CN105022959A - Analysis device and analysis method for analyzing malicious code of mobile terminal - Google Patents
Analysis device and analysis method for analyzing malicious code of mobile terminal Download PDFInfo
- Publication number
- CN105022959A CN105022959A CN201510435727.7A CN201510435727A CN105022959A CN 105022959 A CN105022959 A CN 105022959A CN 201510435727 A CN201510435727 A CN 201510435727A CN 105022959 A CN105022959 A CN 105022959A
- Authority
- CN
- China
- Prior art keywords
- application program
- behavior
- time
- analysis
- malicious code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 83
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 19
- 238000012545 processing Methods 0.000 claims abstract description 14
- 230000006399 behavior Effects 0.000 claims description 103
- 238000000034 method Methods 0.000 claims description 55
- 230000008569 process Effects 0.000 claims description 53
- 238000013459 approach Methods 0.000 claims description 20
- 238000010230 functional analysis Methods 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 7
- 230000009471 action Effects 0.000 claims description 6
- 238000004886 process control Methods 0.000 claims description 6
- 238000011084 recovery Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 abstract 1
- 230000003014 reinforcing effect Effects 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 6
- 241000700605 Viruses Species 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000005728 strengthening Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000000630 rising effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510435727.7A CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510435727.7A CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105022959A true CN105022959A (en) | 2015-11-04 |
CN105022959B CN105022959B (en) | 2018-05-18 |
Family
ID=54412921
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510435727.7A Active CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105022959B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106547699A (en) * | 2016-11-30 | 2017-03-29 | 安徽金曦网络科技股份有限公司 | Code detection system |
CN106713293A (en) * | 2016-12-14 | 2017-05-24 | 武汉虹旭信息技术有限责任公司 | Cloud platform malicious behavior detecting system and method |
CN106899977A (en) * | 2015-12-18 | 2017-06-27 | 中国电信股份有限公司 | The abnormal flow method of inspection and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120167218A1 (en) * | 2010-12-23 | 2012-06-28 | Rajesh Poornachandran | Signature-independent, system behavior-based malware detection |
CN102694817A (en) * | 2012-06-08 | 2012-09-26 | 奇智软件(北京)有限公司 | Method, device and system for identifying abnormality of network behavior of program |
CN103368904A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Mobile terminal, and system and method for suspicious behavior detection and judgment |
CN103971055A (en) * | 2014-04-28 | 2014-08-06 | 南京邮电大学 | Android malicious software detection method based on program slicing technology |
-
2015
- 2015-07-22 CN CN201510435727.7A patent/CN105022959B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120167218A1 (en) * | 2010-12-23 | 2012-06-28 | Rajesh Poornachandran | Signature-independent, system behavior-based malware detection |
CN103368904A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Mobile terminal, and system and method for suspicious behavior detection and judgment |
CN102694817A (en) * | 2012-06-08 | 2012-09-26 | 奇智软件(北京)有限公司 | Method, device and system for identifying abnormality of network behavior of program |
CN103971055A (en) * | 2014-04-28 | 2014-08-06 | 南京邮电大学 | Android malicious software detection method based on program slicing technology |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106899977A (en) * | 2015-12-18 | 2017-06-27 | 中国电信股份有限公司 | The abnormal flow method of inspection and device |
CN106899977B (en) * | 2015-12-18 | 2020-02-18 | 中国电信股份有限公司 | Abnormal flow detection method and device |
CN106547699A (en) * | 2016-11-30 | 2017-03-29 | 安徽金曦网络科技股份有限公司 | Code detection system |
CN106713293A (en) * | 2016-12-14 | 2017-05-24 | 武汉虹旭信息技术有限责任公司 | Cloud platform malicious behavior detecting system and method |
Also Published As
Publication number | Publication date |
---|---|
CN105022959B (en) | 2018-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9230099B1 (en) | Systems and methods for combining static and dynamic code analysis | |
CA2804258C (en) | Systems and methods for alternating malware classifiers in an attempt to frustrate brute-force malware testing | |
US10621349B2 (en) | Detection of malware using feature hashing | |
KR101051722B1 (en) | Monitor program, monitoring method and computer program product for hardware related thereto | |
US8726386B1 (en) | Systems and methods for detecting malware | |
US9177155B2 (en) | Hybrid analysis of vulnerable information flows | |
US9852294B1 (en) | Systems and methods for detecting suspicious applications based on how entry-point functions are triggered | |
US10019581B2 (en) | Identifying stored security vulnerabilities in computer software applications | |
EP3374920B1 (en) | Detecting program evasion of virtual machines or emulators | |
WO2014113367A1 (en) | System for and a method of cognitive behavior recognition | |
US8332941B2 (en) | Exploit nonspecific host intrusion prevention/detection methods and systems and smart filters therefor | |
Dhaya et al. | Detecting software vulnerabilities in android using static analysis | |
US11108787B1 (en) | Securing a network device by forecasting an attack event using a recurrent neural network | |
US9965620B2 (en) | Application program interface (API) monitoring bypass | |
CN105022959A (en) | Analysis device and analysis method for analyzing malicious code of mobile terminal | |
CN107180194B (en) | Method and device for vulnerability detection based on visual analysis system | |
US9552481B1 (en) | Systems and methods for monitoring programs | |
US9646157B1 (en) | Systems and methods for identifying repackaged files | |
US10846405B1 (en) | Systems and methods for detecting and protecting against malicious software | |
US9208314B1 (en) | Systems and methods for distinguishing code of a program obfuscated within a packed program | |
US8819828B1 (en) | Systems and methods for identifying malware threat vectors | |
CN111262842B (en) | Webpage tamper-proofing method and device, electronic equipment and storage medium | |
CN106302935B (en) | Method and system for identifying communication information | |
CN111240696A (en) | Method for extracting similar modules of mobile malicious program | |
CN107103242B (en) | Data acquisition method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201120 Address after: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Patentee before: Phicomm (Shanghai) Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201217 Address after: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee after: Bengbu Lichao Information Technology Co.,Ltd. Address before: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210310 Address after: 313000 room 1019, Xintiandi commercial office, Yishan street, Wuxing District, Huzhou, Zhejiang, China Patentee after: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Address before: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee before: Bengbu Lichao Information Technology Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Mobile Terminal Malicious Code Analysis Device and Analysis Method Effective date of registration: 20221204 Granted publication date: 20180518 Pledgee: Huzhou Wuxing Rural Commercial Bank Co.,Ltd. high tech Zone Green sub branch Pledgor: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Registration number: Y2022330003403 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20231205 Granted publication date: 20180518 Pledgee: Huzhou Wuxing Rural Commercial Bank Co.,Ltd. high tech Zone Green sub branch Pledgor: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Registration number: Y2022330003403 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right |