CN112632538A - Android malicious software detection method and system based on mixed features - Google Patents
Android malicious software detection method and system based on mixed features Download PDFInfo
- Publication number
- CN112632538A CN112632538A CN202011565908.9A CN202011565908A CN112632538A CN 112632538 A CN112632538 A CN 112632538A CN 202011565908 A CN202011565908 A CN 202011565908A CN 112632538 A CN112632538 A CN 112632538A
- Authority
- CN
- China
- Prior art keywords
- software
- api
- android
- file
- features
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
Abstract
The invention provides an android malicious software detection method and system based on mixed characteristics, and relates to the technical field of android software detection, wherein the method comprises the steps of carrying out reverse analysis on android software to obtain an authority information file of the android software and a called API information file; extracting authority characteristics and intention characteristics of the android software according to the authority information file, and extracting API characteristics of the android software according to the API information file; inputting the extracted authority features, intention features and API features of the android software into a trained machine learning algorithm classification model for analysis; and outputting an analysis result by the machine learning algorithm classification model, wherein the analysis result is malicious software or benign software. According to the method, the static detection method of the android device is researched, the three characteristics of comprehensive authority information, intention information and API information are provided to detect the malicious software, the problems that single authority characteristics cannot be accurately classified and the identification rate accuracy is low are solved, and the identification accuracy of the android malicious software is improved.
Description
Technical Field
The invention relates to the technical field of android software detection, in particular to an android malicious software detection method and system based on mixed characteristics.
Background
The traditional security analysis method of the android malicious software comprises dynamic analysis and static analysis.
The dynamic analysis is a method for evaluating the malicious software by executing software in an actual environment and observing various system calls sent by an application program to identify malicious patterns, and the dynamic analysis system is arranged in a closed and isolated virtual environment and can thoroughly research malicious software samples without damaging the system. The dynamic analysis has the defects that the accuracy is high in the existing malicious software, a novel malicious application program cannot be identified, and the detection of the unrecorded malicious software is not facilitated; the code amount of the running software cannot be determined, the trial research takes a lot of time, and meanwhile, the trial research is complex and is not suitable for practical use, so static analysis is generally adopted.
Static analysis selects static information as a feature to distinguish benign software from malicious software, including profiling an application and reverse-engineering it to observe its function and identify malicious code, a method to detect malicious behavior by analyzing code segments, which does not require running software on a robot simulator or device; in general, static analysis selects permissions as the basis for analysis, permissions are an important feature of android software programs, and applications must declare their requested permission list in their android manifest files, while permissions of applications allow components to control which other applications can interact with them. Since authorities easily capture sensitive usage of android resources, there are also many malware detection methods based on such features.
A disadvantage of static analysis is that if a malicious android software program does not explicitly declare the permissions needed to access sensitive resources, then malware cannot be identified; the authority-based features can only capture coarse-grained behavior information of an application program, context information generated by the features and important semantic information contained in the context information are lost, and false alarm is easily caused; therefore, static analysis currently has a low recognition rate accuracy.
Disclosure of Invention
Aiming at the problems, the invention provides an android malicious software detection method and system based on mixed features, and the method and system can be used for detecting malicious software from three features of authority information, intention information and API information by researching a static detection method of an android device, so that the problems that single authority features cannot be accurately classified and the identification rate accuracy is low are solved, and the identification accuracy of the android malicious software is improved.
In order to achieve the above object, the present invention provides an android malware detection method based on mixed features, including:
performing reverse analysis on the android software to obtain an authority information file of the android software and a called API information file;
extracting the authority feature and the intention feature of the android software according to the authority information file, and extracting the API feature of the android software according to the API information file;
inputting the extracted authority features, intention features and API features of the android software into a trained machine learning algorithm classification model for analysis; the input of the machine learning algorithm classification model is authority characteristics, intention characteristics and API characteristics, and the output of the machine learning algorithm classification model is malicious software or benign software;
and the machine learning algorithm classification model outputs an analysis result, and the analysis result is malicious software or benign software.
As a further improvement of the present invention, the performing reverse analysis on the android software program includes:
performing reverse analysis on the android software program by using an apktool tool to obtain an apk file;
adopting a dex2jar tool to convert classes in the apk file into jar files and smili files;
the jar file is viewed using the jd-gui tool.
As a further improvement of the present invention, the obtaining of the permission information file and the called API information file of the android software includes:
the apk file comprises an android manifest file, wherein the android manifest file is a permission information file of the android software;
the smali file is an API information file of the android software.
