CN105022959A - Analysis device and analysis method for analyzing malicious code of mobile terminal - Google Patents
Analysis device and analysis method for analyzing malicious code of mobile terminal Download PDFInfo
- Publication number
- CN105022959A CN105022959A CN201510435727.7A CN201510435727A CN105022959A CN 105022959 A CN105022959 A CN 105022959A CN 201510435727 A CN201510435727 A CN 201510435727A CN 105022959 A CN105022959 A CN 105022959A
- Authority
- CN
- China
- Prior art keywords
- application program
- behavior
- time
- analysis
- malicious code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 83
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 19
- 238000012545 processing Methods 0.000 claims abstract description 14
- 230000006399 behavior Effects 0.000 claims description 103
- 238000000034 method Methods 0.000 claims description 55
- 230000008569 process Effects 0.000 claims description 53
- 238000013459 approach Methods 0.000 claims description 20
- 238000010230 functional analysis Methods 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 7
- 230000009471 action Effects 0.000 claims description 6
- 238000004886 process control Methods 0.000 claims description 6
- 238000011084 recovery Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 abstract 1
- 230000003014 reinforcing effect Effects 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 6
- 241000700605 Viruses Species 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000005728 strengthening Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000000630 rising effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The present invention provides an analysis device for analyzing a malicious code of a mobile terminal. The analysis device comprises a Linux kernel monitor, an abnormal behavior detection module, a reverse analysis module and a processing module. By cooperation of four devices, reverse analysis on the malicious code of the mobile terminal is completed. The present invention also provides an analysis method for analyzing the malicious code of the mobile terminal. By using the analysis device and the analysis method, an abnormal behavior can be reversely analyzed after an application is operated so as to detect whether the application comprises the malicious code, thereby reinforcing safety of the mobile terminal and protecting privacy of a user.
Description
Technical field
The present invention relates to terminal virus prevention and control field, espespecially a kind of malicious code of mobile terminal analytical equipment and analytical approach.
Background technology
Along with the development of mobile Internet, mobile security problem becomes increasingly conspicuous, and gets more and more for the virus of mobile terminal, malicious act, and presents rising tendency.
At present, mobile applications presents the trend of outburst, but the safety protection technique of corresponding mobile terminal system is not caught up with accordingly, causes a large amount of mobile phone viruses outbursts.
The large department of the protection of present mobile terminal to malicious act is realized by static analysis or dynamic analysis technology, and they inevitably omit the malicious act of some application programs.
In order to detect the malicious act of the application program of omitting, need a kind of technology of abnormal behaviour being carried out to conversed analysis after application program is run, for whether detecting application program containing malicious code, strengthening the security of mobile terminal system with this, keeping the privacy of user.
Summary of the invention
The present invention easily omits the problem of the malicious act of some application program on mobile terminal in order to solve above-mentioned technology; a kind of malicious code of mobile terminal analytical equipment and analytical approach are provided; after application program is run; every behavior of automatic monitoring application program; malicious act is prejudged and high in the clouds conversed analysis; to stop the process of related application after being defined as malicious act, protection mobile terminal data safety.
To achieve these goals, the invention provides a kind of malicious code of mobile terminal analytical equipment, described analytical equipment comprises:
Linux kernel monitor, for monitoring the behavior of application program, and behavior and the unusual checking module of application program prestore abnormal behaviour mate time, the behavior of automatic pause application program, is sent to conversed analysis module by the behavior of the application program of time-out;
Unusual checking module, for the various abnormal behaviour that prestores;
Conversed analysis module, causes the process of the behavior of the application program of time-out, application program and system code for conversed analysis, support high in the clouds automatic analysis;
Processing module, during for determining that in conversed analysis module the behavior of the application program suspended is malicious code, automatic termination causes the operation of the process of the behavior of the application program of time-out, and point out user to carry out associative operation, when conversed analysis module is determined to cause the behavior of the application program of time-out not to be malicious code, continue the operation of the process of the behavior of the application program causing time-out.
Alternatively, in described analytical equipment: the behavior of linux kernel monitor automatic pause application program comprises, the cpu resource caused shared by the process of the behavior of the application program of time-out is forced to reclaim, make to cause the process of the behavior of the application program of time-out to enter blocked state, wait for the subsequent action of processing module.
Alternatively, in described analytical equipment: the operation of linux kernel monitor to process is undertaken by its process control block (PCB).
Alternatively, in described analytical equipment: the various abnormal behaviours that unusual checking module prestores comprise amendment system code, to sensitive information read-write, suspicious network behavior and flow, acquisition positional information.
Alternatively, in described analytical equipment: the conversed analysis of conversed analysis module to the process causing the behavior of the application program of time-out comprises the analysis of the data stream to process; The conversed analysis of conversed analysis module to the application program causing the behavior of the application program of time-out comprises: application program is uploaded to high in the clouds, carry out application program decoding, dis-assembling and functional analysis successively by high in the clouds, determine according to functional analysis result whether the behavior of the application program causing time-out is malicious code; The conversed analysis of conversed analysis module to the system code causing the behavior of the application program of time-out comprises the analysis of the key modules HASH value to system code.
Present invention also offers a kind of malicious code of mobile terminal analytical approach, described analytical approach comprises:
Step 1: the behavior monitoring application program, and when the behavior of application program is mated with the abnormal behaviour that prestores, the behavior of automatic pause application program;
Step 2: conversed analysis causes the process of the behavior of the application program of time-out, application program and system code, wherein uses high in the clouds automatic analysis;
Step 3: when the behavior of the application program determining time-out is malicious code, automatic termination causes the operation of the process of the behavior of the application program of time-out, and point out user to carry out associative operation, when determining to cause the behavior of the application program of time-out not to be malicious code, continue the operation of the process of the behavior of the application program causing time-out.
Alternatively, in described analytical approach: in step 1, the behavior of automatic pause application program comprises, and is forced to reclaim by the cpu resource caused shared by the process of the behavior of the application program of time-out, make to cause the process of the behavior of the application program of time-out to enter blocked state, wait for subsequent action.
Alternatively, in described analytical approach: forcing in recovery by the cpu resource caused shared by the process of the behavior of the application program of time-out, is undertaken by process control block (PCB) to the operation of process.
Alternatively, in described analytical approach: the abnormal behaviour that prestores comprises amendment system code, to sensitive information read-write, suspicious network behavior and flow, acquisition positional information.
Alternatively, in described analytical approach: the analysis conversed analysis of the process causing the behavior of the application program of time-out being comprised to the data stream to process; The conversed analysis of the application program causing the behavior of the application program of time-out is comprised: application program is uploaded to high in the clouds, carry out application program decoding, dis-assembling and functional analysis successively by high in the clouds, determine according to functional analysis result whether the behavior of the application program causing time-out is malicious code; The conversed analysis of the system code causing the behavior of the application program of time-out is comprised to the analysis of the key modules HASH value to system code.
The present invention owing to have employed technique scheme, thus has the following advantages:
1) the present invention can the security of strengthening system, keeps the privacy of user, avoids the malicious act of application program to be missed analysis;
2) the present invention is owing to have employed long-range high in the clouds analytical technology, can improve the speed that malicious act is analyzed, thus provides more auxiliary reference data for user.
Accompanying drawing explanation
Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail:
Fig. 1 is the first embodiment schematic diagram of malicious code of mobile terminal analytical equipment of the present invention;
Fig. 2 is the second embodiment schematic diagram of malicious code of mobile terminal analytical equipment of the present invention;
Fig. 3 is the first embodiment schematic flow sheet of malicious code of mobile terminal analytical approach of the present invention.
Embodiment
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, below explanation and accompanying drawing are exemplary for the present invention, and should not be understood to limit the present invention.Following description describe numerous detail to understand the present invention to facilitate.But in some instances, details that is that know or routine is also undeclared, to meet the succinct requirement of instructions.
In prior art, also there are some processing schemes for mobile terminal virus, but the large department of the protection of mobile terminal to malicious act is realized by static analysis or dynamic analysis technology, and they inevitably omit the malicious act of some application programs.
