CN116383819A - Android malicious software family classification method - Google Patents
Android malicious software family classification method Download PDFInfo
- Publication number
- CN116383819A CN116383819A CN202310412232.7A CN202310412232A CN116383819A CN 116383819 A CN116383819 A CN 116383819A CN 202310412232 A CN202310412232 A CN 202310412232A CN 116383819 A CN116383819 A CN 116383819A
- Authority
- CN
- China
- Prior art keywords
- features
- file
- text
- android
- extracting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000009434 installation Methods 0.000 claims abstract description 19
- 239000002689 soil Substances 0.000 claims abstract description 11
- 230000004927 fusion Effects 0.000 claims abstract description 10
- 238000001914 filtration Methods 0.000 claims abstract description 3
- 230000006870 function Effects 0.000 claims description 22
- 239000011159 matrix material Substances 0.000 claims description 17
- 201000011243 gastrointestinal stromal tumor Diseases 0.000 claims description 3
- 230000011218 segmentation Effects 0.000 claims description 2
- 238000012706 support-vector machine Methods 0.000 claims description 2
- 238000004458 analytical method Methods 0.000 description 6
- 238000000605 extraction Methods 0.000 description 5
- 238000005192 partition Methods 0.000 description 3
- 230000002787 reinforcement Effects 0.000 description 3
- 238000007794 visualization technique Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000003672 processing method Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000012800 visualization Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/25—Fusion techniques
- G06F18/253—Fusion techniques of extracted features
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/33—Querying
- G06F16/3331—Query processing
- G06F16/334—Query execution
- G06F16/3344—Query execution using natural language analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V10/00—Arrangements for image or video recognition or understanding
- G06V10/40—Extraction of image or video features
- G06V10/54—Extraction of image or video features relating to texture
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V10/00—Arrangements for image or video recognition or understanding
- G06V10/40—Extraction of image or video features
- G06V10/56—Extraction of image or video features relating to colour
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Hardware Design (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Software Systems (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
- Image Analysis (AREA)
Abstract
The invention provides an Android malicious software family classification method, which belongs to the field of software security, and comprises the following steps: extracting a DEX file from the Android installation package file; determining RGB images according to byte codes, the duty ratio and the discrete soil moisture value of each section of the DEX file, and extracting texture features and color features; extracting text information of the DEX file and filtering the symbols to obtain a plain text file; the method comprises the steps of segmenting a plain text file to obtain a plurality of keywords, sorting the keywords in descending order according to weights, and selecting a certain number of keywords in front as target keywords; calculating a hash value of the target keyword by adopting an md5 hash algorithm; determining text characteristics according to the hash value and the weight of the target keywords; and fusing the texture features, the color features and the text features by utilizing a multi-core learning feature fusion algorithm to determine the malicious software family in the Android installation package file. The method improves the precision of the classification of the malicious software families.
Description
The application is a divisional application of a patent application named DEX file partition characteristic-based Android malicious software family classification method, the application date of the original application is 2020, 03 and 10, and the application number is 202010162791.3.
Technical Field
The invention relates to the field of software security, in particular to an Android malicious software family classification method based on DEX file partition characteristics.
Background
Due to the open source characteristic of the Android system, the Android system occupies more than 85% of the market share of the mobile phone market. However, the Android system iterates rapidly and the system fragmentation caused by the open source characteristic is serious, so that a large number of varieties of Android malicious software are generated on the original numerous malicious families, and a small challenge is brought to the classification of the Android malicious families. Traditional static analysis methods are susceptible to confusion and reinforcement, while dynamic analysis methods are severely time and space consuming. The novel visualization method does not consider that the characteristic loss caused by the Android malicious software is serious.
Many visualization methods and image processing methods are proposed in coping with the classification of the malicious software families, but most of the methods are not aiming at the classification of the Android malicious software families, and as the Android platform file has the characteristics of the Android platform file relative to other platform files, many of the methods are not suitable for the classification of the Android malicious software families, and even the characteristics of the Android malicious software are lost. In addition, many methods for Android platforms have low classification accuracy due to the shortcomings of the visualization method and the image processing method. The invention provides a more accurate Android malicious software family classification method. According to the method, the characteristics of the DEX file of the Android executable file are fully analyzed and utilized, the DEX file is converted into RGB images and texts by means of the block characteristics of the DEX file, and then the image characteristics and the text characteristics are extracted respectively to classify Android malicious software. Compared with a dynamic and static analysis method, the method has higher analysis efficiency and anti-interference performance. Compared with the gray level graph, the RGB graph has color characteristics except texture characteristics, and can characterize Android application software in more dimensions. In addition, text features are added outside the image features, and the classification efficiency is not affected by the combination of the image features and the text features, so that the Android malicious family is more accurately classified.