As a further improvement of the present invention,
extracting authority information from a user-permission tag of the android manifest file;
extracting explicit intentions and implicit intentions from the jar file and the android manifest file;
and extracting API characteristics including an API name, parameters and an API recovery value from the smali file.
As a further improvement of the invention, the machine learning algorithm classification model comprises the following training processes:
preparing a plurality of malicious software and a plurality of benign software;
extracting authority characteristics, API characteristics and intention characteristics of the malicious software, wherein the intention characteristics comprise explicit intentions and implicit intentions, and extracting the API characteristics of the benign software to form a benign software API characteristic library;
comparing the API characteristics extracted from each malicious software with the benign software API characteristic library, deleting the same API characteristics as those in the benign software API characteristic library, and reserving the residual API characteristics;
and inputting the authority features, the intention features and the residual API features of the malicious software into a machine learning algorithm, wherein the machine learning algorithm learns the occurrence frequency of the authority features, the intention features and the API features in the malicious software, and the features with the occurrence frequency above a preset frequency threshold value in the machine learning algorithm are used as the malicious software judgment features to obtain a machine learning algorithm classification model.
The invention also provides a system for detecting the android malicious software based on the mixed characteristics, which comprises a reverse analysis module, a characteristic extraction module, a characteristic analysis module and a result output module;
the reverse analysis module is configured to:
performing reverse analysis on the android software to obtain an authority information file of the android software and a called API information file;
the feature extraction module is configured to:
extracting the authority feature and the intention feature of the android software according to the authority information file obtained by the reverse analysis module, and extracting the API feature of the android software according to the API information file obtained by the reverse analysis module;
the feature analysis module is configured to:
inputting the extracted authority features, intention features and API features of the android software into a trained machine learning algorithm classification model for analysis; the input of the machine learning algorithm classification model is authority characteristics, intention characteristics and API characteristics, and the output of the machine learning algorithm classification model is malicious software or benign software;
the result output module is used for:
and the machine learning algorithm classification model outputs an analysis result, and the analysis result is malicious software or benign software.
As a further improvement of the present invention, the performing reverse analysis on the android software program includes:
performing reverse analysis on the android software program by using an apktool tool to obtain an apk file;
adopting a dex2jar tool to convert classes in the apk file into jar files and smili files;
the jar file is viewed using the jd-gui tool.
As a further improvement of the present invention, the obtaining of the permission information file and the called API information file of the android software includes:
the apk file comprises an android manifest file, wherein the android manifest file is a permission information file of the android software;
the smali file is an API information file of the android software.
As a further improvement of the invention, authority information is extracted from a user-permission tag of the android manifest file;
extracting explicit intentions and implicit intentions from the jar file and the android manifest file;
and extracting API characteristics including an API name, parameters and an API recovery value from the smali file.
As a further improvement of the invention, the training process of the machine learning algorithm classification model comprises the following steps:
preparing a plurality of malicious software and a plurality of benign software;
extracting authority characteristics, API characteristics and intention characteristics of the malicious software, wherein the intention characteristics comprise explicit intentions and implicit intentions, and extracting the API characteristics of the benign software to form a benign software API characteristic library;
comparing the API characteristics extracted from each malicious software with the benign software API characteristic library, deleting the same API characteristics as those in the benign software API characteristic library, and reserving the residual API characteristics;
and inputting the authority features, the intention features and the residual API features of the malicious software into a machine learning algorithm, wherein the machine learning algorithm learns the occurrence frequency of the authority features, the intention features and the API features in the malicious software, and the features with the occurrence frequency above a preset frequency threshold value in the machine learning algorithm are used as the malicious software judgment features to obtain a machine learning algorithm classification model.
Compared with the prior art, the invention has the beneficial effects that:
according to the android device malicious software detection method, the android device static detection method is researched, malicious software is detected from the three characteristics of the authority information, the intention information and the API information, and compared with the traditional static analysis method, malicious analysis is only carried out according to the authority characteristics, the detection characteristics are increased, the problems that single authority characteristics cannot be accurately classified and the recognition rate accuracy is low are further solved, and the android malicious software recognition capability is improved; compared with dynamic analysis, the method saves the time for running the software, improves the identification efficiency, and simultaneously, the identification accuracy is not influenced by whether the software has detection records or not.
Drawings
FIG. 1 is a flowchart of a hybrid feature-based android malware detection method disclosed in an embodiment of the present invention;
FIG. 2 is a schematic diagram of a hybrid feature-based android malware detection system according to an embodiment of the present invention;
fig. 3 is a flowchart of a detailed malware detection method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
The invention is described in further detail below with reference to the attached drawing figures:
example (b):
as shown in fig. 1 and 3, the method for detecting android malware based on mixed features provided by the present invention includes:
s1, performing reverse analysis on the android software to obtain an authority information file of the android software and a called API information file;
wherein, carry out the reverse analysis to android software program, include:
performing reverse analysis on the android software program by using an apktool tool to obtain an apk file;
adopting a dex2jar tool to convert classes in the apk file into jar files and smili files;
the jar file is viewed using the jd-gui tool.
Further, obtaining the permission information file and the called API information file of the android software includes:
the apk file comprises an android manifest file, wherein the android manifest file is a permission information file of the android software;
the smali file is an API information file of the android software.
S2, extracting authority characteristics and intention characteristics of the android software according to the authority information file, and extracting API characteristics of the android software according to the API information file;
wherein the content of the first and second substances,
extracting authority information from a user-permission tag of the android manifest file; furthermore, an authority information file, namely an android manifest file, is used for declaring a system authority required by the operation of the android software, protecting the privacy of a user and preventing important data from being accessed arbitrarily, for example, the authority SEND _ SMS allows an application to SEND a short message, and some malicious software can SEND a high-volume short message by using the authority; the permission CALL _ PHONE allows the application to make a CALL without the need for the user to confirm the CALL and display a CALL interface; the permission WRITE _ CONTACTS allows the application to WRITE the address book, which may possibly tamper with the address book information of the user; besides, the malicious software can also apply for the rights of WRITE SMS, RECEIVE SMS, INSTALL PACKAGES and the like, so the malicious software can be analyzed through the rights characteristics;
extracting explicit intentions and implicit intentions from jar files and android files; further, because the intent allows data to be transferred from sending activity to receiving activity, the receiving activity may also be configured to return data to the sending activity upon completion of the desired task. In addition to initiating activities, the intent is to initiate and communicate with services and broadcast receivers; the intention is divided into an explicit intention and an implicit intention, the intention and actions and data carried by the intention are intercepted by the malicious software through a declaration intention filter, and the malicious intention can enable an application program to obtain data access to any matched intention, so that activity information is hijacked, and therefore the malicious software can be analyzed through analyzing intentions which appear frequently in the malicious software.
Extracting API characteristics including an API name, parameters and an API recovery value from the smali file; further, the API is a method specifically called by malicious software to specifically implement malicious behaviors or steal private data, for example, android.
S3, inputting the extracted authority features, intention features and API features of the android software into a trained machine learning algorithm classification model for analysis; the input of the machine learning algorithm classification model is authority characteristics, intention characteristics and API characteristics, and the output of the machine learning algorithm classification model is malicious software or benign software;
the training process of the machine learning algorithm classification model comprises the following steps:
preparing a plurality of malicious software and a plurality of benign software;
extracting authority characteristics, API characteristics and intention characteristics of each malicious software, wherein the intention characteristics comprise explicit intentions and implicit intentions, and extracting the API characteristics of each benign software to form a benign software API characteristic library;
comparing the API features extracted from the malicious software with the benign software API feature library, deleting the same API features in the benign software API feature library, and reserving the residual API features;
inputting the authority feature, the intention feature and the residual API feature of each malicious software into a machine learning algorithm, wherein the machine learning algorithm learns the occurrence frequency of each authority feature, intention feature and API feature in the malicious software, and the feature with the occurrence frequency above a preset frequency threshold value in the machine learning algorithm is used as a malicious software judgment feature to obtain a machine learning algorithm classification model;
the preset frequency threshold value can be set to be 80%, namely, the authority feature, the intention feature and the API feature with the occurrence probability of more than 80% in the malicious software are used as the malicious software judgment conditions, and when one or more features with the occurrence frequency of 80% are identified in certain software, the software is considered to be the malicious software;
further, with the increase of the number of the recognition software, the authority feature, the intention feature and the API feature, which are calculated by the machine learning algorithm and have the probability of being more than 80%, change, and the machine learning algorithm classification model is more accurate in recognizing the malicious software, that is, the more training samples, the higher the recognition accuracy.
S4, outputting an analysis result by the machine learning algorithm classification model, wherein the analysis result is malicious software or benign software;
wherein, the output detection result is malicious software or benign software.
As shown in fig. 2, the system for detecting android malware based on mixed features provided by the present invention is characterized in that: the system comprises a reverse analysis module, a feature extraction module, a feature analysis module and a result output module;
a reverse analysis module to:
performing reverse analysis on the android software to obtain an authority information file of the android software and a called API information file;
wherein the content of the first and second substances,
performing reverse analysis on the android software program by using an apktool tool to obtain an apk file;
adopting a dex2jar tool to convert classes in the apk file into jar files and smili files;
the jar file is viewed using the jd-gui tool.
Further, the apk file comprises an android manifest file, wherein the android manifest file is a permission information file of the android software;
the smali file is an API information file of the android software.
A feature extraction module to:
extracting authority characteristics and intention characteristics of the android software according to the authority information file obtained by the reverse analysis module, and extracting API characteristics of the android software according to the API information file obtained by the reverse analysis module;
wherein the content of the first and second substances,
extracting authority information from a user-permission tag of the android manifest file;
extracting explicit intentions and implicit intentions from jar files and android files;
API features are extracted in the smali file, including API names, parameters, and API recovery values.
A feature analysis module to:
inputting the extracted authority features, intention features and API features of the android software into a trained machine learning algorithm classification model for analysis; the input of the machine learning algorithm classification model is authority characteristics, intention characteristics and API characteristics, and the output of the machine learning algorithm classification model is malicious software or benign software;
wherein, machine learning algorithm classification model need through sample learning, include:
preparing a plurality of malicious software and a plurality of benign software;
extracting authority characteristics, API characteristics and intention characteristics of each malicious software, wherein the intention characteristics comprise explicit intentions and implicit intentions, and extracting the API characteristics of each benign software to form a benign software API characteristic library;
comparing the API features extracted from the malicious software with the benign software API feature library, deleting the same API features in the benign software API feature library, and reserving the residual API features;
inputting the authority feature, the intention feature and the residual API feature of each malicious software into a machine learning algorithm, wherein the machine learning algorithm learns the occurrence frequency of each authority feature, intention feature and API feature in the malicious software, and the feature with the occurrence frequency above a preset frequency threshold value in the machine learning algorithm is used as a malicious software judgment feature to obtain a machine learning algorithm classification model;
the preset frequency threshold value can be set to be 80%, namely, the authority feature, the intention feature and the API feature with the occurrence probability of more than 80% in the malicious software are used as the malicious software judgment conditions, and when one or more features with the occurrence frequency of 80% are identified in certain software, the software is considered to be the malicious software;
further, with the increase of the number of the recognition software, the authority feature, the intention feature and the API feature, which are calculated by the machine learning algorithm and have the probability of being more than 80%, change, and the machine learning algorithm classification model is more accurate in recognizing the malicious software, that is, the more training samples, the higher the recognition accuracy.
A result output module to:
and the machine learning algorithm classification model outputs an analysis result, and the analysis result is malicious software or benign software.
The invention has the advantages that:
according to the android device malicious software detection method, the android device static detection method is researched, malicious software is detected from the three characteristics of the authority information, the intention information and the API information, and compared with the traditional static analysis method, malicious analysis is only carried out according to the authority characteristics, the detection characteristics are increased, the problems that single authority characteristics cannot be accurately classified and the recognition rate accuracy is low are further solved, and the android malicious software recognition capability is improved; compared with dynamic analysis, the method saves the time for running the software, improves the identification efficiency, and simultaneously, the identification accuracy is not influenced by whether the software has detection records or not.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for detecting android malicious software based on mixed features is characterized by comprising the following steps:
performing reverse analysis on the android software to obtain an authority information file of the android software and a called API information file;
extracting the authority feature and the intention feature of the android software according to the authority information file, and extracting the API feature of the android software according to the API information file;
inputting the extracted authority features, intention features and API features of the android software into a trained machine learning algorithm classification model for analysis; the input of the machine learning algorithm classification model is authority characteristics, intention characteristics and API characteristics, and the output of the machine learning algorithm classification model is malicious software or benign software;
and the machine learning algorithm classification model outputs an analysis result, and the analysis result is malicious software or benign software.
2. The detection method according to claim 1, wherein the performing reverse analysis on the android software program comprises:
performing reverse analysis on the android software program by using an apktool tool to obtain an apk file;
adopting a dex2jar tool to convert classes in the apk file into jar files and smili files;
the jar file is viewed using the jd-gui tool.
3. The detection method according to claim 2, characterized in that: the obtaining of the permission information file and the called API information file of the android software comprises the following steps:
the apk file comprises an android manifest file, wherein the android manifest file is a permission information file of the android software;
the smali file is an API information file of the android software.
4. The detection method according to claim 3, characterized in that:
extracting authority information from a user-permission tag of the android manifest file;
extracting explicit intentions and implicit intentions from the jar file and the android manifest file;
and extracting API characteristics including an API name, parameters and an API recovery value from the smali file.
5. The detection method according to claim 1, characterized in that: the machine learning algorithm classification model comprises the following training processes:
preparing a plurality of malicious software and a plurality of benign software;
extracting authority characteristics, API characteristics and intention characteristics of the malicious software, wherein the intention characteristics comprise explicit intentions and implicit intentions, and extracting the API characteristics of the benign software to form a benign software API characteristic library;
comparing the API characteristics extracted from each malicious software with the benign software API characteristic library, deleting the same API characteristics as those in the benign software API characteristic library, and reserving the residual API characteristics;
and inputting the authority features, the intention features and the residual API features of each piece of malicious software into a machine learning algorithm, calculating the occurrence frequency of each authority feature, intention feature and API feature in the malicious software by using the machine learning algorithm, and taking the features with the occurrence frequency above a preset frequency threshold value in the machine learning algorithm as the malicious software judgment features to obtain a machine learning algorithm classification model.
6. A system for detecting android malicious software based on mixed characteristics is characterized in that: the system comprises a reverse analysis module, a feature extraction module, a feature analysis module and a result output module;
the reverse analysis module is configured to:
performing reverse analysis on the android software to obtain an authority information file of the android software and a called API information file;
the feature extraction module is configured to:
extracting the authority feature and the intention feature of the android software according to the authority information file obtained by the reverse analysis module, and extracting the API feature of the android software according to the API information file obtained by the reverse analysis module;
the feature analysis module is configured to:
inputting the extracted authority features, intention features and API features of the android software into a trained machine learning algorithm classification model for analysis; the input of the machine learning algorithm classification model is authority characteristics, intention characteristics and API characteristics, and the output of the machine learning algorithm classification model is malicious software or benign software;
the result output module is used for:
and the machine learning algorithm classification model outputs an analysis result, and the analysis result is malicious software or benign software.
7. The detection system according to claim 6, wherein the reverse analysis of the android software program comprises:
performing reverse analysis on the android software program by using an apktool tool to obtain an apk file;
adopting a dex2jar tool to convert classes in the apk file into jar files and smili files;
the jar file is viewed using the jd-gui tool.
8. The detection system of claim 6, wherein: the obtaining of the permission information file and the called API information file of the android software comprises the following steps:
the apk file comprises an android manifest file, wherein the android manifest file is a permission information file of the android software;
the smali file is an API information file of the android software.
9. The detection system of claim 6, wherein: extracting authority information from a user-permission tag of the android manifest file;
extracting explicit intentions and implicit intentions from the jar file and the android manifest file;
and extracting API characteristics including an API name, parameters and an API recovery value from the smali file.
10. The detection system of claim 6, wherein the machine learning algorithm classification model training process comprises:
preparing a plurality of malicious software and a plurality of benign software;
extracting authority characteristics, API characteristics and intention characteristics of the malicious software, wherein the intention characteristics comprise explicit intentions and implicit intentions, and extracting the API characteristics of the benign software to form a benign software API characteristic library;
comparing the API characteristics extracted from each malicious software with the benign software API characteristic library, deleting the same API characteristics as those in the benign software API characteristic library, and reserving the residual API characteristics;
and inputting the authority features, the intention features and the residual API features of the malicious software into a machine learning algorithm, wherein the machine learning algorithm learns the occurrence frequency of the authority features, the intention features and the API features in the malicious software, and the features with the occurrence frequency above a preset frequency threshold value in the machine learning algorithm are used as the malicious software judgment features to obtain a machine learning algorithm classification model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011565908.9A CN112632538A (en) | 2020-12-25 | 2020-12-25 | Android malicious software detection method and system based on mixed features |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011565908.9A CN112632538A (en) | 2020-12-25 | 2020-12-25 | Android malicious software detection method and system based on mixed features |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112632538A true CN112632538A (en) | 2021-04-09 |
Family
ID=75325377
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011565908.9A Pending CN112632538A (en) | 2020-12-25 | 2020-12-25 | Android malicious software detection method and system based on mixed features |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112632538A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113779579A (en) * | 2021-09-14 | 2021-12-10 | 西安电子科技大学 | Multi-model joint detection system and method for android application |
| CN116401667A (en) * | 2023-04-13 | 2023-07-07 | 湖南工商大学 | Android malicious software detection method and device based on CNN-GRU |
| CN116401667B (en) * | 2023-04-13 | 2024-04-19 | 湖南工商大学 | Android malicious software detection method and device based on CNN-GRU |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104834857A (en) * | 2015-03-27 | 2015-08-12 | 清华大学深圳研究生院 | Method and device for detecting Android malicious software in batch |
| CN107180192A (en) * | 2017-05-09 | 2017-09-19 | 北京理工大学 | Android malicious application detection method and system based on multi-feature fusion |
| CN108985060A (en) * | 2018-07-04 | 2018-12-11 | 中共中央办公厅电子科技学院 | A kind of extensive Android Malware automated detection system and method |
| CN111460452A (en) * | 2020-03-30 | 2020-07-28 | 中国人民解放军国防科技大学 | Android malicious software detection method based on frequency fingerprint extraction |
-
2020
- 2020-12-25 CN CN202011565908.9A patent/CN112632538A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104834857A (en) * | 2015-03-27 | 2015-08-12 | 清华大学深圳研究生院 | Method and device for detecting Android malicious software in batch |
| CN107180192A (en) * | 2017-05-09 | 2017-09-19 | 北京理工大学 | Android malicious application detection method and system based on multi-feature fusion |
| CN108985060A (en) * | 2018-07-04 | 2018-12-11 | 中共中央办公厅电子科技学院 | A kind of extensive Android Malware automated detection system and method |
| CN111460452A (en) * | 2020-03-30 | 2020-07-28 | 中国人民解放军国防科技大学 | Android malicious software detection method based on frequency fingerprint extraction |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113779579A (en) * | 2021-09-14 | 2021-12-10 | 西安电子科技大学 | Multi-model joint detection system and method for android application |
| CN113779579B (en) * | 2021-09-14 | 2024-04-09 | 西安电子科技大学 | Multi-model joint detection system and method for android application |
| CN116401667A (en) * | 2023-04-13 | 2023-07-07 | 湖南工商大学 | Android malicious software detection method and device based on CNN-GRU |
| CN116401667B (en) * | 2023-04-13 | 2024-04-19 | 湖南工商大学 | Android malicious software detection method and device based on CNN-GRU |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107590388B (en) | Malicious code detection method and device | |
| CN108133139B (en) | Android malicious application detection system based on multi-operation environment behavior comparison | |
| CN107688743B (en) | Malicious program detection and analysis method and system | |
| CN107659570A (en) | Webshell detection methods and system based on machine learning and static and dynamic analysis | |
| CN109271788B (en) | Android malicious software detection method based on deep learning | |
| US20200193031A1 (en) | System and Method for an Automated Analysis of Operating System Samples, Crashes and Vulnerability Reproduction | |
| Sabhadiya et al. | Android malware detection using deep learning | |
| CN110795732A (en) | SVM-based dynamic and static combination detection method for malicious codes of Android mobile network terminal | |
| CN108280348B (en) | Android malicious software identification method based on RGB image mapping | |
| CN112149124B (en) | Android malicious program detection method and system based on heterogeneous information network | |
| EP3028203A1 (en) | Signal tokens indicative of malware | |
| CN112565278A (en) | Attack capturing method and honeypot system | |
| CN113468524B (en) | RASP-based machine learning model security detection method | |
| CN108804920B (en) | Method for monitoring malicious code homology analysis based on cross-process behavior | |
| CN112632538A (en) | Android malicious software detection method and system based on mixed features | |
| Zuo | Defense of Computer Network Viruses Based on Data Mining Technology. | |
| CN108229168B (en) | Heuristic detection method, system and storage medium for nested files | |
| CN111291377A (en) | Application vulnerability detection method and system | |
| CN108427882B (en) | Android software dynamic analysis detection method based on behavior feature extraction | |
| CN114662111B (en) | Malicious code software gene homology analysis method | |
| CN116305120A (en) | Dual-verification android malicious software hybrid detection system and method | |
| US20190156024A1 (en) | Method and apparatus for automatically classifying malignant code on basis of malignant behavior information | |
| CN111125701B (en) | File detection method, equipment, storage medium and device | |
| CN109271781B (en) | Method and system for detecting super authority obtaining behavior of application program based on kernel | |
| CN103116724A (en) | Method and device for detecting dangerous behavior of program sample |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |