CN109255241B - Android permission promotion vulnerability detection method and system based on machine learning - Google Patents
Android permission promotion vulnerability detection method and system based on machine learning Download PDFInfo
- Publication number
- CN109255241B CN109255241B CN201811013176.5A CN201811013176A CN109255241B CN 109255241 B CN109255241 B CN 109255241B CN 201811013176 A CN201811013176 A CN 201811013176A CN 109255241 B CN109255241 B CN 109255241B
- Authority
- CN
- China
- Prior art keywords
- feature
- machine learning
- feature set
- android
- apk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses an Android permission promotion vulnerability detection method and system based on machine learning, which comprises the following steps: analyzing Android APK file information, and extracting an APK feature set containing complete APK information; selecting a related feature set related to the permission improvement vulnerability from an APK feature set by analyzing a vulnerability principle, wherein the related feature set comprises a system permission and a system API; carrying out feature cleaning and quantification on the related feature set, and converting the related feature set into a sample feature set; and inputting the sample feature set into a machine learning algorithm to obtain a classification model. In the method, the basic characteristics and the derivative characteristics of the APP are covered in the characteristic extraction of the APP of the Android, all the characteristics of the APP can be reflected more comprehensively, the comprehensive characteristics can be adopted to cope with the diversity change of the loopholes, and the accuracy and the identification efficiency are improved.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an Android permission promotion vulnerability detection method and system based on machine learning.
Background
With the popularization and development of the Android system, the Android system becomes an important platform related to national economy, science and technology and daily life of people. Meanwhile, the safety problem of Android software is increasingly prominent, one of the root causes of the Android software is software bugs, the number of the software bugs is increased, and the damage caused by the software bugs is increased. The popularity of vulnerabilities and the severity of their consequences have made technical research efforts related to vulnerabilities of interest, where vulnerability analysis techniques (including vulnerability discovery and vulnerability characterization) as a means of discovering vulnerabilities are other prerequisites such as exploitation and vulnerability destruction. Therefore, how to effectively analyze the security vulnerability of the Android system and the application thereof becomes an important technical means for enhancing the security of the mobile terminal and protecting the security and privacy of the user.
The existing Android permission promotion vulnerability detection method is mainly based on a static analysis technology, and the existing Android permission promotion vulnerability detection method are matched by corresponding technical means aiming at a vulnerability mode known by Android application. For example, for a webview remote code execution vulnerability, the prior art and the vulnerability detection platform mainly utilize a static code matching technology to decompile an APP and find whether an APP source code contains an addjavascript interface, and if so, the APP source code is defined as having a vulnerability. For component hijacking loopholes, detecting an exported attribute and an < intent-filter > tag of each component in an Android Manifest file, and if the exported value of the component is false, whether the < intent-filter > tag exists in the component or not is not exposed; if the exported value is true, the component is exposed, if the component does not have the exported value, if the component has an < intent-filter > tag, the component is exposed, and finally whether sensitive permission operation is used in the exposed component is detected, if so, the vulnerability is defined as component hijacking.
The method adopts a static technology, has slow detection speed, low detection efficiency and high cost, and the detection of part of the loopholes adopts a coarse-grained feature set for code matching, so that the detection result is still not accurate enough, and the false alarm rate and the missing alarm rate are high.
Disclosure of Invention
Aiming at the defects existing in the problems, the Android permission promotion vulnerability detection method and system based on machine learning are provided, and because the machine learning algorithm receives the multidimensional characteristics of the training samples as input, the detection method and system are not limited by the existing fixed vulnerability mode, but consider various characteristics related to vulnerabilities, and find the internal relation existing between the dimensionality characteristics and the vulnerabilities by using the machine learning algorithm.
In order to achieve the above object, the present invention provides a machine learning-based Android permission promotion vulnerability detection method, including:
analyzing Android APK file information, and extracting an APK feature set containing complete APK information;
selecting a related feature set related to the permission improvement vulnerability from an APK feature set by analyzing a vulnerability principle, wherein the related feature set comprises a system permission and a system API;
carrying out feature cleaning and quantification on the related feature set, and converting the related feature set into a sample feature set;
and inputting the sample feature set into a machine learning algorithm to obtain a classification model.
As a further improvement of the present invention, the APK feature set includes an Android application basis feature and an application code feature, the Android application basis feature includes an Android manifest.
As a further improvement of the invention, before feature cleaning and quantification, the related feature set further comprises:
the system permissions and system APIs are converted into a form that can be used for feature quantification by the bag-of-words method.
As a further improvement of the invention, before converting the system API into a form which can be used for characteristic quantification by the bag-of-words method, the method also comprises the following steps:
and clustering the system API according to the function class to which the system API belongs.
As a further improvement of the invention, feature cleaning is missing value processing, a dimension with missing values less than 30% can be fitted with missing values according to other values of the dimension, and if the number of missing values is more than 30%, the feature is an invalid feature, and the dimension is removed.
As a further refinement of the invention, the features are quantized into a numerical or vector form that quantizes the cleaned features into a value for use in a machine learning algorithm.
As a further improvement of the present invention, the manner of feature quantization may be divided into quantization of numerical features, quantization of type features, and quantization of text features according to feature types.
As a further improvement of the invention, the system authority is converted into a vector form by adopting a dummy coding mode;
statistical data of system API dimension is in the form of continuous numerical value, which is directly input into machine learning algorithm as dimension feature.
As a further improvement of the invention, the method for inputting the sample feature set into the machine learning algorithm to obtain the classification model comprises the following steps:
the machine learning algorithm adopts a classification algorithm, an input sample characteristic set is divided into a training set and a verification set, a training set sample is used for training a classification model, and a verification set sample is used for verifying the generalization degree of the model;
after model training is completed, parameters in the algorithm are adjusted according to the performance of the model on the verification set, evaluation results under different parameters are compared, and the model with the optimal evaluation result is selected as a classification model.
The invention also provides a system for detecting the Android permission promotion vulnerability based on machine learning, which comprises the following steps:
the characteristic extraction module is used for analyzing Android APK file information and extracting an APK characteristic set containing complete APK information;
the characteristic processing module is used for selecting a related characteristic set related to the authority promotion vulnerability from the APK characteristic set by analyzing the vulnerability principle, and performing characteristic cleaning and quantification on the related characteristic set to convert the related characteristic set into a sample characteristic set; the associated feature set comprises system permissions and a system API;
and the training module is used for inputting the sample feature set into a machine learning algorithm to obtain a classification model.
Compared with the prior art, the invention has the beneficial effects that:
1. in the feature extraction of the APP of the Android, the basic features and the derivative features of the APP are covered, and all the characteristics of the APP can be reflected more comprehensively;
2. comprehensive characteristics are adopted to cope with the diversity change of the loopholes;
3. the accuracy is improved, and the rate of missing reports is reduced;
4. by using the idea of traditional vulnerability analysis for reference, a classification algorithm in machine learning is applied to APP vulnerability detection, and an APP feature training classifier is used for judging whether the APP has a vulnerability or not, so that the method has certain advancement;
5. for some bugs needing manual identification, the technology can improve the identification efficiency.
Drawings
Fig. 1 is a frame diagram of an Android privilege elevation vulnerability detection system based on machine learning according to an embodiment of the present invention;
fig. 2 is a flowchart of an Android permission promotion vulnerability detection method based on machine learning according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
The invention is described in further detail below with reference to the attached drawing figures:
as shown in fig. 1, the invention provides a method for detecting Android permission promotion vulnerabilities based on machine learning, which can detect webview remote code execution vulnerabilities and component hijack vulnerabilities; it includes:
step 1, analyzing Android APK file information, and extracting an APK feature set containing complete APK information; wherein:
according to the method, the Android APK file information can be analyzed through decompression and decompiling, and the analyzed APK file information is stored in a database so as to realize quick reading; the method comprises the steps of extracting an APK feature set containing complete APK information based on APK file information, wherein the APK feature set comprises Android application basic features and application code features, the Android application basic features comprise Android Manifest xml file tag features, authority features and the like, and the application code features comprise a method and system API in a smali file.
Step 2, selecting a related feature set related to the permission improvement vulnerability from the APK feature set by analyzing a vulnerability principle, wherein the related feature set comprises a system permission and a system API; wherein:
the invention extracts the authority promotion vulnerability model into a quadruple,
Vulnerability=<Entry,Media,Privilege,Condition>
vulnerability refers to permission promotion loopholes in Android application software, Entry refers to objects or application program components containing sensitive operations in an application program, Media refers to methods related to high-level privileges, an attacker can call the methods through the Entry, Privilege refers to system permission granted to the application program by a user, and Condition refers to security protection measures taken by application program developers on the application program. When a developer provides security protection for Entry of an application program, even if a bug structure exists in a code, an attacker cannot utilize the bug to achieve the purpose of attack.
Media is a method that an attacker invokes to perform a specific operation, which is defined in a component. Often these methods are associated with sensitive rights, which make them targets for attackers. However, the methods defined in different documents are diverse, which is an unstable feature. The present invention requires the extraction of stable features from the structure of these methods. In the Android system, the basic elements driving the system to run are system APIs, which are also basic components of the method. Thus, the present invention selects system APIs in each method, their parameter and call chains as features in the "method" dimension.
According to the method, subsequent feature selection is carried out on the basis of the APK feature set containing complete APK information obtained in the step 1, and a related feature set with high authority improvement vulnerability relevance is selected by analyzing a vulnerability principle, wherein the related feature set comprises a system API (media) contained in a code, a system authority (Privilege) applied to an android Manifest xml file and other features containing vulnerability Entry (Entry) information, wherein the other features are component attributes in the android Manifest xml, including component type, whether to export, component protection level (Condition) and the like.
Step 3, carrying out feature cleaning and quantification on the related feature set, and converting the feature set into a sample feature set; wherein:
the related features selected according to the vulnerability principle comprise system authority and system API features, and the two types of information are data of character string types; related feature sets prior to feature cleaning and quantification, the present invention entails converting features in the related feature set into a form that can be used for feature quantification. Specifically, the method comprises the following steps: the invention uses the bag-of-words method for reference, puts all possible values of the characteristics into a set, and counts the occurrence times of certain characteristics in a sample as the value of the characteristic dimension. In order to obtain all possible values of the system authority and the system API, the latest Android system authority collection document and the existing system API collection document are downloaded on the Google official website. The system has limited and fewer permissions, and can be directly used as a characteristic value set. The system API is too large in quantity, so that a large amount of time is consumed in the matching process when the system API is directly used as a characteristic value set, and high dimensionality is brought to subsequent training; therefore, before the system API is converted into a form which can be used for characteristic quantification, the system API needs to be clustered according to the function class to which the system API belongs, and then a clustering result is used as an API characteristic value set; after the system API clustering is completed, the invention takes the occurrence frequency of the system API belonging to a certain class in the statistical code characteristics as the characteristic dimension value of the API. Other features including vulnerability Entry (Entry) information in the related feature set are all type features, and attribute values can be directly put into a feature matrix to be subjected to subsequent quantization. For each component in the training sample APK, the component feature data are spliced into a group of information, all the component information are constructed into a sample feature matrix, and the sample feature matrix is written into a csv file to serve as training data.
After reading in the csv file, the method carries out feature preprocessing, namely feature cleaning and feature quantization, by using a method in a python library pandas; feature cleaning is mainly missing value processing, missing values of which the number is less than 30% can be fitted according to other values of the dimension, and if the number of the missing values is more than 30%, the feature is an invalid feature, and the dimension is removed. After missing values are processed, metadata need to be quantitatively converted into an input form required by a machine learning algorithm; the ways of feature quantization can be divided into three types according to feature types: quantification of numerical characteristics, quantification of type characteristics and quantification of text characteristics. The numerical features can be selected as continuous features to be directly put into an algorithm for training or discretized to form numerical range segments according to the situation. Type features are typically converted into vectors by means of encoding. The text features are converted into type features according to the situation or directly according to a text quantization mode. Specifically, the method comprises the following steps: in the dimension of the system API, a situation that a sample has no value in a certain system class occurs, and at this time, a large number of missing values are generated in the feature matrix, which means that the system class has no practical significance in the classification problem, and the whole column of the missing values needs to be deleted. After all null value features are removed, the invention quantizes the feature values into numerical values or vector forms for classification algorithm training. The statistical data of the API dimension of the non-empty system is a continuous numerical value, so that the part of data can be directly input into an algorithm as dimension characteristics without special processing. For the system authority characteristics, the invention adopts a dummy coding mode to convert the system authority owned by the sample into a vector format. Other characteristics containing the vulnerability entry information are disordered type characteristics, the characteristic values are mutually independent and are not in sequence, and the type information of the disordered type characteristics is converted into encoding information which can be read by an algorithm by using an effective encoding mode. Because the coding mode used by the invention for the characteristics in the characteristic preprocessing greatly increases the dimensionality of the training matrix, in order to improve the training speed, the invention applies the PCA algorithm to the characteristic matrix for dimensionality reduction.
Step 4, inputting the sample feature set into a machine learning algorithm to obtain a classification model; wherein:
the method has the advantages that whether permission improvement loopholes exist in the application or not is predicted through Android application characteristics, and the method belongs to a classification problem, so that a machine learning algorithm adopts a classification algorithm; the method comprises the steps of dividing an input sample feature set into a training set and a verification set, wherein the training set sample is used for training a classification model, and the verification set sample is used for verifying the generalization degree of the model; after model training is completed, parameters in the algorithm are adjusted according to the performance of the model on the verification set, evaluation results under different parameters are compared, and the model with the optimal evaluation result is selected as a classification model.
As shown in fig. 2, the present invention provides a system for detecting a vulnerability elevated by using Android permissions based on machine learning, which includes: the system comprises a feature extraction module, a feature processing module and a training module;
the characteristic extraction module is used for analyzing Android APK file information and extracting an APK characteristic set containing complete APK information; the specific implementation method is the same as the step 1 of the vulnerability detection method;
the characteristic processing module is used for realizing the conversion from the APK meta information to the machine learning algorithm standard input; the method specifically comprises the following steps: selecting a related feature set related to the authority improvement vulnerability from the APK feature set by analyzing a vulnerability principle, and performing feature cleaning and quantification on the related feature set to convert the related feature set into a sample feature set; the associated feature set comprises system permissions and a system API; the specific implementation method is the same as the steps 2 and 3 of the vulnerability detection method;
the training module is used for inputting the sample feature set into a machine learning algorithm to obtain a classification model; the specific implementation method is the same as the step 4 of the vulnerability detection method.
The method analyzes the APK file, extracts various feature sets of the APK file, and establishes a uniform universal feature expression model to be used as the input of a machine learning algorithm; selecting a proper classifier model according to an application scene of APP vulnerability analysis; and establishing a multi-dimensional evaluation model according to the detection efficiency, the missing report rate, the false report rate and the like of the loopholes, and selecting a machine learning algorithm with the best performance from different angles.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (5)
1. A method for detecting Android permission promotion loopholes based on machine learning is characterized by comprising the following steps:
analyzing Android APK file information, and extracting an APK feature set containing complete APK information;
the APK feature set comprises Android application basic features and application code features, the Android application basic features comprise Android Manifest xml file tag features and permission features, and the application code features comprise method and system APIs in a smali file;
selecting a related feature set related to the permission improvement vulnerability from an APK feature set by analyzing a vulnerability principle, wherein the related feature set comprises a system permission and a system API; carrying out feature cleaning and quantification on the related feature set, and converting the related feature set into a sample feature set;
inputting the sample feature set into a machine learning algorithm to obtain a classification model;
the relevant feature set further comprises, before feature cleaning and quantification:
converting the system authority and the system API into a form which can be used for characteristic quantification by a bag-of-words method;
before converting the system API into a form which can be used for characteristic quantification by the bag-of-words method, the method further comprises the following steps:
clustering system APIs according to function classes to which the system APIs belong, taking a clustering result as an API characteristic geometric value set, and counting the occurrence times of the system APIs belonging to a certain class in code characteristics as a characteristic dimension value of the APIs after the system APIs are clustered;
feature cleaning is missing value processing, missing values of which the number is less than 30% can be fitted according to other values of the dimension, and if the number of the missing values is more than 30%, the feature is an invalid feature, and the dimension is removed;
the method for inputting the sample feature set into the machine learning algorithm to obtain the classification model comprises the following steps:
the machine learning algorithm adopts a classification algorithm, an input sample characteristic set is divided into a training set and a verification set, a training set sample is used for training a classification model, and a verification set sample is used for verifying the generalization degree of the model;
after model training is completed, parameters in the algorithm are adjusted according to the performance of the model on the verification set, evaluation results under different parameters are compared, and the model with the optimal evaluation result is selected as a classification model.
2. The machine learning-based Android privilege elevation vulnerability detection method of claim 1, wherein the feature quantization is a numerical value or vector form that quantizes the cleaned features into a machine learning algorithm.
3. The machine learning-based Android privilege elevation vulnerability detection method of claim 2, wherein the manner of feature quantization can be divided into quantization of numerical features, quantization of type features and quantization of text features according to feature types.
4. The machine learning-based Android privilege elevation vulnerability detection method of claim 2, wherein a dummy coding mode is adopted to convert system privileges into a vector form;
statistical data of system API dimension is in the form of continuous numerical value, which is directly input into machine learning algorithm as dimension feature.
5. A detection system for implementing the machine learning-based Android privilege elevation vulnerability detection method according to any one of claims 1-4, comprising:
the characteristic extraction module is used for analyzing Android APK file information and extracting an APK characteristic set containing complete APK information;
the characteristic processing module is used for selecting a related characteristic set related to the authority promotion vulnerability from the APK characteristic set by analyzing the vulnerability principle, and performing characteristic cleaning and quantification on the related characteristic set to convert the related characteristic set into a sample characteristic set; the associated feature set comprises system permissions and a system API;
and the training module is used for inputting the sample feature set into a machine learning algorithm to obtain a classification model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811013176.5A CN109255241B (en) | 2018-08-31 | 2018-08-31 | Android permission promotion vulnerability detection method and system based on machine learning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811013176.5A CN109255241B (en) | 2018-08-31 | 2018-08-31 | Android permission promotion vulnerability detection method and system based on machine learning |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109255241A CN109255241A (en) | 2019-01-22 |
| CN109255241B true CN109255241B (en) | 2022-04-22 |
Family
ID=65049931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811013176.5A Active CN109255241B (en) | 2018-08-31 | 2018-08-31 | Android permission promotion vulnerability detection method and system based on machine learning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109255241B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110427757A (en) * | 2019-08-06 | 2019-11-08 | 南方电网科学研究院有限责任公司 | A kind of Android leak detection method, system and relevant apparatus |
| CN113051571B (en) * | 2019-12-27 | 2022-11-29 | 中国移动通信集团湖南有限公司 | Method and device for detecting false alarm vulnerability and computer equipment |
| CN113762294B (en) * | 2020-06-03 | 2024-04-12 | 深信服科技股份有限公司 | Feature vector dimension compression method, device, equipment and medium |
| CN114422271B (en) * | 2022-03-28 | 2022-07-08 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and readable storage medium |
| CN116861446A (en) * | 2023-09-04 | 2023-10-10 | 深圳奥联信息安全技术有限公司 | Data security assessment method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014152469A1 (en) * | 2013-03-18 | 2014-09-25 | The Trustees Of Columbia University In The City Of New York | Unsupervised anomaly-based malware detection using hardware features |
| CN106650418A (en) * | 2016-12-21 | 2017-05-10 | 天津大学 | Android access control system and method based onmulti-strategy |
| CN106897625A (en) * | 2017-01-22 | 2017-06-27 | 北京理工大学 | The leak automatic classification method for supporting vulnerability correlation to excavate |
| CN107169351A (en) * | 2017-05-11 | 2017-09-15 | 北京理工大学 | With reference to the Android unknown malware detection methods of dynamic behaviour feature |
| CN108345794A (en) * | 2017-12-29 | 2018-07-31 | 北京物资学院 | The detection method and device of Malware |
-
2018
- 2018-08-31 CN CN201811013176.5A patent/CN109255241B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014152469A1 (en) * | 2013-03-18 | 2014-09-25 | The Trustees Of Columbia University In The City Of New York | Unsupervised anomaly-based malware detection using hardware features |
| CN106650418A (en) * | 2016-12-21 | 2017-05-10 | 天津大学 | Android access control system and method based onmulti-strategy |
| CN106897625A (en) * | 2017-01-22 | 2017-06-27 | 北京理工大学 | The leak automatic classification method for supporting vulnerability correlation to excavate |
| CN107169351A (en) * | 2017-05-11 | 2017-09-15 | 北京理工大学 | With reference to the Android unknown malware detection methods of dynamic behaviour feature |
| CN108345794A (en) * | 2017-12-29 | 2018-07-31 | 北京物资学院 | The detection method and device of Malware |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109255241A (en) | 2019-01-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109255241B (en) | Android permission promotion vulnerability detection method and system based on machine learning | |
| Hsien-De Huang et al. | R2-d2: Color-inspired convolutional neural network (cnn)-based android malware detections | |
| Yakura et al. | Malware analysis of imaged binary samples by convolutional neural network with attention mechanism | |
| CN108280350B (en) | Android-oriented mobile network terminal malicious software multi-feature detection method | |
| Ganesh et al. | CNN-based android malware detection | |
| Kumar et al. | Malicious code detection based on image processing using deep learning | |
| CN109784056B (en) | Malicious software detection method based on deep learning | |
| CN109271788B (en) | Android malicious software detection method based on deep learning | |
| Liu et al. | ATMPA: attacking machine learning-based malware visualization detection methods via adversarial examples | |
| Sabhadiya et al. | Android malware detection using deep learning | |
| Zhiwu et al. | Android malware family classification and characterization using CFG and DFG | |
| CN109905385B (en) | Webshell detection method, device and system | |
| CN108985064B (en) | Method and device for identifying malicious document | |
| CN109614795B (en) | Event-aware android malicious software detection method | |
| Srivastava et al. | Android malware detection amid COVID-19 | |
| CN109344614A (en) | A kind of Android malicious application online test method | |
| Wang et al. | A deep learning method for android application classification using semantic features | |
| CN110858247A (en) | Android malicious application detection method, system, device and storage medium | |
| Ugarte-Pedrero et al. | Semi-supervised learning for packed executable detection | |
| CN111460448B (en) | Malicious software family detection method and device | |
| Guerra-Manzanares et al. | In-depth Feature Selection and Ranking for Automated Detection of Mobile Malware. | |
| CN113378167A (en) | Malicious software detection method based on improved naive Bayes algorithm and gated loop unit mixing | |
| CN113971283A (en) | Malicious application program detection method and device based on features | |
| CN114143074B (en) | webshell attack recognition device and method | |
| Li et al. | Android malware detection method based on frequent pattern and weighted naive Bayes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |