) * | 2020-09-21 | 2020-12-15 | 百度在线网络技术(北京)有限公司 | Sensitive information detection method, device, equipment and storage medium |
| CN112287341A (en) * | 2020-09-22 | 2021-01-29 | 哈尔滨安天科技集团股份有限公司 | Android malicious application detection method and device, electronic equipment and storage medium |
| CN112464232A (en) * | 2020-11-21 | 2021-03-09 | 西北工业大学 | Android system malicious software detection method based on mixed feature combination classification |
| CN112799914A (en) * | 2021-01-28 | 2021-05-14 | 南湖实验室 | Method and system for dynamically supervising codes and data in computer operation in full time |
| CN113595975A (en) * | 2021-06-15 | 2021-11-02 | 中国科学院信息工程研究所 | Detection method and device for Webshell of Java memory |
| CN116489655A (en) * | 2023-03-14 | 2023-07-25 | 广州爱浦路网络技术有限公司 | Malicious application program monitoring method based on 5GS |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120233165A1 (en) * | 2011-03-08 | 2012-09-13 | Google Inc. | Detecting application similarity |
| CN102938040A (en) * | 2012-09-29 | 2013-02-20 | 中兴通讯股份有限公司 | Malicious Android application program detection method, system and device |
| CN103927485A (en) * | 2014-04-24 | 2014-07-16 | 东南大学 | Android application program risk assessment method based on dynamic monitoring |
-
2015
- 2015-05-12 CN CN201510240338.9A patent/CN104809397A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120233165A1 (en) * | 2011-03-08 | 2012-09-13 | Google Inc. | Detecting application similarity |
| CN102938040A (en) * | 2012-09-29 | 2013-02-20 | 中兴通讯股份有限公司 | Malicious Android application program detection method, system and device |
| CN103927485A (en) * | 2014-04-24 | 2014-07-16 | 东南大学 | Android application program risk assessment method based on dynamic monitoring |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105635459A (en) * | 2015-12-29 | 2016-06-01 | 努比亚技术有限公司 | Information transmission method and mobile terminal |
| CN107291586A (en) * | 2016-04-01 | 2017-10-24 | 腾讯科技(深圳)有限公司 | The analysis method and device of a kind of application program |
| CN107291586B (en) * | 2016-04-01 | 2021-04-27 | 腾讯科技(深圳)有限公司 | Application program analysis method and device |
| CN106557693A (en) * | 2016-05-09 | 2017-04-05 | 哈尔滨安天科技股份有限公司 | A kind of malice Hook behavioral value method and system |
| CN106845234A (en) * | 2017-01-05 | 2017-06-13 | 中国电子科技网络信息安全有限公司 | A kind of Android malware detection method based on the monitoring of function flow key point |
| CN108399084A (en) * | 2017-02-08 | 2018-08-14 | 中科创达软件股份有限公司 | A kind of operation method and system of application program |
| CN108399084B (en) * | 2017-02-08 | 2021-02-12 | 中科创达软件股份有限公司 | Application program running method and system |
| CN108509795A (en) * | 2018-04-25 | 2018-09-07 | 厦门安胜网络科技有限公司 | A kind of method, apparatus and storage medium of monitoring ELF file calling system functions |
| CN108509795B (en) * | 2018-04-25 | 2020-08-04 | 厦门安胜网络科技有限公司 | Method, device and storage medium for monitoring E L F file call system function |
| CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
| CN111404890A (en) * | 2020-03-05 | 2020-07-10 | 北京字节跳动网络技术有限公司 | Flow data detection method, system, storage medium and electronic device |
| CN111404890B (en) * | 2020-03-05 | 2022-07-05 | 北京字节跳动网络技术有限公司 | Flow data detection method, system, storage medium and electronic device |
| CN112084494A (en) * | 2020-09-21 | 2020-12-15 | 百度在线网络技术(北京)有限公司 | Sensitive information detection method, device, equipment and storage medium |
| CN112287341A (en) * | 2020-09-22 | 2021-01-29 | 哈尔滨安天科技集团股份有限公司 | Android malicious application detection method and device, electronic equipment and storage medium |
| CN112464232A (en) * | 2020-11-21 | 2021-03-09 | 西北工业大学 | Android system malicious software detection method based on mixed feature combination classification |
| CN112464232B (en) * | 2020-11-21 | 2024-04-09 | 西北工业大学 | Android system malicious software detection method based on mixed feature combination classification |
| CN112799914A (en) * | 2021-01-28 | 2021-05-14 | 南湖实验室 | Method and system for dynamically supervising codes and data in computer operation in full time |
| CN112799914B (en) * | 2021-01-28 | 2022-08-05 | 南湖实验室 | Method and system for dynamically supervising codes and data in computer operation in full time |
| CN113595975A (en) * | 2021-06-15 | 2021-11-02 | 中国科学院信息工程研究所 | Detection method and device for Webshell of Java memory |
| CN116489655A (en) * | 2023-03-14 | 2023-07-25 | 广州爱浦路网络技术有限公司 | Malicious application program monitoring method based on 5GS |
| CN116489655B (en) * | 2023-03-14 | 2024-03-15 | 广州爱浦路网络技术有限公司 | Malicious application program monitoring method based on 5GS |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104809397A (en) | Android malicious software detection method and system based on dynamic monitoring | |
| Ham et al. | Analysis of android malware detection performance using machine learning classifiers | |
| Arslan et al. | Permission-based malware detection system for android using machine learning techniques | |
| Liu et al. | A two-layered permission-based android malware detection scheme | |
| KR101143999B1 (en) | Apparatus and method for analyzing application based on application programming interface | |
| Liu et al. | Maddroid: Characterizing and detecting devious ad contents for android apps | |
| Canfora et al. | Acquiring and analyzing app metrics for effective mobile malware detection | |
| CN112685737A (en) | APP detection method, device, equipment and storage medium | |
| CN103927485A (en) | Android application program risk assessment method based on dynamic monitoring | |
| KR20150044490A (en) | A detecting device for android malignant application and a detecting method therefor | |
| WO2017071148A1 (en) | Cloud computing platform-based intelligent defense system | |
| CN109062667B (en) | Simulator identification method, simulator identification equipment and computer readable medium | |
| CN105531692A (en) | Security policies for loading, linking, and executing native code by mobile applications running inside of virtual machines | |
| KR101266037B1 (en) | Method and apparatus for treating malicious action in mobile terminal | |
| CN104462970A (en) | Android application program permission abuse detecting method based on process communication | |
| CN104751052A (en) | Dynamic behavior analysis method for mobile intelligent terminal software based on support vector machine algorithm | |
| CN106599688A (en) | Application category-based Android malicious software detection method | |
| Ham et al. | Detection of malicious android mobile applications based on aggregated system call events | |
| Wang et al. | LSCDroid: Malware detection based on local sensitive API invocation sequences | |
| Faruki et al. | Droidanalyst: Synergic app framework for static and dynamic app analysis | |
| CN105653947A (en) | Method and device for assessing application data security risk | |
| Tang et al. | Detecting permission over-claim of android applications with static and semantic analysis approach | |
| CN104598287B (en) | Detection method, device and the client of rogue program | |
| Jia et al. | Who leaks my privacy: Towards automatic and association detection with gdpr compliance | |
| Sun et al. | Malware detection on Android smartphones using keywords vector and SVM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150729 |