CN107958154A - A kind of malware detection device and method - Google Patents
A kind of malware detection device and method Download PDFInfo
- Publication number
- CN107958154A CN107958154A CN201610902851.4A CN201610902851A CN107958154A CN 107958154 A CN107958154 A CN 107958154A CN 201610902851 A CN201610902851 A CN 201610902851A CN 107958154 A CN107958154 A CN 107958154A
- Authority
- CN
- China
- Prior art keywords
- api
- files
- decompiling
- tag
- random forest
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The present invention relates to safety detection technology field, more particularly to a kind of malware detection device and method.The malware detection device includes:Decompiling module:For carrying out decompiling to the application software installation kit of input, Smali files are obtained;Characteristic extracting module:For extracting API tag files from the smali files;Characteristic format module:For the API extracted tag files to be formatted as to the file format of setting;Model training and detection module:For training random forest disaggregated model by formatted API tag files, the detection of Malware is carried out by random forest disaggregated model.The present invention will not be abused authority be subject to application software and be disturbed, and whole training and detection process realize automation, without hand picking API;And distributed random forest is introduced, model training when successfully managing magnanimity Malware as sample, improves model training efficiency.
Description
Technical field
The present invention relates to safety detection technology field, more particularly to a kind of malware detection device and method.
Background technology
In recent years, mobile intelligent terminal is quickly grown, and greatly changes the custom that people use mobile phone, mobile phone is no longer only
It is only used for taking phone, but more penetrates into the every aspect of personal lifestyle.At the same time, also stored in mobile phone more next
More individual privacies, once mobile phone is invaded by Malware, may be faced with cellphone information be stolen, account, password
It is stolen to wait harm, cause the loss of personal property or interests, or the illegal operation due to backstage rogue program so that mobile phone work(
It can be abnormal, influence user's normal use.
Android has a high occupation rate of market as one of operation system of smart phone currently popular, but due to
The opening of its own, makes the main object of malware attacks.The issue of 360 company of Qihoo《National champion in 2015
Machine safe condition is reported》[1] the Android phone Malware sample size that display is intercepted and captured still is being continuously increased, and quantity is up to
1874.0 ten thousand, number of the infected has also increased compared with the first two years, up to 3.7 hundred million person-times.With the development of technology, Android is put down
The rogue program cost of manufacture of platform gradually reduces, and can Mass production rogue program, cause the attack for mobile terminal
Gradual scale, not only threatens the individual interest of user, also puts major security firm among huge challenge.What magnanimity occurred
Malware and increasingly huge malice feature database considerably increase security firm and are intercepted and captured, in terms of processing in Malware sample
Difficulty, traditional detection mode cannot timely and effectively handle this mass data.
With the rapid development of artificial intelligence, the sorting algorithm of data mining is applied to malice by many researchs existing at present
In software detection.The method of data mining carries out Malware by the feature of " study " Malware to build disaggregated model
Detection, the detection methods of various data minings are all the combinations using different feature or feature, with reference to relevant classification algorithm into
Row detection.Therefore, the malware detection effect based on data mining is dependent on the expression of feature and the selection of model.
The security mechanism requirement of Android, in calling, some may influence other applications, operating system or use to application program
Family, such as read and write the private data of user, using network connection, the API (Application of holding mobile phone wake-up states
Programming Interface, application programming interface) when, to apply for corresponding authority, only obtain after authorizing
These API can be called, therefore authority can describe to apply behavior to a certain extent.Compared to authority, the more direct reactive applications of API
Behavior, therefore, the authority and API features of the detection method of existing data mining mainly for Android application software.
Used by detection method based on data mining although authority feature is easy to extract, but since application program is stated
Authority may not have use in practice, and some researches show that exist to widely apply software abuse authority, therefore directly use
Authority as feature to describe to apply behavior, less reliable, and API substantial amounts be faced with using API features the problem of,
Need not realizing that full automation detects as feature by artificial selected part API.In addition, the malice of the prior art is soft
Part detection method is mostly based on standalone version realization, can not tackle the software sample of substantial amounts.