Disclosure of Invention
The invention aims to provide an Android malicious software family classification method which can improve the accuracy of Android malicious software family classification.
In order to achieve the above object, the present invention provides the following solutions:
an Android malware family classification method, comprising:
acquiring an Android installation package file, and extracting a DEX file from the Android installation package file;
analyzing the header file of the DEX file to obtain sections of the DEX file, and calculating byte codes, the duty ratio and the discrete soil moisture value of each section;
determining a pixel matrix according to byte codes, the duty ratio and the discrete soil moisture value of each section area, and converting the pixel matrix into an RGB image;
extracting texture features and color features of the RGB image;
extracting text information of the DEX file, and filtering symbols in the text information by adopting a text filter to obtain a plain text file; the text filter is a filter generated according to an ASSIC code table coding range;
word segmentation is carried out on the plain text file to obtain a plurality of keywords;
calculating the weight of each keyword, sorting the keywords according to the descending order of the weights, and selecting a certain number of keywords as target keywords;
calculating a hash value of the target keyword by adopting an md5 hash algorithm;
determining text characteristics according to the hash value and the weight of the target keywords;
and fusing the texture features, the color features and the text features by utilizing a multi-core learning feature fusion algorithm to determine a malicious software family in the Android installation package file.
Optionally, extracting the DEX file from the Android installation package file specifically includes:
decompressing the Android installation package file to obtain a decompressed folder;
and extracting the DEX file with the suffix of the DEX from the decompressed folder.
Optionally, the sections of the DEX file are respectively: header section, string section, type section, method prototype section, field section, method section, class definition section, and data section.
Optionally, extracting text information of the DEX file specifically includes:
and extracting the last seven bits of each byte of the digital section of the DEX file to obtain text information.
Optionally, determining a pixel matrix according to the byte code, the duty ratio and the discrete soil moisture value of each section, and converting the pixel matrix into an RGB image, which specifically includes:
converting each block into a matrix, and calculating byte codes, duty ratios and discrete soil moisture values of each block;
combining byte codes, duty ratio and discrete soil moisture values of any block to obtain a pixel matrix of the block;
an RGB image is determined from the pixel matrix for each tile.
Optionally, extracting texture features and color features of the RGB image specifically includes:
extracting texture features of the RGB image by using a GIST algorithm;
color features of the RGB image are extracted using color moments.
Optionally, the texture feature, the color feature and the text feature are fused by using a feature fusion algorithm of multi-core learning to determine a malware family in an Android installation package file, which specifically includes:
selecting kernel functions of texture features, kernel functions of color features and kernel functions of text features;
linearly combining the kernel functions of the texture features, the kernel functions of the color features and the kernel functions of the text features, and iteratively updating the weights of the kernel functions of the texture features, the weights of the kernel functions of the color features and the weights of the kernel functions of the text features to determine the optimal weights of the texture features, the optimal weights of the color features and the optimal weights of the text features;
and classifying the Android malicious software families by adopting a support vector machine according to the optimal weight of the texture features, the optimal weight of the color features and the optimal weight of the text features so as to determine the malicious software families in the Android installation package file.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
according to the method, the Android installation package file is decompressed, the code execution file DEX file is extracted, and then the header file of the DEX file is analyzed to obtain blocks with different functions; the method comprises the steps of visualizing and textualizing a DEX file by utilizing each block and features among the blocks, converting the DEX file into more visual RGB images and texts, extracting image features and text features as features of the DEX file, wherein the front keywords in a sorting queue are selected in a weight sorting mode, so that the weight corresponding to the selected keywords is larger, the text features extracted on the basis of the keywords with high weight are more accurate, the classification accuracy of a malicious software family is improved, and the method directly operates the DEX file byte codes, reduces the influence of confusion and reinforcement on analysis, and the classification of the Android malicious family is improved by combining the image features and the text features.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a frame diagram of an Android malware family classification method provided by the invention;
FIG. 2 is a flow chart of a visualization process of a DEX file;
fig. 3 is a framework diagram of a feature fusion algorithm based on multi-core learning.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention aims to provide an Android malicious software family classification method based on DEX file partition characteristics, which is used for visualizing and textualizing a DEX file according to the DEX file block characteristics, converting the DEX file into an RGB image and a plain text respectively, and extracting RGB image characteristics and text characteristics as Android malicious sample characteristics. And finally, accurately classifying the Android malicious software by using a multi-feature fusion algorithm based on multi-core learning.
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
As shown in fig. 1, the invention provides an Android malicious family classification method based on DEX file characteristics, which mainly comprises four main steps: DEX file extraction, DEX file processing, feature extraction and learning classification. The DEX file extraction is to decompress an Android installation package APK file, and then extract a DEX file with suffix of the DEX from a decompressed folder; the DEX file processing comprises visualization and textualization of the DEX file, wherein after the DEX file is obtained, the DEX file is subjected to block division by analyzing a header file area of the DEX file, and the DEX file is respectively converted into an RGB image and a plain text file by utilizing the divided block characteristics; the feature extraction comprises the steps of extracting image features of RGB images and text features of plain texts; the learning classification is to integrate and classify the obtained image features and text features by using a feature fusion algorithm of multi-core learning.
The specific implementation comprises the following seven small steps.
Step one, extracting a DEX file: decompressing the Android installation package APK file, extracting a DEX file with a suffix of DEX from the decompressed folder, and obtaining 8 sections of the DEX file by analyzing the header file of the DEX file.
Step two, visualizing the DEX file: selecting the DEX file byte code as one of the channels, and selecting the duty ratio and the entropy value of the block as the other two channels because the difference of character strings, variables, methods and classes can lead to the difference of the length and the content of the block, and combining the three channels to obtain a three-dimensional vector with the length corresponding to the size of the DEX file; in order to introduce file size characteristics, the matrix width is judged by the file size in the process of matrixing the vector; finally, the matrix is converted into an RGB image, as shown in fig. 2.
When the DEX file is visualized, the characteristics of the DEX section are fully utilized to convert the DEX file into an RGB image, and compared with the traditional gray level image, the method has more characteristics and is helpful for improving the classification accuracy.
Step three, textualizing the DEX file: the data section stores character strings related to all DEX files, wherein the character strings comprise variable names, class names, method names and the like; the DEX file adopts an LEB128 coding mode, and each LEB128 coding value consists of 1-5 bytes and jointly represents one value; each byte has its most significant bit set (except for the last byte in the sequence, its most significant bit has been cleared); the remaining 7 bits of each byte are the payload; the 7-bit valid bit corresponds exactly to the ASSIC code table. Text information can be generated by extracting the last seven bits of each byte; in the process of generating text information, a large number of irrelevant symbols are generated due to the existence of separation symbols in the DEX file format, so that the extraction of the following text features is influenced; therefore, a text filter is generated according to the encoding range of the ASSIC code table, irrelevant symbols are filtered by the text filter, and only plain text information related to the character strings is left.
When the DEX file is visualized and textified, the operation on the DEX file is directly performed, so that an API of application software is not required to be extracted, and the influence of reinforcement and confusion on analysis is reduced.
Extracting texture features of the RGB image: extracting texture features by using a GIST algorithm; texture features are global features that describe the surface properties of a scene to which an image or image region corresponds. As a statistical feature, texture features often have rotational invariance and are more resistant to noise.
Step five, extracting RGB image color characteristics: color features of an RGB image are extracted using color moments, which describe the surface properties of the image or image area, independent of image rotation and translation changes.
Step six, extracting text characteristics: the text is segmented, weights are calculated, all keywords are ordered according to the weights, a certain number of keywords are selected, and then the hash value of each keyword is calculated by using an md5 hash algorithm. The weight of the keyword is given to the hash value by referring to the algorithm flow of the Simhash algorithm, and then the positive and negative are set according to each digit. And finally accumulating the arrays of all the keywords to obtain text features.
When the text features are extracted, the improved Simhash algorithm is adopted to extract the text features of the plain text file, so that the characteristics of data similarity are maintained, and the method can be used for calculating massive text similarity.
Step seven, classifying by using a characteristic fusion algorithm of multi-core learning: the optimal kernel functions of the texture features, the color features and the text features are selected, then the kernel functions are linearly combined, the weight of the kernel functions is updated through continuous iteration, the weight construction kernel matrix under the optimal condition is determined to realize the construction of the classifier, and finally the classifier is used for classification, as shown in figure 3.
According to the invention, android malicious software is converted into RGB images and text files by using the subject fusion thought, so that the requirements of the field are met by using advanced technologies in the related field.
The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to assist in understanding the methods of the present invention and the core ideas thereof; also, it is within the scope of the present invention to be modified by those of ordinary skill in the art in light of the present teachings. In view of the foregoing, this description should not be construed as limiting the invention.
Claims (7)
1. The Android malicious software family classification method is characterized by comprising the following steps of:
acquiring an Android installation package file, and extracting a DEX file from the Android installation package file;
analyzing the header file of the DEX file to obtain sections of the DEX file, and calculating byte codes, the duty ratio and the discrete soil moisture value of each section;
determining a pixel matrix according to byte codes, the duty ratio and the discrete soil moisture value of each section area, and converting the pixel matrix into an RGB image;
extracting texture features and color features of the RGB image;
extracting text information of the DEX file, and filtering symbols in the text information by adopting a text filter to obtain a plain text file; the text filter is a filter generated according to an ASSIC code table coding range;
word segmentation is carried out on the plain text file to obtain a plurality of keywords;
calculating the weight of each keyword, sorting the keywords according to the descending order of the weights, and selecting a certain number of keywords as target keywords;
calculating a hash value of the target keyword by adopting an md5 hash algorithm;
determining text characteristics according to the hash value and the weight of the target keywords;
and fusing the texture features, the color features and the text features by utilizing a multi-core learning feature fusion algorithm to determine a malicious software family in the Android installation package file.
2. The Android malware family classification method according to claim 1, wherein extracting a DEX file from the Android installation package file specifically comprises:
decompressing the Android installation package file to obtain a decompressed folder;
and extracting the DEX file with the suffix of the DEX from the decompressed folder.
3. The Android malware family classification method according to claim 1, wherein the sections of the DEX file are respectively: header section, string section, type section, method prototype section, field section, method section, class definition section, and data section.
4. The Android malware family classification method according to claim 3, wherein extracting text information of the DEX file specifically comprises:
and extracting the last seven bits of each byte of the digital section of the DEX file to obtain text information.
5. The Android malware family classification method according to claim 1, wherein determining a pixel matrix according to byte codes, duty ratios and discrete soil moisture values of each section, and converting the pixel matrix into an RGB image, specifically comprises:
converting each block into a matrix, and calculating byte codes, duty ratios and discrete soil moisture values of each block;
combining byte codes, duty ratio and discrete soil moisture values of any block to obtain a pixel matrix of the block;
an RGB image is determined from the pixel matrix for each tile.
6. The Android malware family classification method according to claim 1, wherein extracting texture features and color features of the RGB image specifically comprises:
extracting texture features of the RGB image by using a GIST algorithm;
color features of the RGB image are extracted using color moments.
7. The Android malware family classification method according to claim 1, wherein the texture features, the color features and the text features are fused by using a feature fusion algorithm of multi-core learning to determine malware families in an Android installation package file, and specifically comprises:
selecting kernel functions of texture features, kernel functions of color features and kernel functions of text features;
linearly combining the kernel functions of the texture features, the kernel functions of the color features and the kernel functions of the text features, and iteratively updating the weights of the kernel functions of the texture features, the weights of the kernel functions of the color features and the weights of the kernel functions of the text features to determine the optimal weights of the texture features, the optimal weights of the color features and the optimal weights of the text features;
and classifying the Android malicious software families by adopting a support vector machine according to the optimal weight of the texture features, the optimal weight of the color features and the optimal weight of the text features so as to determine the malicious software families in the Android installation package file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310412232.7A CN116383819A (en) | 2020-03-10 | 2020-03-10 | Android malicious software family classification method |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010162791.3A CN113378163A (en) | 2020-03-10 | 2020-03-10 | Android malicious software family classification method based on DEX file partition characteristics |
| CN202310412232.7A CN116383819A (en) | 2020-03-10 | 2020-03-10 | Android malicious software family classification method |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010162791.3A Division CN113378163A (en) | 2020-03-10 | 2020-03-10 | Android malicious software family classification method based on DEX file partition characteristics |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116383819A true CN116383819A (en) | 2023-07-04 |
Family
ID=77568841
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010162791.3A Pending CN113378163A (en) | 2020-03-10 | 2020-03-10 | Android malicious software family classification method based on DEX file partition characteristics |
| CN202310412232.7A Pending CN116383819A (en) | 2020-03-10 | 2020-03-10 | Android malicious software family classification method |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010162791.3A Pending CN113378163A (en) | 2020-03-10 | 2020-03-10 | Android malicious software family classification method based on DEX file partition characteristics |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN113378163A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117574364A (en) * | 2023-07-27 | 2024-02-20 | 广东工业大学 | Android malicious software detection method and system based on PSEAM-MobileNet neural network |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114329472B (en) * | 2021-12-31 | 2023-05-19 | 淮阴工学院 | BIOS malicious program detection method and device based on dual embedding and model pruning |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9792433B2 (en) * | 2013-12-30 | 2017-10-17 | Beijing Qihoo Technology Company Limited | Method and device for detecting malicious code in an intelligent terminal |
| CN106096411B (en) * | 2016-06-08 | 2018-09-18 | 浙江工业大学 | A kind of Android malicious code family classification methods based on bytecode image clustering |
| CN107103235A (en) * | 2017-02-27 | 2017-08-29 | 广东工业大学 | A kind of Android malware detection method based on convolutional neural networks |
| CN108280348B (en) * | 2018-01-09 | 2021-06-22 | 上海大学 | Android malicious software identification method based on RGB image mapping |
| CN108280350B (en) * | 2018-02-05 | 2021-09-28 | 南京航空航天大学 | Android-oriented mobile network terminal malicious software multi-feature detection method |
| CN108710608A (en) * | 2018-04-28 | 2018-10-26 | 四川大学 | A kind of malice domain name language material library generating method based on context semanteme |
| CN109190371A (en) * | 2018-07-09 | 2019-01-11 | 四川大学 | A kind of the Android malware detection method and technology of Behavior-based control figure |
-
2020
- 2020-03-10 CN CN202010162791.3A patent/CN113378163A/en active Pending
- 2020-03-10 CN CN202310412232.7A patent/CN116383819A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117574364A (en) * | 2023-07-27 | 2024-02-20 | 广东工业大学 | Android malicious software detection method and system based on PSEAM-MobileNet neural network |
| CN117574364B (en) * | 2023-07-27 | 2024-05-10 | 广东工业大学 | Android malicious software detection method and system based on PSEAM-MobileNet neural network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113378163A (en) | 2021-09-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108062478B (en) | Global feature visualization and local feature combined malicious code classification method | |
| CN101710334B (en) | Large-scale image library retrieving method based on image Hash | |
| US10902937B2 (en) | Lossless compression of DNA sequences | |
| CN116383819A (en) | Android malicious software family classification method | |
| CN111552964A (en) | Malicious software classification method based on static analysis | |
| CN108280480B (en) | Latent image carrier security evaluation method based on residual error co-occurrence probability | |
| CN108256587A (en) | Determining method, apparatus, computer and the storage medium of a kind of similarity of character string | |
| CN115511890B (en) | Analysis system for large-flow data of special-shaped network interface | |
| CN113221115B (en) | Visual malicious software detection method based on collaborative learning | |
| CN114567487A (en) | DNS hidden tunnel detection method with multi-feature fusion | |
| CN106408025A (en) | Classification and recognition method of aerial image insulators based on image processing | |
| CN101794378A (en) | Rubbish image filtering method based on image encoding | |
| CN112884061A (en) | Malicious software family classification method based on parameter optimization meta-learning | |
| CN116340944A (en) | Malicious code classification method and system based on RGB image and lightweight model | |
| CN106228172B (en) | Damaged insulator image extraction method based on clustering | |
| CN114510721B (en) | Static malicious code classification method based on feature fusion | |
| CN111552965A (en) | Malicious software classification method based on PE (provider edge) header visualization | |
| CN113992625B (en) | Domain name source station detection method, system, computer and readable storage medium | |
| Yujie et al. | End-to-end android malware classification based on pure traffic images | |
| CN113282926B (en) | Malicious software classification method based on three-channel image | |
| CN105469099B (en) | Pavement crack detection and identification method based on sparse representation classification | |
| CN116975864A (en) | Malicious code detection method and device, electronic equipment and storage medium | |
| CN116595525A (en) | Threshold mechanism malicious software detection method and system based on software map | |
| CN111091580A (en) | Stumpage image segmentation method based on improved ResNet-UNet network | |
| CN109858247A (en) | A kind of Malware classification method of three characteristic model of static state based on XGBoost |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |