CN108595955B - Android mobile phone malicious application detection system and method - Google Patents
Android mobile phone malicious application detection system and method Download PDFInfo
- Publication number
- CN108595955B CN108595955B CN201810377452.XA CN201810377452A CN108595955B CN 108595955 B CN108595955 B CN 108595955B CN 201810377452 A CN201810377452 A CN 201810377452A CN 108595955 B CN108595955 B CN 108595955B
- Authority
- CN
- China
- Prior art keywords
- neural network
- android
- sample
- extraction module
- static
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 26
- 238000000034 method Methods 0.000 title claims description 21
- 238000013528 artificial neural network Methods 0.000 claims abstract description 66
- 230000003068 static effect Effects 0.000 claims abstract description 42
- 238000000605 extraction Methods 0.000 claims abstract description 33
- 238000012544 monitoring process Methods 0.000 claims abstract description 13
- 239000013598 vector Substances 0.000 claims description 39
- 238000012549 training Methods 0.000 claims description 20
- 239000011159 matrix material Substances 0.000 claims description 18
- 239000010410 layer Substances 0.000 claims description 13
- 230000006870 function Effects 0.000 claims description 12
- 238000009434 installation Methods 0.000 claims description 12
- 239000002356 single layer Substances 0.000 claims description 10
- 210000002569 neuron Anatomy 0.000 claims description 9
- 238000007689 inspection Methods 0.000 claims description 8
- 238000012360 testing method Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 5
- 244000035744 Hura crepitans Species 0.000 claims description 3
- 230000004913 activation Effects 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 2
- 238000004458 analytical method Methods 0.000 abstract description 8
- 230000006399 behavior Effects 0.000 abstract description 6
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 6
- 238000004519 manufacturing process Methods 0.000 description 2
- 241000282376 Panthera tigris Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000000306 recurrent effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
A malicious application detection system for an android mobile phone belongs to the technical field of mobile phone detection. The android mobile phone malicious application detection system comprises a positive and negative sample collection module, a static feature extraction module, a dynamic feature extraction module, a neural network module and a monitoring result output module, static analysis based on software codes and dynamic monitoring based on software behaviors are combined, so that the detection method is not static analysis based on a signature technology, and whether software is malicious software is judged by analyzing the codes of the software and the behaviors of the software after running.
Description
Technical Field
The invention relates to the technical field of mobile phone detection, in particular to a system and a method for detecting malicious applications of an android mobile phone.
Background
The latest ranking condition of the smart phone market in the global scope by one quarter of 2017 is formally published by Kantar woroldpanel, which is a recent market research company abroad, and the occupancy of the android phone market is increased from 76.4% to 86.4% in the last year and is promoted by 10% by taking the domestic market as an example. The domestic mobile phone manufacturing industry is developed vigorously, the operating system used by the domestic mobile phone manufacturing industry is Android, malicious applications of the Android are increased along with the increase of Android mobile phone users, according to the report of the tiger 360, the 360-year internet security center accumulatively intercepts 1403.3 thousands of newly-increased malicious program samples of the Android platform in 2016 all years, and 3.8 million malicious program samples are additionally arranged on average every day. Android users are infected with malicious programs 2.53 hundred million, and the infection amount of the malicious programs is about 70 million persons per day on average. The malicious applications steal private data of android mobile phone users, damage mobile phone functions and influence normal use of the mobile phones.
The user group of the android mobile phone is so large, the malicious applications of the android mobile phone are so abused, and whether the application of the android mobile phone is safe or not is particularly important. Most data show that the existing detection methods for malicious applications mainly comprise two types, one is signature-based detection, and the other is software behavior-based detection. Signature-based detection is when a first suspicious software activity is discovered and analyzed, a signature is generated for the malware. The signatures are spread apart and the antivirus software eventually captures the malware through signature matching. Signature-based detection suffers from the following problems: first, the period from the start of the spread of malware to the verification is typically long, often weeks or even months, during which many systems have been harmed; secondly, the detection method based on the signature can only capture malicious software with the signature, and has no defense capability to unknown attacks; third, signature-based detection does not make a correct judgment of compressed, encrypted, and morphed malicious code. The detection method based on software behavior is better and more accurate than the monitoring based on signature, but is also single and incomplete.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a detection system for malicious applications of an android mobile phone. The android mobile phone malicious application detection system comprises a positive and negative sample collection module, a static feature extraction module, a dynamic feature extraction module, a neural network module and a monitoring result output module;
the positive and negative sample collection module comprises a positive sample set and a negative sample set;
the static feature extraction module comprises an android manifest.xml file and a class.dex file, a system permission list is obtained by analyzing the android manifest.xml file, a calling API list is obtained by analyzing the class.dex file, and the permission list and the API list are used as static feature vectors;
the dynamic characteristic extraction module is used for putting the android application package into a DroidBox sandbox for operation, checking a log file after operation through operation, and obtaining the frequency of a software calling Application Programming Interface (API) in a fixed time period as a dynamic characteristic vector matrix;
the neural network module comprises an MLP neural network and an RNN neural network, the MLP neural network comprises a plurality of neurons, each neuron of each layer is used for transmitting a vector input after weighted summation to each neuron of the next layer through an activation function output, the MLP neural network is used for introducing static feature vectors, the RNN neural network is used for processing sequence data, the structure is the mutual combination of single-layer sensors of the sequence length, the output of each single-layer sensor is used as the input of the next single-layer sensor together with the next input vector of the sequence, the RNN neural network is used for introducing dynamic feature vectors, and the training of the MLP neural network and the RNN neural network both use a back propagation algorithm;
the monitoring result output module transmits the characteristic vectors and the characteristic matrix into a trained neural network after passing through a static characteristic extraction module and a dynamic characteristic extraction module, weights and sums the results to calculate the probability, calculates the possibility that the application is malicious application, and outputs the results.
The android manifest.xml file and the class.dex file are components of an installation package, and the installation package comprises a Lib folder, an assets folder, a NETA-INT folder, an android manifest.xml file, a class.dex file and a resource.arsc file.
Setting the 177-dimensional 0-1 vector, setting the software limited weight to be 1, setting the software infinite weight to be 0, and taking the 177-dimensional vector as a static feature.
The running time of each APP is set to 15S, and the statistical number of 11 operations per second is taken as a 15 × 11 dimensional dynamic feature matrix.
In the training of the MLP neural network and the RNN neural network, 80% of samples are randomly selected as a training set, and the rest 20% are verification sets or test sets.
The back propagation algorithm is characterized in that a loss function is used as a sample, the deviation of the equation about each model parameter is calculated through the sum of the difference values between the output value and the predicted value of the model to obtain a gradient, the learning rate of the parameter is adjusted to the opposite direction of the gradient, iteration is carried out continuously until the loss function of the whole model begins to converge to the minimum value, the model training is finished, and the test is carried out on a prediction set.
The application method of the android mobile phone malicious application detection system comprises the following steps:
8, passing the sample to be detected through a dynamic feature extraction module to obtain a 15 x 11 dimensional feature matrix;
and 10, carrying out weighted summation on the results of the step 7 and the step 9 to calculate the probability, wherein the probability is used as the probability that the sample to be detected is malicious application.
Has the beneficial effects that: the invention combines the static analysis based on the software code and the dynamic monitoring based on the software behavior, so that the detection method is not the pure static analysis based on the signature technology any more, and judges whether the software is the malicious software or not by analyzing the code of the software and the behavior of the software after running.
Drawings
FIG. 1 is a schematic diagram of a module structure provided by the present invention;
FIG. 2 is a schematic view of a monitoring process provided by the present invention;
FIG. 3 is a diagram of a structure of the content of a file in an android application installation package provided by the present invention;
fig. 4 is a structural diagram of an android application installation package android manifest.xml provided by the present invention;
fig. 5 is a structural diagram of a class.dex file of an android application installation package provided by the present invention;
FIG. 6 is a schematic diagram illustrating a monitoring result output of a secure android application provided by the present invention;
fig. 7 is a schematic diagram illustrating output of a malicious android application monitoring result provided by the present invention.
Detailed Description
The technical solution in the embodiments of the invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the invention,
as shown in fig. 1 to 7, the present invention provides an android phone malicious application detection system, which includes a positive and negative sample collection module 1, a static feature extraction module 2, a dynamic feature extraction module 3, a neural network module 4, and a monitoring result output module 5;
the positive and negative sample collection module 1 comprises a positive sample set and a negative sample set, wherein the positive sample set is a safety software sample set, and the negative sample set is a malicious software sample set;
the static feature extraction module 2 comprises an android manifest.xml file 201 and a class.dex file 202, wherein the android manifest.xml file 201 is used for specially introducing functions of the android application and system permissions 203 required by using the software functions, the class.dex file 202 is used for converting JAVA codes into byte code files capable of running on an android Dalvik virtual machine, a list of calling APIs 204 is obtained through analysis, a system permission 203 list is obtained through analysis of the android manifest.xml file 201, the calling API204 list is obtained through analysis of the class.dex file 202, and the permission list and the API list are used as static feature vectors;
the dynamic feature extraction module 3 is used for placing an android application package into a DroidBox sandbox to run 301, the DroidBox is a dynamic analysis tool and is used for displaying the action of software during running, and a running log file 302 is checked through running of the software to obtain the frequency of a software calling application programming interface API in a fixed time period and is used as a dynamic feature vector matrix;
the neural network module 4 includes an MLP neural network 206 and an RNN neural network 304, the MLP neural network 206 is a multi-layer perceptron network, and the RNN neural network 304 is a recurrent neural network, the MLP neural network 206 includes a plurality of neurons, each neuron in each layer is used to transfer a vector input after weighted summation to each neuron in the next layer through an activation function output, so as to map a nonlinear relationship between a set of input vectors and a set of output vectors and find out a rule between data, the MLP neural network 206 is used to introduce static feature vectors, the RNN neural network 304 is used to process sequence data, that is, a classification result of current data has a close relationship with upper and lower sequence data, the structure is a mutual combination between single-layer perceptrons of sequence length, an output of each single-layer perceptron will be together with the next input vector of sequence, the next single-layer perceptron is used as an input of the next single-layer perceptron, so that the memory and persistence of the previous data by the neural network are realized, the RNN neural network is used for importing dynamic feature vectors, and the training of the MLP neural network and the RNN neural network both use a back propagation algorithm;
the monitoring result output module 5 transmits the feature vectors and the feature matrix into a trained neural network after passing through the static feature extraction module 2 and the dynamic feature extraction module 3, calculates the probability 7 by weighting and summing the results, calculates the possibility that the application is malicious application, and outputs a result 8, and a user judges whether to install the application according to the percentage value.
Setting the 177-dimensional 0-1 vector, setting the software limited weight to be 1, setting the software infinite weight to be 0, and taking the 177-dimensional vector as a static feature.
The running time of each APP is set to 15S, and the statistical number of 11 operations per second is taken as the dynamic characteristic.
In the training of the MLP neural network 206 and the RNN neural network 304, 80% of samples are randomly selected as a training set, and the remaining 20% are verification sets or test sets, and through continuous training, a better accuracy on the verification sets is obtained, and model parameters are saved.
The back propagation algorithm is to use a loss function as a sample, calculate partial derivatives of the equation about each model parameter through the sum of differences between an output value and a predicted value of the model to obtain a gradient, adjust the learning rate of the parameter in the opposite direction of the gradient, continuously iterate until the loss function of the whole model starts to converge to a minimum value, finish training the model, test on a prediction set, and realize training of the MLP neural network 206 and the RNN neural network 304 through a back propagation algorithm.
The method of the android mobile phone malicious application detection system comprises the following steps:
and 10, carrying out weighted summation on the results of the step 7 and the step 9 to calculate the probability 304, wherein the probability is used as the probability that the sample to be detected is malicious application.
The working principle is as follows: the method comprises the steps of firstly collecting malicious android application samples and benign android application samples through a positive and negative sample collection module 1, then obtaining a system authority 203 list through an android manifest (xml) file 201 in an installation package APK6, calling an API204 list through a class dex file 202 in an installation package APK6, generating the system authority 203 list and the API list 204 into 177-dimensional static feature vectors 205, introducing the 177-dimensional static feature vectors into an MLP neural network 206 trained through a back propagation algorithm, determining model parameters with the highest accuracy through a five-fold cross inspection method, obtaining the prediction probability of static classification as output, then passing all applications in the positive and negative sample collection module 1 through a dynamic feature extraction module to obtain a 15-fold 11-dimensional feature matrix 303 of each application, passing the 15-fold 11-dimensional feature matrix 303 through an RNN neural network 304 trained through the back propagation algorithm through the five-fold cross inspection method, and finally, carrying out weighted summation on the prediction output probability of the static classification and the prediction output probability of the dynamic classification to calculate the probability 7, and calculating the probability that the sample to be detected is maliciously applied.
Claims (6)
1. A use method of a malicious application detection system of an android mobile phone is characterized by specifically comprising the following steps:
step 1, collecting two sample libraries from different sources to respectively form a negative sample set of a malicious android application sample library and a positive sample set of a benign android application sample library;
step 2, all applications in the two sample libraries pass through a static feature extraction module, a system permission list applied by the android application is obtained through an android manifest.
Step 3, training the MLP neural network by all the characteristics extracted from the android positive sample and the android negative sample in the step 2 through a back propagation algorithm, finally confirming that the MLP neural network is divided into three layers, the dropout rate is 0.2, the learning iteration times are 200, and determining the model parameter with the highest accuracy rate through a five-fold cross-over inspection method;
step 4, all applications in the two sample libraries pass through a dynamic feature extraction module and obtain log files through DroidBox, so that the frequency of a software calling Application Programming Interface (API) in a fixed time period is obtained, and a feature matrix of each application in 15 x 11 dimensions is obtained;
step 5, training the RNN neural network by all the characteristic matrixes obtained in the step 4 through a back propagation algorithm, finally confirming that the RNN neural network has 15 layers, the learning rate is 0.01, the learning iteration times are 200, and determining the model parameters with the highest accuracy rate through a five-fold cross inspection method;
step 6, passing the sample to be detected through a static feature extraction module to obtain 177-dimensional static feature vectors;
step 7, importing 177-dimensional feature vectors into the MLP neural network trained in the step 3 to obtain prediction probability of static classification as output;
8, passing the sample to be detected through a dynamic feature extraction module to obtain a 15 x 11 dimensional feature matrix;
step 9, importing the 15-by-11 dimensional feature matrix into the RNN neural network trained in the step 5 to obtain the prediction probability of dynamic classification as output;
step 10, carrying out weighted summation on the results of the step 7 and the step 9 to calculate the probability, and taking the probability as a sample to be detected as a malicious application
The probability of (d);
the android mobile phone malicious application detection system comprises a positive and negative sample collection module, a static feature extraction module, a dynamic feature extraction module, a neural network module and a monitoring result output module;
the positive and negative sample collection module comprises a positive sample set and a negative sample set;
the static feature extraction module comprises an android manifest.xml file and a class.dex file, a system permission list is obtained by analyzing the android manifest.xml file, a system call API list is obtained by analyzing the class.dex file, and the permission list and the API list are used as static feature vectors;
the dynamic characteristic extraction module is used for putting the android application installation package into a DroidBox sandbox for operation, checking a log file after operation through operation, and obtaining the frequency of a software calling Application Programming Interface (API) in a fixed time period as a dynamic characteristic vector matrix;
the neural network module comprises an MLP neural network and an RNN neural network, the MLP neural network comprises a plurality of neurons, each neuron of each layer is used for transmitting a vector input after weighted summation to each neuron of the next layer through an activation function output, the MLP neural network is used for introducing static feature vectors, the RNN neural network is used for processing sequence data, the structure is the mutual combination of single-layer sensors of the sequence length, the output of each single-layer sensor is used as the input of the next single-layer sensor together with the next input vector of the sequence, the RNN neural network is used for introducing dynamic feature vectors, and the training of the MLP neural network and the RNN neural network both use a back propagation algorithm;
the monitoring result output module transmits the static characteristic vectors and the dynamic characteristic matrix into a trained neural network after passing through the static characteristic extraction module and the dynamic characteristic extraction module, weights and sums the results to calculate the probability, calculates the possibility that the application is malicious application, and outputs the results.
2. The method as claimed in claim 1, wherein the android phone malicious application detection system is a component of an installation package, and the installation package includes Lib folder, assets folder, NETA-INT folder, android phone malicious application detection system, class.
3. The method as claimed in claim 1, wherein the 177-dimensional 0-1 vector is set, the software limited weight is set to 1, the software unlimited weight is set to 0, and the 177-dimensional vector is taken as the static feature.
4. The use method of the malicious application detection system for android phones, according to claim 1, characterized in that the running time of each APP is set to 15S, and the statistical number of 11 operations per second is used as a dynamic feature.
5. The method as claimed in claim 1, wherein in the training of the MLP neural network and the RNN neural network, 80% of samples are randomly selected as a training set, and the remaining 20% are a verification set or a test set.
6. The method as claimed in claim 1, wherein the back propagation algorithm is based on a loss function as a sample, the sum of differences between an output value and a predicted value of a model is used, a bias is calculated for each model parameter to obtain a gradient, the learning rate of the parameter is adjusted in a reverse direction to the gradient, iteration is performed continuously until the loss function of the whole model starts to converge to a minimum value, the model training is completed, and a test is performed on a prediction set.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810377452.XA CN108595955B (en) | 2018-04-25 | 2018-04-25 | Android mobile phone malicious application detection system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810377452.XA CN108595955B (en) | 2018-04-25 | 2018-04-25 | Android mobile phone malicious application detection system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108595955A CN108595955A (en) | 2018-09-28 |
CN108595955B true CN108595955B (en) | 2022-05-24 |
Family
ID=63609097
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810377452.XA Expired - Fee Related CN108595955B (en) | 2018-04-25 | 2018-04-25 | Android mobile phone malicious application detection system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108595955B (en) |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109359439B (en) * | 2018-10-26 | 2019-12-13 | 北京天融信网络安全技术有限公司 | software detection method, device, equipment and storage medium |
CN109543409B (en) * | 2018-11-09 | 2021-06-08 | 腾讯科技(深圳)有限公司 | Method, device and equipment for detecting malicious application and training detection model |
CN109614795B (en) * | 2018-11-30 | 2023-04-28 | 武汉大学 | Event-aware android malicious software detection method |
CN109753794A (en) * | 2018-11-30 | 2019-05-14 | 北京奇虎科技有限公司 | A kind of recognition methods of malicious application, system, training method, equipment and medium |
CN109753801B (en) * | 2019-01-29 | 2022-04-22 | 重庆邮电大学 | Intelligent terminal malicious software dynamic detection method based on system call |
CN109858250B (en) * | 2019-02-20 | 2023-01-03 | 哈尔滨工程大学 | Android malicious code detection model method based on cascade classifier |
CN110008700B (en) * | 2019-03-20 | 2020-12-22 | 北京大学 | Android malicious application detection method and device based on naive Bayes |
CN109992514B (en) * | 2019-04-01 | 2023-04-07 | 国家计算机网络与信息安全管理中心 | Mobile application dynamic analysis method based on visual content |
CN111382783A (en) * | 2020-02-28 | 2020-07-07 | 广州大学 | Malicious software identification method and device and storage medium |
CN111639337B (en) * | 2020-04-17 | 2023-04-07 | 中国科学院信息工程研究所 | Unknown malicious code detection method and system for massive Windows software |
CN112182571A (en) * | 2020-07-21 | 2021-01-05 | 浙江工商大学 | Android malicious application detection system based on neural network invariants |
CN112464233B (en) * | 2020-11-21 | 2023-04-07 | 西北工业大学 | RNN-based malicious software detection method on cloud platform |
CN113761529B (en) * | 2020-12-01 | 2024-04-26 | 北京卫达信息技术有限公司 | Android malicious software detection system and method based on heterogram learning |
CN113127872B (en) * | 2021-04-16 | 2022-07-12 | 国家计算机网络与信息安全管理中心浙江分中心 | Malicious application detection method and system for discriminating countermeasure network |
CN113312621B (en) * | 2021-06-02 | 2024-03-26 | 深圳市凌晨知识产权运营有限公司 | Simulated android malicious software dynamic detection method based on enhanced deep learning |
CN113868660B (en) * | 2021-12-01 | 2022-03-08 | 北京华云安信息技术有限公司 | Training method, device and equipment for malicious software detection model |
CN113935022A (en) * | 2021-12-17 | 2022-01-14 | 北京微步在线科技有限公司 | Homologous sample capturing method and device, electronic equipment and storage medium |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105205396A (en) * | 2015-10-15 | 2015-12-30 | 上海交通大学 | Detecting system for Android malicious code based on deep learning and method thereof |
-
2018
- 2018-04-25 CN CN201810377452.XA patent/CN108595955B/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN108595955A (en) | 2018-09-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108595955B (en) | Android mobile phone malicious application detection system and method | |
Yuan et al. | Droiddetector: android malware characterization and detection using deep learning | |
CN109165510B (en) | Android malicious application program detection method based on two-channel convolutional neural network | |
Lin et al. | Identifying android malicious repackaged applications by thread-grained system call sequences | |
CN110263538B (en) | Malicious code detection method based on system behavior sequence | |
Saif et al. | Deep Belief Networks-based framework for malware detection in Android systems | |
Ficco | Detecting IoT malware by Markov chain behavioral models | |
CN112417439A (en) | Account detection method, device, server and storage medium | |
CN105205396A (en) | Detecting system for Android malicious code based on deep learning and method thereof | |
CN105447388B (en) | A kind of Android malicious code detection system based on weight and method | |
CN111107096A (en) | Web site safety protection method and device | |
Bibi et al. | An effective Android ransomware detection through multi-factor feature filtration and recurrent neural network | |
CN106599688A (en) | Application category-based Android malicious software detection method | |
CN107944270B (en) | Verifiable android malicious software detection system and method | |
CN112163222A (en) | Malicious software detection method and device | |
CN115484112B (en) | Payment big data safety protection method, system and cloud platform | |
Sanz et al. | Instance-based anomaly method for Android malware detection | |
Bernardi et al. | A fuzzy-based process mining approach for dynamic malware detection | |
CN113468524B (en) | RASP-based machine learning model security detection method | |
Waheed et al. | Evolving trees for detecting android malware using evolutionary learning | |
Wang et al. | Malware detection using cnn via word embedding in cloud computing infrastructure | |
Amrutha et al. | Multimodal deep learning method for detection of malware in android using static and dynamic features | |
Chen et al. | Research on android application detection based on static permission and random forest | |
CN113434826A (en) | Detection method and system for counterfeit mobile application and related products | |
Zefferer et al. | Power consumption-based application classification and malware detection on android using machine-learning techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20220524 |
|
CF01 | Termination of patent right due to non-payment of annual fee |