The content of the invention
The present invention provides a kind of malware detection device and method, it is intended to solves existing skill at least to a certain extent
One of above-mentioned technical problem in art.
To solve the above-mentioned problems, the present invention provides following technical solution:
A kind of malware detection device, including:
Decompiling module:For carrying out decompiling to the application software installation kit of input, decompiling file is obtained;
Characteristic extracting module:For extracting API tag files from the decompiling file;
Characteristic format module:For the API extracted tag files to be formatted as to the file format of setting;
Model training and detection module:For training random forest disaggregated model by formatted API tag files,
The detection of Malware is carried out by random forest disaggregated model.
The technical solution that the embodiment of the present invention is taken further includes:The decompiling module uses Apktool decompiling instruments
Decompiling is carried out to the application software installation kit of input, the decompiling file is Smali files.
The technical solution that the embodiment of the present invention is taken further includes:The characteristic extracting module extraction API tag files carry
The mode is taken to be:Smali files are traveled through, find Dalvik instructions relevant with API Calls;Subsequent parameter is instructed according to Dalvik
The API that application program is called is obtained, and string matching is carried out to API, will if the API is the API by protection of usage right
This is stored in the corresponding API tag files of the application program by the API of protection of usage right.
The technical solution that the embodiment of the present invention is taken further includes:The characteristic format module carries out API tag files
The method of formatting is:One numbering is set for each API in API tag files, if having used the API in application software
The corresponding numbering entry value of the API stored in tag file, the API is 1, if without literary using the API features in application software
The API stored in part, then the corresponding numbering entry value of the API is 0.
The technical solution that the embodiment of the present invention is taken further includes:Model training and detection module the training random forest point
The mode of class model is:Formatted API tag files are input to the random forest disaggregated model that Spark MLlib provide
Teaching interface, training obtain distributed random forest classified model.
Another technical solution that the embodiment of the present invention is taken is:A kind of malware detection method, including:
Step a:Decompiling is carried out to the application software installation kit of input, obtains decompiling file;
Step b:API tag files are extracted from the decompiling file;
Step c:The API tag files extracted are formatted as to the file format of setting;
Step d:Random forest disaggregated model is trained by formatted API tag files, is classified by random forest
Model carries out the detection of Malware.
The technical solution that the embodiment of the present invention is taken further includes:In the step a, described pair application software installation bag into
Row decompiling is specially:Decompiling, the anti-volume carry out the application software installation kit of input using Apktool decompiling instruments
Translation part is Smali files.
The technical solution that the embodiment of the present invention is taken further includes:In the step b, the extraction of the API tag files
Mode is:Smali files are traveled through, find Dalvik instructions relevant with API Calls;Subsequent parameter is instructed to obtain according to Dalvik
The API that application program is called is taken, and string matching is carried out to API, should if the API is the API by protection of usage right
It is stored in by the API of protection of usage right in the corresponding API tag files of the application program.
The technical solution that the embodiment of the present invention is taken further includes:It is described that API tag files are carried out in the step c
The method of formatting is:One numbering is set for each API in API tag files, if having used the API in application software
The corresponding numbering entry value of the API stored in tag file, the API is 1, if without literary using the API features in application software
The API stored in part, then the corresponding numbering entry value of the API is 0.
The technical solution that the embodiment of the present invention is taken further includes:In the step d, the trained random forest classification mould
The mode of type is:Formatted API tag files are input to the random forest disaggregated model training that Spark MLlib provide
Interface, training obtain distributed random forest classified model.
Relative to the prior art, the beneficial effect that the embodiment of the present invention produces is:The Malware of the embodiment of the present invention
Detection device and method are direct compared to traditional by using features of the API by protection of usage right as malware detection
Access right will not be abused authority be subject to application software and be disturbed, whole training and detection process realize automatically as feature
Change, without hand picking API;And distributed random forest is introduced, when successfully managing magnanimity Malware as sample
Model training, improve model training efficiency.
Brief description of the drawings
Fig. 1 is the structure diagram of the malware detection device of the embodiment of the present invention;
Fig. 2 is the detection framework figure of the malware detection device of the embodiment of the present invention;
Fig. 3 is the flow chart of the malware detection method of the embodiment of the present invention;
Fig. 4 is the accuracy rate comparison diagram of two kinds of features;
Fig. 5 is the accurate rate comparison diagram of two kinds of features;
Fig. 6 is the recall rate comparison diagram of two kinds of features.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, it is right
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the present invention, not
For limiting the present invention.
Referring to Fig. 1, it is the structure diagram of the malware detection device of the embodiment of the present invention.The embodiment of the present invention
Malware detection device includes decompiling module, characteristic extracting module, characteristic format module and model training and detection mould
Block.Decompiling module is used for decompiling application software installation kit (APK, AndroidPackage), obtains smali texts therein
Part;Characteristic extracting module is used to extract API tag files from smali files;Characteristic format module is used to each to apply
The API tag files extracted in software installation bag are formatted into the file format of setting;Model training and detection module are used to lead to
Formatted API tag files training random forest disaggregated model is crossed, Malware is carried out by random forest disaggregated model
Detection (judge that software is malice or normal), and export testing result.
It is the detection framework figure of the malware detection device of the embodiment of the present invention also referring to Fig. 2.Decompiling mould
Block, characteristic extracting module, characteristic format module and model training and detection module represent with round rectangle respectively, each module
Input be a upper module output, the output of each module represents with orthogonal rectangle.The input of the frame is applied for Android
Software installation bag, exports as the testing result to the application software.
Specifically, in the embodiment of the present invention, application software of the decompiling module using Apktool decompiling instruments to input
Installation kit carries out decompiling, obtains Smali files, and Smali files contain Dalvik instructions and API information;The present invention its
In his embodiment, can also other decompiling instruments be used to carry out decompiling, such as dex2jar etc..
Characteristic extracting module extraction API tag files extracting mode be:Smali files are traveled through, are found and API Calls phase
The Dalvik instructions of pass, as shown in table 1 below, the API called further according to the subsequent parameter acquiring application program of Dalvik instructions,
Which includes API class names and method name, and string matching is carried out to API, will if the API is the API by protection of usage right
This is stored in the corresponding API tag files of the application program by the API of protection of usage right.So far, each application program corresponds to one
A API tag files, API tag files store the API by protection of usage right of all application calls.
Table 1 is instructed with the relevant Dalvik of API Calls
Before using API tag files, it is also necessary to which API tag files are converted into model training and detection module to connect
The form received, the method that characteristic format module is formatted API tag files are:For in each API tag files
Each API sets a numbering, if having used the API stored in the API tag files in application software, the API is corresponding
Numbering entry value is 1, and otherwise the corresponding numbering entry value of the API is 0.Finally, each application software is expressed as feature vector
Form, the data line in corresponding A PI tag files.In embodiments of the present invention, characteristic format module is by API tag files
LIBSVM formatted files are formatted as, specific form can be set according to practical application.
After formatting API tag files, model training and detection module be entered into Spark MLlib offers with
Machine forest classified model training interface, training obtain distributed random forest classified model, pass through the random forest disaggregated model
Carry out the malware detection of intelligent terminal.
Referring to Fig. 3, it is the flow chart of the malware detection method of the embodiment of the present invention.The malice of the embodiment of the present invention
Software detecting method comprises the following steps:
Step 100:Decompiling is carried out to the application software installation kit of input, obtains Smali files;
In step 100, the embodiment of the present invention carries out decompiling using Apktool decompiling instruments, can also use
Other decompiling instruments such as dex2jar carry out decompiling, and the Smali files of acquisition contain Dalvik instructions and API information.
Step 200:API tag files are extracted from smali files;
In step 200, the extracting mode of API tag files is:Smali files are traveled through, are found relevant with API Calls
Dalvik is instructed, as shown in table 1 below, the API called further according to the subsequent parameter acquiring application program of Dalvik instructions, wherein
Include API class names and method name, to API carry out string matching, if the API is the API by protection of usage right, by this by
The API of protection of usage right is stored in the corresponding API tag files of the application program.So far, each application program corresponds to an API
Tag file, API tag files store the API by protection of usage right of all application calls.
Table 1 is instructed with the relevant Dalvik of API Calls
Step 300:The API tag files extracted in each application software installation kit are formatted into the tray of setting
Formula;
In step 300, the method being formatted to API tag files is:To be each in each API tag files
API sets a numbering, if having used the API stored in the API tag files in application software, the corresponding numberings of the API
Entry value is 1, and otherwise the corresponding numbering entry value of the API is 0.Finally, each application software is expressed as the form of a feature vector,
Data line in corresponding A PI tag files.In embodiments of the present invention, characteristic format module is by API tag file forms
LIBSVM formatted files are turned to, specific form can be set according to practical application.
Step 400:Random forest disaggregated model is trained by formatted API tag files, passes through random forest point
Class model carries out the detection of Malware, and exports testing result;
In step 400, the method for training random forest disaggregated model is:Formatted API tag files are inputted
The random forest disaggregated model teaching interface provided to Spark MLlib, training obtain distributed random forest classified model.
It was proved that the malware detection device and method of the embodiment of the present invention is by using by protection of usage right
The feature that API is detected as Android malware, compared to traditional direct access right as feature, there is more preferable inspection
Survey effect.Specifically as shown in Figures 4 to 6, Fig. 4 is the accuracy rate comparison diagram of two kinds of features, and Fig. 5 is the accurate rate pair of two kinds of features
Than figure, Fig. 6 is the recall rate comparison diagram of two kinds of features.Under identical experiment condition, with the number set in Random Forest model
Mesh increase, classification accuracy, accurate rate when using the API by protection of usage right as feature and access right as feature respectively
Also changing with recall rate.When the number of tree reaches 30, each index is basicly stable, uses at this time by protection of usage right
API is as the accuracy rate of the testing result of feature, accurate rate and recall rate respectively than using testing result of the authority as feature
It is higher by 2%, 1% and 4%.
The malware detection device and method of the embodiment of the present invention is soft as malice by using the API by protection of usage right
Part detection feature, compared to traditional direct access right be used as feature, will not be subject to application software abuse authority be disturbed,
Whole training and detection process realize automation, without hand picking API;And distributed random forest is introduced, is had
Effect to magnanimity Malware as sample when model training, improve model training efficiency.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or use the present invention.
A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, it is of the invention
The embodiments shown herein is not intended to be limited to, and is to fit to and the principles and novel features disclosed herein phase one
The most wide scope caused.
Claims (10)
- A kind of 1. malware detection device, it is characterised in that including:Decompiling module:For carrying out decompiling to the application software installation kit of input, decompiling file is obtained;Characteristic extracting module:For extracting API tag files from the decompiling file;Characteristic format module:For the API extracted tag files to be formatted as to the file format of setting;Model training and detection module:For training random forest disaggregated model by formatted API tag files, pass through Random forest disaggregated model carries out the detection of Malware.
- 2. malware detection device according to claim 1, it is characterised in that the decompiling module uses Apktool decompiling instruments carry out decompiling to the application software installation kit of input, and the decompiling file is Smali files.
- 3. malware detection device according to claim 2, it is characterised in that the characteristic extracting module extracts API The extracting mode of tag file is:Smali files are traveled through, find Dalvik instructions relevant with API Calls;Referred to according to Dalvik The API for making subsequent parameter acquiring application program be called, and string matching is carried out to API, if the API is protected by authority This, then be stored in the corresponding API tag files of the application program by the API of shield by the API of protection of usage right.
- 4. malware detection device according to claim 3, it is characterised in that the characteristic format module is to API The method that tag file is formatted is:One numbering is set for each API in API tag files, if application software Middle to have used the API stored in the API tag files, the corresponding numbering entry value of the API is 1, if do not made in application software With the API stored in the API tag files, then the corresponding numbering entry value of the API is 0.