In order to solve the problem, the invention provides a kind of malicious code of mobile terminal analytical equipment and analytical approach, can detect the malicious act of the application program of omitting, the abnormal behaviour of application programs carries out conversed analysis, for determining that whether application program is containing malicious code, improves the anti-virus ability of mobile terminal with this.
First, please refer to Fig. 1, Fig. 1 is the first embodiment schematic diagram of malicious code of mobile terminal analytical equipment of the present invention, and described analytical equipment comprises:
Linux kernel monitor, for monitoring the behavior of application program, and behavior and the unusual checking module of application program prestore abnormal behaviour mate time, the behavior of automatic pause application program, is sent to conversed analysis module by the behavior of the application program of time-out;
Unusual checking module, for the various abnormal behaviour that prestores;
Conversed analysis module, causes the process of the behavior of the application program of time-out, application program and system code for conversed analysis, support high in the clouds automatic analysis;
Processing module, during for determining that in conversed analysis module the behavior of the application program suspended is malicious code, automatic termination causes the operation of the process of the behavior of the application program of time-out, and point out user to carry out associative operation, when conversed analysis module is determined to cause the behavior of the application program of time-out not to be malicious code, continue the operation of the process of the behavior of the application program causing time-out.
Wherein, in described analytical equipment: the behavior of linux kernel monitor automatic pause application program comprises, the cpu resource caused shared by the process of the behavior of the application program of time-out is forced to reclaim, make to cause the process of the behavior of the application program of time-out to enter blocked state, wait for the subsequent action of processing module; The operation of linux kernel monitor to process is undertaken by its process control block (PCB); The various abnormal behaviours that unusual checking module prestores comprise amendment system code, to sensitive information read-write, suspicious network behavior and flow, acquisition positional information; Sensitive information comprises note, multimedia message, call log, contact person's voice mail, schedule, notepad, multimedia, financial application, individual mail, browses searching record and digital certificate etc.; The conversed analysis of conversed analysis module to the process causing the behavior of the application program of time-out comprises the analysis of the data stream to process; The conversed analysis of conversed analysis module to the application program causing the behavior of the application program of time-out comprises: application program is uploaded to high in the clouds, carry out application program decoding, dis-assembling and functional analysis successively by high in the clouds, determine according to functional analysis result whether the behavior of the application program causing time-out is malicious code; And the conversed analysis of conversed analysis module to the system code causing the behavior of the application program of time-out comprises the analysis of the key modules HASH value to system code.
Then, please refer to Fig. 2, Fig. 2 is the second embodiment signal of malicious code of mobile terminal analytical equipment of the present invention, described analytical equipment comprises linux kernel monitor, unusual checking module, conversed analysis module and processing module equally, the function of above-mentioned four devices is identical with Fig. 1, their co-operating is to complete the conversed analysis to malicious code of mobile terminal, Fig. 2 gives the particular location of above-mentioned four devices at mobile terminal, wherein, unusual checking module is at linux kernel monitor and between conversed analysis module and processing module.
Finally, please refer to Fig. 3, Fig. 3 is the first embodiment schematic flow sheet of malicious code of mobile terminal analytical approach of the present invention, and described analytical approach comprises:
Step 1: the behavior monitoring application program, and when the behavior of application program is mated with the abnormal behaviour that prestores, the behavior of automatic pause application program;
Step 2: conversed analysis causes the process of the behavior of the application program of time-out, application program and system code, wherein uses high in the clouds automatic analysis;
Step 3: when the behavior of the application program determining time-out is malicious code, automatic termination causes the operation of the process of the behavior of the application program of time-out, and point out user to carry out associative operation, when determining to cause the behavior of the application program of time-out not to be malicious code, continue the operation of the process of the behavior of the application program causing time-out.
Wherein, in described analytical approach: in step 1, the behavior of automatic pause application program comprises, and is forced to reclaim by the cpu resource caused shared by the process of the behavior of the application program of time-out, make to cause the process of the behavior of the application program of time-out to enter blocked state, wait for subsequent action; Forcing in recovery by the cpu resource caused shared by the process of the behavior of the application program of time-out, is undertaken by process control block (PCB) to the operation of process; The abnormal behaviour that prestores comprises amendment system code, to sensitive information read-write, suspicious network behavior and flow, acquisition positional information; Sensitive information comprises note, multimedia message, call log, contact person's voice mail, schedule, notepad, multimedia, financial application, individual mail, browses searching record and digital certificate etc.; The conversed analysis of the process causing the behavior of the application program of time-out is comprised to the analysis of the data stream to process; The conversed analysis of the application program causing the behavior of the application program of time-out is comprised: application program is uploaded to high in the clouds, carry out application program decoding, dis-assembling and functional analysis successively by high in the clouds, determine according to functional analysis result whether the behavior of the application program causing time-out is malicious code; And, the conversed analysis of the system code causing the behavior of the application program of time-out is comprised to the analysis of the key modules HASH value to system code.
In addition, the mobile terminal in the present invention comprises processor, containing single core processor or polycaryon processor.Processor also can be described as one or more microprocessor, CPU (central processing unit) (CPU) etc.More specifically, processor can be complicated instruction set and calculates (CISC) microprocessor, Jing Ke Cao Neng (RISC) microprocessor, very long instruction word (VLIW) microprocessor, realizes the processor of other instruction set, or realizes the processor of instruction set combination.Processor also can be one or more application specific processor, such as special IC (ASIC), field programmable gate array (FPGA), digital signal processor (DSP), network processing unit, graphic process unit, network processing unit, communication processor, cipher processor, coprocessor, flush bonding processor or can the logical block of any other type of processing instruction.Processor is for the instruction of the operation that performs the present invention and discuss and step.
Mobile terminal in the present invention comprises storer, one or more volatile storage devices can be comprised, as the memory device of random access memory (RAM), dynamic ram (DRAM), synchronous dram (SDRAM), static RAM (SRAM) (SRAM) or other types.Storer can store the information comprising the instruction sequence performed by processor or any other equipment.Such as, the executable code of several operation systems, device driver, firmware (such as, input and output ultimate system or BIOS) and/or application program and/or data can be loaded in memory and be performed by processor.
Those skilled in the art will recognize that; above-mentioned embodiment is exemplary; to enable those skilled in the art better understand this patent content; should not be understood as the restriction to this patent protection domain; as long as according to this patent disclose any equivalent change done of spirit or modification, all fall into this patent protection domain.
Claims (10)
1. a malicious code of mobile terminal analytical equipment, is characterized in that, described analytical equipment comprises:
Linux kernel monitor, for monitoring the behavior of application program, and behavior and the unusual checking module of application program prestore abnormal behaviour mate time, the behavior of automatic pause application program, is sent to conversed analysis module by the behavior of the application program of time-out;
Unusual checking module, for the various abnormal behaviour that prestores;
Conversed analysis module, causes the process of the behavior of the application program of time-out, application program and system code for conversed analysis, support high in the clouds automatic analysis;
Processing module, during for determining that in conversed analysis module the behavior of the application program suspended is malicious code, automatic termination causes the operation of the process of the behavior of the application program of time-out, and point out user to carry out associative operation, when conversed analysis module is determined to cause the behavior of the application program of time-out not to be malicious code, continue the operation of the process of the behavior of the application program causing time-out.
2. malicious code of mobile terminal analytical equipment according to claim 1, is characterized in that:
The behavior of linux kernel monitor automatic pause application program comprises, the cpu resource caused shared by the process of the behavior of the application program of time-out is forced to reclaim, make to cause the process of the behavior of the application program of time-out to enter blocked state, wait for the subsequent action of processing module.
3. malicious code of mobile terminal analytical equipment according to claim 2, is characterized in that:
The operation of linux kernel monitor to process is undertaken by its process control block (PCB).
4. malicious code of mobile terminal analytical equipment according to claim 1, is characterized in that:
The various abnormal behaviours that unusual checking module prestores comprise amendment system code, to sensitive information read-write, suspicious network behavior and flow, acquisition positional information.
5. malicious code of mobile terminal analytical equipment according to claim 1, is characterized in that:
The conversed analysis of conversed analysis module to the process causing the behavior of the application program of time-out comprises the analysis of the data stream to process;
The conversed analysis of conversed analysis module to the application program causing the behavior of the application program of time-out comprises: application program is uploaded to high in the clouds, carry out application program decoding, dis-assembling and functional analysis successively by high in the clouds, determine according to functional analysis result whether the behavior of the application program causing time-out is malicious code;
The conversed analysis of conversed analysis module to the system code causing the behavior of the application program of time-out comprises the analysis of the key modules HASH value to system code.
6. a malicious code of mobile terminal analytical approach, is characterized in that, described analytical approach comprises:
Step 1: the behavior monitoring application program, and when the behavior of application program is mated with the abnormal behaviour that prestores, the behavior of automatic pause application program;
Step 2: conversed analysis causes the process of the behavior of the application program of time-out, application program and system code, wherein uses high in the clouds automatic analysis;
Step 3: when the behavior of the application program determining time-out is malicious code, automatic termination causes the operation of the process of the behavior of the application program of time-out, and point out user to carry out associative operation, when determining to cause the behavior of the application program of time-out not to be malicious code, continue the operation of the process of the behavior of the application program causing time-out.
7. malicious code of mobile terminal analytical approach according to claim 6, is characterized in that:
In step 1, the behavior of automatic pause application program comprises, and is forced to reclaim by the cpu resource caused shared by the process of the behavior of the application program of time-out, makes to cause the process of the behavior of the application program of time-out to enter blocked state, wait for subsequent action.
8. malicious code of mobile terminal analytical approach according to claim 7, is characterized in that:
Forcing in recovery by the cpu resource caused shared by the process of the behavior of the application program of time-out, is undertaken by process control block (PCB) to the operation of process.
9. malicious code of mobile terminal analytical approach according to claim 6, is characterized in that:
The abnormal behaviour that prestores comprises amendment system code, to sensitive information read-write, suspicious network behavior and flow, acquisition positional information.
10. malicious code of mobile terminal analytical approach according to claim 6, is characterized in that:
The conversed analysis of the process causing the behavior of the application program of time-out is comprised to the analysis of the data stream to process;
The conversed analysis of the application program causing the behavior of the application program of time-out is comprised: application program is uploaded to high in the clouds, carry out application program decoding, dis-assembling and functional analysis successively by high in the clouds, determine according to functional analysis result whether the behavior of the application program causing time-out is malicious code;
The conversed analysis of the system code causing the behavior of the application program of time-out is comprised to the analysis of the key modules HASH value to system code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510435727.7A CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510435727.7A CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105022959A true CN105022959A (en) | 2015-11-04 |
| CN105022959B CN105022959B (en) | 2018-05-18 |
Family
ID=54412921
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510435727.7A Active CN105022959B (en) | 2015-07-22 | 2015-07-22 | A kind of malicious code of mobile terminal analytical equipment and analysis method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105022959B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106547699A (en) * | 2016-11-30 | 2017-03-29 | 安徽金曦网络科技股份有限公司 | Code detection system |
| CN106713293A (en) * | 2016-12-14 | 2017-05-24 | 武汉虹旭信息技术有限责任公司 | Cloud platform malicious behavior detecting system and method |
| CN106899977A (en) * | 2015-12-18 | 2017-06-27 | 中国电信股份有限公司 | The abnormal flow method of inspection and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120167218A1 (en) * | 2010-12-23 | 2012-06-28 | Rajesh Poornachandran | Signature-independent, system behavior-based malware detection |
| CN102694817A (en) * | 2012-06-08 | 2012-09-26 | 奇智软件(北京)有限公司 | Method, device and system for identifying abnormality of network behavior of program |
| CN103368904A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Mobile terminal, and system and method for suspicious behavior detection and judgment |
| CN103971055A (en) * | 2014-04-28 | 2014-08-06 | 南京邮电大学 | Android malicious software detection method based on program slicing technology |
-
2015
- 2015-07-22 CN CN201510435727.7A patent/CN105022959B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120167218A1 (en) * | 2010-12-23 | 2012-06-28 | Rajesh Poornachandran | Signature-independent, system behavior-based malware detection |
| CN103368904A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Mobile terminal, and system and method for suspicious behavior detection and judgment |
| CN102694817A (en) * | 2012-06-08 | 2012-09-26 | 奇智软件(北京)有限公司 | Method, device and system for identifying abnormality of network behavior of program |
| CN103971055A (en) * | 2014-04-28 | 2014-08-06 | 南京邮电大学 | Android malicious software detection method based on program slicing technology |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106899977A (en) * | 2015-12-18 | 2017-06-27 | 中国电信股份有限公司 | The abnormal flow method of inspection and device |
| CN106899977B (en) * | 2015-12-18 | 2020-02-18 | 中国电信股份有限公司 | Abnormal flow detection method and device |
| CN106547699A (en) * | 2016-11-30 | 2017-03-29 | 安徽金曦网络科技股份有限公司 | Code detection system |
| CN106713293A (en) * | 2016-12-14 | 2017-05-24 | 武汉虹旭信息技术有限责任公司 | Cloud platform malicious behavior detecting system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105022959B (en) | 2018-05-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9230099B1 (en) | Systems and methods for combining static and dynamic code analysis | |
| CA2804258C (en) | Systems and methods for alternating malware classifiers in an attempt to frustrate brute-force malware testing | |
| US10621349B2 (en) | Detection of malware using feature hashing | |
| KR101051722B1 (en) | Monitor program, monitoring method and computer program product for hardware related thereto | |
| US8726386B1 (en) | Systems and methods for detecting malware | |
| US9177155B2 (en) | Hybrid analysis of vulnerable information flows | |
| US9852294B1 (en) | Systems and methods for detecting suspicious applications based on how entry-point functions are triggered | |
| US10019581B2 (en) | Identifying stored security vulnerabilities in computer software applications | |
| EP3374920B1 (en) | Detecting program evasion of virtual machines or emulators | |
| WO2014113367A1 (en) | System for and a method of cognitive behavior recognition | |
| US8332941B2 (en) | Exploit nonspecific host intrusion prevention/detection methods and systems and smart filters therefor | |
| Dhaya et al. | Detecting software vulnerabilities in android using static analysis | |
| US11108787B1 (en) | Securing a network device by forecasting an attack event using a recurrent neural network | |
| US9965620B2 (en) | Application program interface (API) monitoring bypass | |
| CN105022959A (en) | Analysis device and analysis method for analyzing malicious code of mobile terminal | |
| CN107180194B (en) | Method and device for vulnerability detection based on visual analysis system | |
| US9552481B1 (en) | Systems and methods for monitoring programs | |
| US9646157B1 (en) | Systems and methods for identifying repackaged files | |
| US10846405B1 (en) | Systems and methods for detecting and protecting against malicious software | |
| US9208314B1 (en) | Systems and methods for distinguishing code of a program obfuscated within a packed program | |
| US8819828B1 (en) | Systems and methods for identifying malware threat vectors | |
| CN111262842B (en) | Webpage tamper-proofing method and device, electronic equipment and storage medium | |
| CN106302935B (en) | Method and system for identifying communication information | |
| CN111240696A (en) | Method for extracting similar modules of mobile malicious program | |
| CN107103242B (en) | Data acquisition method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201120 Address after: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Patentee before: Phicomm (Shanghai) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201217 Address after: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee after: Bengbu Lichao Information Technology Co.,Ltd. Address before: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210310 Address after: 313000 room 1019, Xintiandi commercial office, Yishan street, Wuxing District, Huzhou, Zhejiang, China Patentee after: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Address before: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee before: Bengbu Lichao Information Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Mobile Terminal Malicious Code Analysis Device and Analysis Method Effective date of registration: 20221204 Granted publication date: 20180518 Pledgee: Huzhou Wuxing Rural Commercial Bank Co.,Ltd. high tech Zone Green sub branch Pledgor: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Registration number: Y2022330003403 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20231205 Granted publication date: 20180518 Pledgee: Huzhou Wuxing Rural Commercial Bank Co.,Ltd. high tech Zone Green sub branch Pledgor: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Registration number: Y2022330003403 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |