CN109190371A - A kind of the Android malware detection method and technology of Behavior-based control figure - Google Patents
A kind of the Android malware detection method and technology of Behavior-based control figure Download PDFInfo
- Publication number
- CN109190371A CN109190371A CN201810744373.8A CN201810744373A CN109190371A CN 109190371 A CN109190371 A CN 109190371A CN 201810744373 A CN201810744373 A CN 201810744373A CN 109190371 A CN109190371 A CN 109190371A
- Authority
- CN
- China
- Prior art keywords
- behavior
- classifier
- kernel
- feature
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The present invention relates to mobile platform Malicious Code Detection technical fields, it is desirable to provide a kind of the Android malware detection method and model of Behavior-based control figure.The process employs the detection schemes of Behavior-based control figure, comprising: by application binaries according to the method for being converted to the behavior figure comprising directed edge;It proposes a kind of feature extracting method based on the kernel of graph, more complete characteristic information is extracted from the data of graph structure, this feature includes context-sensitive structured features information, can more accurately indicate the specific behavior of application program;The machine learning algorithm updated using the random combine based on online Multiple Kernel Learning, automatically updates model to adapt to continually changing distribution;It is tested by comparison of design, records experimental data, count the method that general sex differernce specifies decision criteria.The model inspection object applicability is wide, and unknown malware can be effectively detected out.The present invention provides new solution for Android malware detection.
Description
Technical field
The present invention relates to a kind of Android malware detection method of Behavior-based control figure and technologies, belong to computer peace
Full technology.
Background technique
With the fast development of smart phone, nowadays mobile platform has become the main target of Malware aggregation.According to rising
The annual internet security of news safety 2017 reports that indecent behavior and resource consumption accounting surpass 80% in the virus of mobile terminal.Mobile device
Upper in store almost all of personal data information, in current big data era, these subscriber datas carry out unauthorized person
Saying has comparable attraction.The opening of Android platform supervise Google can not to application effectively, application program
The low threshold of exploitation and the diversity of distribution channel are also provided a great convenience to criminal, are also brought to user very big
Puzzlement.
The complicated multiplicity of Android platform ecology, mobile phone safe situation ground as before is severe, the detection of mobile security software
Method is also relatively single, generallys use the modes such as signature check and feature detection, and malicious application makes code in the way of encryption etc.
It can be easy to hide detection after deformation.
Detection for Android malware, existing technology are broadly divided into signature detection technology and non-feature
Code detection technique.Wherein signature detection technology is a kind of detection method on basis, is used by most of security software,
The technology is by the detection method as a kind of basis, that is, progress first time filtering.Signature detection technology can be rapid
There is the malicious code type of its condition code in identification feature code library.Non- condition code technology is also worked as in continuous perfect development
In, existing technology mainly has the malicious act detection technique of Behavior-based control analysis, the inspection of the malicious act of technology heuristic analysis
Survey technology, Sandboxing etc., these technologies will generally use the relevant technology of virtualization.
All there are some disadvantages in above-mentioned traditional malicious act detection method, wherein based on the real-time of signature detection technology
Property it is very poor, novel malicious code type cannot be detected, rather than condition code technology, there is also inefficiency, accuracy is relatively low to be lacked
Point.Importantly, it is often only effective to a certain specific attack for certain a kind of detection method, it can not effectively identify various
Malicious act.
Meanwhile effectively quickly the malicious of new opplication accurately can be sentenced in real time without a kind of inspection software
It is fixed, therefore effectively quickly the malicious of new opplication accurately can be determined in real time, one applicable malice of design is answered
Becoming one with detection system, there is an urgent need to study.
Summary of the invention
It is an object of the invention to improve, the accuracy rate of existing detection method detection is lower, detection method based on graph structure
Existing characteristics, which extract not perfect and based on batch processing study detection method, cannot effectively adapt to the Malware newly increased
The weakness such as type provide the Android malware detection method and detection model of a kind of Behavior-based control figure, use with static state point
Based on analysis, the detection mode of dynamic analysis auxiliary.The present invention proposes a kind of isomorphic subtree kernel of graph based on context, from building
Context-sensitive structured features information is extracted in behavior figure.The feature extracted compared to general kernel of graph function, this method
Information more can accurately indicate the behavior of application program, improve the reliability of feature, have to malicious code and preferably know
Not rate.
According to technical solution provided by the invention, the Android malware detection model of the Behavior-based control figure includes
Four modules are successively preprocessing module, characteristic extracting module and categorization module.Wherein preprocessing module to program sample into
Row pretreatment, constructs controlling stream graph in original program, is characterized extraction module and provides service, characteristic extracting module is model
Major part, major function are to calculate corresponding kernel function according to several behavior representation figures constructed, complete feature and mention
Several base cores are combined study and classified to normal use and malicious application by the work taken, last categorization module.
The Android malware detection method of the Behavior-based control figure is from the program of application program in controlling stream graph
Context-sensitive characteristic information is extracted, this feature extracting method can extract feature set more abundant from diagram data
Indicate the behavior of application, crucial part is characterized extraction and training multi-core classifier, is broadly divided into the progress of three steps: firstly, structure
Build several program behavior expression figures;Then, using the context isomorphic subtree kernel of graph point proposed herein based on the isomorphic subtree kernel of graph
Context-sensitive structured features information is not extracted from four behavior figures;Finally, being generated using online Multiple Kernel Learning method
Multi-core classifier.
Most importantly characteristic extraction part, this link are related to crucial feature for detection model design in the present invention
Extracting method.Since common feature extracting method cannot extract more effective characteristic information from graph structure data, so
Need to propose a kind of more effective feature extracting method.
In the Android malicious act detection model building of behavior representation figure be broadly divided into terms of following two into
Row: a) being handled by the static decompiling to program sample, convert application program to controlling stream graph in simplified program, from
Building generates the behavior figure of Three Represents program specific behavior in simplified program control flowchart: security sensitive API behavior figure is (quick
Feel API behavior), data flow behavior figure (data stream is), Dalvik instruction behavior figure (Dalvik instruct behavior);B) it uses
The parameter for the API that system provides is marked in stain analytical technology, records labeled data dissemination path, by the propagation road
Behavior graph of the diameter as application program.
Feature extracting method in the present invention studies a kind of context isomorphic subtree kernel of graph on the basis of the WL kernel of graph, is used to
Context-sensitive structured features information is extracted from function call graph.In the isomorphism subgraph kernel of graph, more to the label of node
New strategy is that the label after each node updates is the node label information and its composite sequence for abutting label.In order to know
Whether other present node can arrive at function entrance point, further be modified the strategy of tag update, devise one newly
More new algorithm, the realization principle of algorithm is as follows: a) all nodes in traversing graph, if the depth i that need to update neighborhood is 0,
Original label, which is set, by label adds contextual information;B) adjacent node for saving present node, obtains its all of its neighbor
The label value of the i-1 grade of node and preservation, by the label value of present node i-1 with save the mark that mutually splicing composition present node is new
Label value;C) contextual information by obtained label value plus present node forms new label value;D) it is compressed using function
Label reduces tag size, returns to the subtree sequence for carrying contextual information.
The invention has the advantages that a) being constructed in terms of static analysis and dynamic analysis two a variety of using behavior figure, difference
The complementary information content for increasing feature and carrying of behavior, effectively increases the detection to malicious code and UNKNOWN TYPE Malware
Effect;B) it proposes a kind of isomorphic subtree kernel of graph based on context, context-sensitive structure is extracted from the behavior figure of building
Change characteristic information.Compared to general kernel of graph function, the characteristic information of extraction more can accurately indicate the behavior of application program,
The reliability for improving feature has better discrimination to malicious code;C) it is online more to propose that a kind of random combine updates
Four kinds of base cores are combined by kernel-based learning method, the weight that accounts in classifier of adjustment base core, realize model it is automatic more
Newly, the accuracy of detection is effectively improved.
Detailed description of the invention
Fig. 1 is the architecture diagram of the Android malware detection model of Behavior-based control figure of the invention.
Fig. 2 is feature extraction flow chart in detection method of the invention.
Fig. 3 is classifier training algorithm work flow diagram in detection method of the invention.
Specific embodiment
The present invention is described further with example with reference to the accompanying drawing.The present invention is intended to provide a kind of couple of Android
The method and model that Malware is detected accurately are identified and are detected to the malicious act of application program, and system is protected
The safety of system and user data.
The present invention provides a kind of novel detection thinking, be different from mainstream to the condition code of malicious code and its row
For etc. the technology analyzed, this is a kind of detection method based on the kernel of graph, and main advantage is that the feature extracted includes
Information is more complete, and the Android malware detection model of a Behavior-based control figure is devised according to this thinking, model
Overall architecture is as shown in Figure 1, be broadly divided into preprocessing module, characteristic extracting module and categorization module.Wherein pre-process mould
Block completes the pretreatment to application program sample, the controlling stream graph out of program binary file construction procedures, feature extraction mould
For treated, program list diagram carries out feature extraction formation feature vector to block, and machine learning classification module is to a few class behavior figures
Feature carry out study generate classifier.
Program sample is arrived program source code by decompiling using decompiling instrument by preprocessing module, by processing from source
Controlling stream graph in program is extracted in code.This module constructs controlling stream graph in program according to the source code that decompiling obtains, then
By removing unrelated branch node and carrying out the program that judgement generates simplification to the entrance of each function node in figure
Interior controlling stream graph.
The major function of characteristic extracting module is from the feature for extracting application program in simplified program in controlling stream graph
Information simultaneously indicates that this module extracts characteristic information from RICFG figure using the context isomorphic subtree kernel of graph using vector.Module
It is a as shown in Figure 2.In the program of the simplification of application program after the completion of controlling stream graph building, three spies are generated by further screening
Fixed program behavior figure: sensitive behavior figure, data flow behavior figure and instruction behavior figure.In behavior graph generating portion, pass through
Stain data in discriminant function parameter generate behavior graph.Module is directed to the process of tainting based on TaintDroid
It is modified, additional information is added in the data marked to stain to save the execution route of stain, in the letter that each is executed
Number inlet extract parameter, judge whether the data in parameter have a stain and data and record stain information, due to stain
The path that data flow through is contained in information, therefore dynamic feature information is extracted according to the path label value in stain information.
After the feature vector of program list diagram is formed, corresponding nuclear matrix is calculated for more by the feature vector of each behavior figure
Core study generates classifier.
Categorization module receives sample and is trained, and the training process of classifier is as shown in Figure 3.First against each core letter
Number training generates individual kernel classifier, using the linear combination of these classifiers as initial multi-core classifier, is exerted using uncle
Power sampling rule carries out sampling to kernel function and selects suitable kernel function collection, for example has selected kernel function A, kernel function B and core letter
Number C, then being made a prediction using corresponding each kernel classifier to a given sample, it is corresponding to generate the kernel function round
Predicted value, judgement at this time classifier prediction result it is whether consistent with the label of sample, if inconsistent to the core classify
Device makes punishment and reduces its weight in classifier and update kernel classifier.
The present invention can also further be extended, and several characteristic informations being related to are relatively simple, can be increased more
For comprehensive feature classification, optimizing detection model is within the acceptable range to improve detection efficiency.
Claims (9)
1. a kind of Android malware detection method of Behavior-based control figure, which is characterized in that the method includes walking as follows
It is rapid:
A, a large amount of normal uses are analyzed and processed with rogue program sample, several behavior representation figures are constructed, for extracting
Feature trains effective classifier;
B, feature extractor extracts characteristic information according to the behavior representation figure constructed, and it is indicated with vector, according to vector
Calculate corresponding kernel function;
C, classifier training device classifies to the sample instance received according to the classifier trained, the knot of output category
Fruit, and update weight shared by each base core.
2. a kind of Android malware detection method of Behavior-based control figure according to claim 1, which is characterized in that
The step A further comprises following steps:
A1, several behavior representation figures, including sensitive API behavior figure, data flow behavior figure, instruction behavior figure and dynamic behaviour are defined
Figure;It is handled in terms of static analysis and dynamic analysis two respectively;
Controlling stream graph carries out simplified processing and forms controlling stream graph in simplified program in A2, the program constructed to static analysis,
It is further processed three kinds of static behavior representation figures of building on its basis;
A3, dynamic behaviour expression figure is generated according to the result of dynamic analysis.
3. a kind of Android malware detection method of Behavior-based control figure according to claim 2, which is characterized in that
Controlling stream graph in simplified program is constructed described in step A2 to specifically refer to:
In smali code after decompiling, each smali file corresponds to a class in original java code, passes through
Parsing smali file can restore the structure and logic of java source code, and the decompiling of preprocessing module elder generation obtains the control of smali code
The syntax parsing of smali instructs, and the information of class is then extracted from smali code, mainly includes class name, base class, subclass, class
The information such as object and class method, category information extract the information of each of these method and make mark to method after the completion of extracting
Note constructs according to the label of method after the completion of all smali file process and generates program control flowchart ICFG, directly from source
It can need to pick the node of these unrelated analyses and side comprising a large amount of official's library function in the controlling stream graph that code generates
Except simplified processing is done with beta pruning, no artis and coupled is removed in module by the way of filtering certain library functions
Side is further processed to the figure after branch is removed, and the label of its neighborhood, label instruction are added to each of figure node
It which kind of entrance can reach this method node by out, the corresponding row of the node then can be judged according to the field of node
Whether to be behavior known to user, the unmarked rubbish node in removal figure after label is handled.
4. a kind of Android malware detection method of Behavior-based control figure according to claim 2, which is characterized in that
It is further processed and specifically refers to described in step A2:
All method nodes unrelated with sensitive API will be removed in controlling stream graph in simplified program and construct sensitive API behavior
Figure, concrete operations mode are whether all method nodes in proving program in controlling stream graph are in security sensitive API set
Function;Remove in simplified program all method nodes buildings unrelated with sourcesink list in controlling stream graph and generates data
Flow Behavior figure;Dalvik is generated by the instruction branches building for filtering out unrelated with designated order collection in controlling stream graph in program
Instruct behavior figure.
5. a kind of Android malware detection method of Behavior-based control figure according to claim 1, which is characterized in that
The step B further comprises following steps:
B1, program list diagram generate a series of calling sequence set later by the kernel of graph iterative processing proposed, by these sequences
Characteristic information of the column set as application program, they carry the contextual information of neighborhood, can be effective according to these information
Identify malicious code;
B2, similar feature is concentrated to carry out categorizing selection to reduce feature Dalvik instruction features using feature selecting algorithm
Dimension;
B3, the form that the feature class selected is expressed as to vector using feature bag model, and application and machine learning training point
Class device, such as sensitive API, the vector pattern generated after being handled using characteristic bag is Vectorapi={c1, c2, c3,…,
Cn }, c1 represents relevant feature classification of making a phone call, and c2 indicates relevant classification of sending short messages;
B4, corresponding several kernel functions are calculated using the vector of generation, is used as the classifier training of Multiple Kernel Learning.
6. a kind of Android malware detection method of Behavior-based control figure according to claim 1, which is characterized in that
The step C further comprises following steps:
C1, individual kernel classifier is generated for the training of each kernel function, using the linear combination of these classifiers as initial
Multi-core classifier;
C2, the suitable kernel function collection of sampling selection is carried out to kernel function using bernoulli sampling rule;
C3, make a prediction that it is corresponding to generate the kernel function round to a given sample using corresponding each kernel classifier
Whether the result of predicted value, judgement classifier prediction at this time is consistent with the label of sample, to the kernel classifier if inconsistent
Making punishment reduces its weight in classifier and updates core classification.
7. a kind of Android malware detection model of Behavior-based control figure, which is characterized in that the model includes:
D, management end;
E, data extractor;
F, data-analyzing machine.
8. it is characterized in that, the model further includes
D1, logic control element, for controlling the operation logic of entire model, the mutual cooperation of each intermodule in implementation model;
D2, database management unit are used for management service database;
D3, boundary element, for complete with the interaction of user, testing result and change can be checked with confidence by the unit users
Breath;
E1, feature extraction unit, the characteristic information in behavior figure for extracting building;
F1, classifier unit determine for carrying out classification judgement to sample instance according to the characteristic information and classification standard of extraction
Whether it is Malware, and is updated according to parameter of the result to classifier.
9. a kind of Android malware detection model of Behavior-based control figure, which is characterized in that the F data-analyzing machine meeting
Feature extraction judgement is carried out to sample, and its testing result is recorded, it is corresponding to several behavior figures according to the result of detection
Base core be updated, successfully manage and newly the Malware of type occur, improve the accuracy of detection.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810744373.8A CN109190371A (en) | 2018-07-09 | 2018-07-09 | A kind of the Android malware detection method and technology of Behavior-based control figure |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810744373.8A CN109190371A (en) | 2018-07-09 | 2018-07-09 | A kind of the Android malware detection method and technology of Behavior-based control figure |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109190371A true CN109190371A (en) | 2019-01-11 |
Family
ID=64936307
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810744373.8A Pending CN109190371A (en) | 2018-07-09 | 2018-07-09 | A kind of the Android malware detection method and technology of Behavior-based control figure |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109190371A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110704661A (en) * | 2019-10-12 | 2020-01-17 | 腾讯科技(深圳)有限公司 | Image classification method and device |
CN111079146A (en) * | 2019-12-10 | 2020-04-28 | 苏州浪潮智能科技有限公司 | Malicious software processing method and device |
CN111835542A (en) * | 2019-04-19 | 2020-10-27 | 四川大学 | Method for automatically extracting and checking application program characteristics |
CN112241530A (en) * | 2019-07-19 | 2021-01-19 | 中国人民解放军战略支援部队信息工程大学 | Malicious PDF document detection method and electronic equipment |
CN113221115A (en) * | 2021-07-09 | 2021-08-06 | 四川大学 | Visual malicious software detection method based on collaborative learning |
CN113378163A (en) * | 2020-03-10 | 2021-09-10 | 四川大学 | Android malicious software family classification method based on DEX file partition characteristics |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103793650A (en) * | 2013-12-02 | 2014-05-14 | 北京邮电大学 | Static analysis method and static analysis device for Android application program |
CN106407809A (en) * | 2016-09-20 | 2017-02-15 | 四川大学 | A Linux platform malicious software detection method |
US20170177868A1 (en) * | 2015-12-17 | 2017-06-22 | International Business Machines Corporation | Detecting malicious code based on conditional branch asymmetry |
CN107122659A (en) * | 2017-03-29 | 2017-09-01 | 中国科学院信息工程研究所 | A kind of method of malicious code or leak in quick positioning Android application software |
US9779239B2 (en) * | 2015-03-15 | 2017-10-03 | Fujitsu Limited | Detection of malicious software behavior using signature-based static analysis |
CN107346388A (en) * | 2017-07-03 | 2017-11-14 | 四川无声信息技术有限公司 | Web attack detection methods and device |
CN107895117A (en) * | 2017-11-29 | 2018-04-10 | 四川无声信息技术有限公司 | Malicious code mask method and device |
-
2018
- 2018-07-09 CN CN201810744373.8A patent/CN109190371A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103793650A (en) * | 2013-12-02 | 2014-05-14 | 北京邮电大学 | Static analysis method and static analysis device for Android application program |
US9779239B2 (en) * | 2015-03-15 | 2017-10-03 | Fujitsu Limited | Detection of malicious software behavior using signature-based static analysis |
US20170177868A1 (en) * | 2015-12-17 | 2017-06-22 | International Business Machines Corporation | Detecting malicious code based on conditional branch asymmetry |
CN106407809A (en) * | 2016-09-20 | 2017-02-15 | 四川大学 | A Linux platform malicious software detection method |
CN107122659A (en) * | 2017-03-29 | 2017-09-01 | 中国科学院信息工程研究所 | A kind of method of malicious code or leak in quick positioning Android application software |
CN107346388A (en) * | 2017-07-03 | 2017-11-14 | 四川无声信息技术有限公司 | Web attack detection methods and device |
CN107895117A (en) * | 2017-11-29 | 2018-04-10 | 四川无声信息技术有限公司 | Malicious code mask method and device |
Non-Patent Citations (5)
Title |
---|
孔德光等: "提升多维特征检测迷惑恶意代码", 《软件学报》 * |
孙贺等: "一种结合动态与静态分析的函数调用图提取方法", 《计算机工程》 * |
张程等: "一种 API 动态序列分析和 DAG-SVM多类支持向量机的未知", 《小型微型计算机系统》 * |
陈鹏等: "基于动静结合的Android恶意代码行为相似性检测", 《计算机应用研究》 * |
龚明明等: "基于SVM的Android应用程序安全检查综述", 《计算机应用研究》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111835542A (en) * | 2019-04-19 | 2020-10-27 | 四川大学 | Method for automatically extracting and checking application program characteristics |
CN111835542B (en) * | 2019-04-19 | 2022-02-11 | 四川大学 | Method for automatically extracting and checking application program characteristics |
CN112241530A (en) * | 2019-07-19 | 2021-01-19 | 中国人民解放军战略支援部队信息工程大学 | Malicious PDF document detection method and electronic equipment |
CN112241530B (en) * | 2019-07-19 | 2023-05-30 | 中国人民解放军战略支援部队信息工程大学 | Malicious PDF document detection method and electronic equipment |
CN110704661A (en) * | 2019-10-12 | 2020-01-17 | 腾讯科技(深圳)有限公司 | Image classification method and device |
CN111079146A (en) * | 2019-12-10 | 2020-04-28 | 苏州浪潮智能科技有限公司 | Malicious software processing method and device |
CN113378163A (en) * | 2020-03-10 | 2021-09-10 | 四川大学 | Android malicious software family classification method based on DEX file partition characteristics |
CN113221115A (en) * | 2021-07-09 | 2021-08-06 | 四川大学 | Visual malicious software detection method based on collaborative learning |
CN113221115B (en) * | 2021-07-09 | 2021-09-17 | 四川大学 | Visual malicious software detection method based on collaborative learning |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109190371A (en) | A kind of the Android malware detection method and technology of Behavior-based control figure | |
CN110245496B (en) | Source code vulnerability detection method and detector and training method and system thereof | |
CN111783100B (en) | Source code vulnerability detection method for code graph representation learning based on graph convolution network | |
CN109753800B (en) | Android malicious application detection method and system fusing frequent item set and random forest algorithm | |
CN105740712B (en) | Android malicious act detection methods based on Bayesian network | |
CN107153789B (en) | Utilize the method for random forest grader real-time detection Android Malware | |
CN109684840A (en) | Based on the sensitive Android malware detection method for calling path | |
CN106778268A (en) | Malicious code detecting method and system | |
CN106960154A (en) | A kind of rogue program dynamic identifying method based on decision-tree model | |
CN103970733B (en) | A kind of Chinese new word identification method based on graph structure | |
CN103177215A (en) | Computer malicious software detection novel method based on software control flow features | |
CN107360152A (en) | A kind of Web based on semantic analysis threatens sensory perceptual system | |
CN106485146B (en) | A kind of information processing method and server | |
CN108229170B (en) | Software analysis method and apparatus using big data and neural network | |
CN106685964A (en) | Malicious software detecting method and system based on malicious network flow word library | |
CN109871686A (en) | Rogue program recognition methods and device based on icon representation and software action consistency analysis | |
CN114422224A (en) | Attack tracing-oriented threat information intelligent analysis method and system | |
CN106874762B (en) | Android malicious code detecting method based on API dependence graph | |
CN113468524B (en) | RASP-based machine learning model security detection method | |
CN116702160B (en) | Source code vulnerability detection method based on data dependency enhancement program slice | |
CN109194605A (en) | A kind of suspected threat index Proactive authentication method and system based on open source information | |
CN115186095B (en) | Juvenile text recognition method and device | |
CN113297580B (en) | Code semantic analysis-based electric power information system safety protection method and device | |
CN114581694A (en) | Network security situation assessment method based on improved support vector machine | |
CN110298228A (en) | A kind of multi-Target Image search method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190111 |
|
WD01 | Invention patent application deemed withdrawn after publication |