- 5. malware detection device according to claim 4, it is characterised in that model training and the detection module instruction The mode for practicing random forest disaggregated model is:By formatted API tag files be input to Spark MLlib provide it is random Forest classified model training interface, training obtain distributed random forest classified model.
- A kind of 6. malware detection method, it is characterised in that including:Step a:Decompiling is carried out to the application software installation kit of input, obtains decompiling file;Step b:API tag files are extracted from the decompiling file;Step c:The API tag files extracted are formatted as to the file format of setting;Step d:Random forest disaggregated model is trained by formatted API tag files, passes through random forest disaggregated model Carry out the detection of Malware.
- 7. malware detection method according to claim 6, it is characterised in that in the step a, described pair of application Software installation bag carries out decompiling:The application software installation kit of input is carried out using Apktool decompiling instruments anti- Compiling, the decompiling file is Smali files.
- 8. malware detection method according to claim 7, it is characterised in that in the step b, the API is special The extracting mode of part of soliciting articles is:Smali files are traveled through, find Dalvik instructions relevant with API Calls;Instructed according to Dalvik The API that subsequent parameter acquiring application program is called, and string matching is carried out to API, if the API is by protection of usage right API, then this is stored in the corresponding API tag files of the application program by the API of protection of usage right.
- 9. malware detection method according to claim 8, it is characterised in that described to API in the step c The method that tag file is formatted is:One numbering is set for each API in API tag files, if application software Middle to have used the API stored in the API tag files, the corresponding numbering entry value of the API is 1, if do not made in application software With the API stored in the API tag files, then the corresponding numbering entry value of the API is 0.
- 10. malware detection method according to claim 9, it is characterised in that in the step d, the training The mode of random forest disaggregated model is:By formatted API tag files be input to Spark MLlib provide it is random gloomy Standing forest class model teaching interface, training obtain distributed random forest classified model.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610902851.4A CN107958154A (en) | 2016-10-17 | 2016-10-17 | A kind of malware detection device and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610902851.4A CN107958154A (en) | 2016-10-17 | 2016-10-17 | A kind of malware detection device and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107958154A true CN107958154A (en) | 2018-04-24 |
Family
ID=61954393
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610902851.4A Pending CN107958154A (en) | 2016-10-17 | 2016-10-17 | A kind of malware detection device and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107958154A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108664792A (en) * | 2018-05-21 | 2018-10-16 | 中国科学技术大学 | A kind of source tracing method of Android malware |
CN109145605A (en) * | 2018-08-23 | 2019-01-04 | 北京理工大学 | A kind of Android malware family clustering method based on SinglePass algorithm |
CN110826006A (en) * | 2019-11-22 | 2020-02-21 | 支付宝(杭州)信息技术有限公司 | Abnormal collection behavior identification method and device based on privacy data protection |
WO2021030593A1 (en) * | 2019-08-14 | 2021-02-18 | Mcafee, Llc | Methods and apparatus for malware detection using jar file decompilation |
CN112446026A (en) * | 2019-09-03 | 2021-03-05 | 中移(苏州)软件技术有限公司 | Malicious software detection method and device and storage medium |
CN112948816A (en) * | 2019-12-10 | 2021-06-11 | 北京一起教育信息咨询有限责任公司 | System authority determination method and device, storage medium and electronic equipment |
CN113641363A (en) * | 2021-10-18 | 2021-11-12 | 北京邮电大学 | Third-party library detection method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103793650A (en) * | 2013-12-02 | 2014-05-14 | 北京邮电大学 | Static analysis method and static analysis device for Android application program |
CN104376262A (en) * | 2014-12-08 | 2015-02-25 | 中国科学院深圳先进技术研究院 | Android malware detecting method based on Dalvik command and authority combination |
CN105631325A (en) * | 2014-11-03 | 2016-06-01 | 中国移动通信集团公司 | Malicious application detection method and apparatus |
-
2016
- 2016-10-17 CN CN201610902851.4A patent/CN107958154A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103793650A (en) * | 2013-12-02 | 2014-05-14 | 北京邮电大学 | Static analysis method and static analysis device for Android application program |
CN105631325A (en) * | 2014-11-03 | 2016-06-01 | 中国移动通信集团公司 | Malicious application detection method and apparatus |
CN104376262A (en) * | 2014-12-08 | 2015-02-25 | 中国科学院深圳先进技术研究院 | Android malware detecting method based on Dalvik command and authority combination |
Non-Patent Citations (1)
Title |
---|
刘阳: "应用随机森林与神经网络算法检测与分析Android应用恶意代码", 《中国优秀硕士学位论文全文库》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108664792A (en) * | 2018-05-21 | 2018-10-16 | 中国科学技术大学 | A kind of source tracing method of Android malware |
CN109145605A (en) * | 2018-08-23 | 2019-01-04 | 北京理工大学 | A kind of Android malware family clustering method based on SinglePass algorithm |
WO2021030593A1 (en) * | 2019-08-14 | 2021-02-18 | Mcafee, Llc | Methods and apparatus for malware detection using jar file decompilation |
US11435990B2 (en) | 2019-08-14 | 2022-09-06 | Mcafee, Llc | Methods and apparatus for malware detection using jar file decompilation |
CN112446026A (en) * | 2019-09-03 | 2021-03-05 | 中移(苏州)软件技术有限公司 | Malicious software detection method and device and storage medium |
CN110826006A (en) * | 2019-11-22 | 2020-02-21 | 支付宝(杭州)信息技术有限公司 | Abnormal collection behavior identification method and device based on privacy data protection |
CN110826006B (en) * | 2019-11-22 | 2021-03-19 | 支付宝(杭州)信息技术有限公司 | Abnormal collection behavior identification method and device based on privacy data protection |
CN112948816A (en) * | 2019-12-10 | 2021-06-11 | 北京一起教育信息咨询有限责任公司 | System authority determination method and device, storage medium and electronic equipment |
CN113641363A (en) * | 2021-10-18 | 2021-11-12 | 北京邮电大学 | Third-party library detection method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107958154A (en) | A kind of malware detection device and method | |
CN105022960B (en) | Multiple features mobile terminal from malicious software detecting method and system based on network traffics | |
CN105184160B (en) | A kind of method of the Android phone platform application program malicious act detection based on API object reference relational graphs | |
CN109753800A (en) | Merge the Android malicious application detection method and system of frequent item set and random forests algorithm | |
CN105205397B (en) | Rogue program sample sorting technique and device | |
CN109598124A (en) | A kind of webshell detection method and device | |
CN108985064B (en) | Method and device for identifying malicious document | |
CN105224600B (en) | A kind of detection method and device of Sample Similarity | |
CN107169351A (en) | With reference to the Android unknown malware detection methods of dynamic behaviour feature | |
CN108712453A (en) | Detection method for injection attack, device and the server of logic-based regression algorithm | |
CN104700033A (en) | Virus detection method and virus detection device | |
CN103679012A (en) | Clustering method and device of portable execute (PE) files | |
WO2016082568A1 (en) | Short message safe processing method and apparatus | |
CN103500307A (en) | Mobile internet malignant application software detection method based on behavior model | |
CN107368592B (en) | Text feature model modeling method and device for network security report | |
CN103617393A (en) | Method for mobile internet malicious application software detection based on support vector machines | |
CN107341399A (en) | Assess the method and device of code file security | |
CN106713579A (en) | Telephone number identification method and device | |
CN108985061A (en) | A kind of webshell detection method based on Model Fusion | |
CN103136372A (en) | Method of quick location, classification and filtration of universal resource locator (URL) in network credibility behavior management | |
CN107451819A (en) | A kind of auth method and device based on user's operation behavior feature | |
CN107239694A (en) | A kind of Android application permissions inference method and device based on user comment | |
CN112968872B (en) | Malicious flow detection method, system and terminal based on natural language processing | |
CN110362995A (en) | It is a kind of based on inversely with the malware detection of machine learning and analysis system | |
CN106845220A (en) | A kind of Android malware detecting system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180424 |
|
RJ01 | Rejection of invention patent application after publication |