CN110704841A - Convolutional neural network-based large-scale android malicious application detection system and method - Google Patents
Convolutional neural network-based large-scale android malicious application detection system and method Download PDFInfo
- Publication number
- CN110704841A CN110704841A CN201910903669.4A CN201910903669A CN110704841A CN 110704841 A CN110704841 A CN 110704841A CN 201910903669 A CN201910903669 A CN 201910903669A CN 110704841 A CN110704841 A CN 110704841A
- Authority
- CN
- China
- Prior art keywords
- android
- application
- feature
- detection
- malicious
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Biomedical Technology (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Biophysics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Virology (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
A large-scale android malicious application detection system and method based on a convolutional neural network comprise a feature extraction module, a feature processing module, a deep learning module and a malicious application detection module. By collecting a large amount of normal and malicious android applications, android application features are extracted more comprehensively by using a mode of combining static analysis and dynamic analysis, and the recognition capability of the system to unknown malicious applications is improved. The characteristics are processed into a two-dimensional matrix form, and the characteristics are independently learned and trained by utilizing a convolutional neural network model, so that the maliciousness of the android application is accurately identified.
Description
Technical Field
The invention relates to the technical field of mobile terminal security, in particular to a large-scale android malicious application detection system and method based on a convolutional neural network.
Background
Android, as the most popular mobile intelligent operating system at present, has huge number of devices and users, rich application programs and wide attention on safety. Nowadays, mobile devices are closely related to the work and life of users, and with the intellectualization of the mobile devices, sensitive information such as user identity information, position information and privacy data contained in the mobile devices is more and more, so that the safety problem of the mobile devices is more prominent. Because the android system has the characteristics of openness and fragmentation, and the security authentication mechanism aiming at the android application store is still not sound at present, more and more attackers take the android system as a main attack target. And 360, displaying an android malicious software thematic report issued by the Internet security center: about 434.2 ten thousand newly added malicious program samples of the mobile terminal are intercepted in 2018, the number is reduced by about 42.7% compared with that in 2017, and about 1.2 ten thousand newly added programs are added each day on average.
At present, most security manufacturers detect the malicious android applications by using a feature code-based method, and have the advantages of high detection speed, low detection accuracy and timely updating of a feature library. With the explosive growth of android malicious applications, code confusion, encryption and other detection avoidance measures are increased, and the detection difficulty and cost are further increased. In order to overcome the above problems, a detection method based on behavior characteristics has been developed, but such a method needs to collect a large number of characteristics, and has high requirements on detection environment and time due to the need to detect runtime behaviors of applications, and consumes a large amount of computing resources and time. There is a need to provide a detection method with high detection speed, high accuracy and expandability.
Most malicious applications are only variants modified on the basis of a certain malicious application, both of which have a large amount of repetitive code.
Disclosure of Invention
The technical problem of the invention is solved: the defects of the prior art are overcome, and the system and the method for detecting the large-scale android malicious application based on the convolutional neural network are provided, so that higher detection accuracy and higher detection speed can be achieved.
The technical solution of the invention is as follows: the large-scale android malicious application detection system based on the convolutional neural network converts the feature document containing the application features into a two-dimensional matrix form, can be visualized as a picture, can conveniently add new features to the feature document, has good expansibility, and then utilizes a convolutional neural network model which is excellent in image recognition field to detect malicious application, so that the system can achieve high detection accuracy and high detection speed.
As shown in fig. 1, the system of the present invention comprises:
a feature extraction module: for each android application to be detected submitted by a user, three tools, namely, an apktool tool, an android guard tool and a android box tool are used for detection to obtain a corresponding detection report. The android application is decompiled by the aid of the android tool, configuration files are obtained, and authority features are extracted from the configuration files. And extracting the using conditions, NDK reflection information and encryption confusion information of the four android components, namely Activity, Service, Broadcast Receiver and Content Provider, from the android detection report. And acquiring the dynamic operation behavior executed by each application through the droidbox. Each android application corresponds to a feature document containing all the features, wherein each line represents one feature;
a characteristic processing module: and traversing all the feature documents obtained from the feature extraction module, acquiring all the appeared features as a word bank, and vectorizing each feature in the word bank. In addition, "Unknown" features are added to the lexicon for later matching of Unknown features that are not in the lexicon. For each application, converting the feature document of the application into a two-dimensional matrix according to the word stock, and using the two-dimensional matrix as the input of a deep learning module;
a deep learning module: extracting and training features of the input two-dimensional matrix by using a convolutional neural network to obtain a well-learned model serving as a final detection model;
malicious application detection module: a user submits the android application to be detected through a web, and whether the android application exists in a database or not is compared through file hashes, wherein the database is the file hashes of all android normal and malicious applications collected by the method and is provided with a 'normal' or 'malicious' label. And if the detection report exists, the detection report is directly returned, and if the detection report does not exist, the detection is carried out through the detection model obtained by the deep learning module, the detection report is obtained, and the report is returned to the user.
The large-scale android malicious application detection method based on the convolutional neural network comprises the following implementation steps:
the method comprises the following steps of firstly, collecting android application samples, wherein the android application samples comprise normal applications and malicious applications, 18000 normal applications are obtained through a crawler Google Play Store, and 18000 malicious applications are obtained through a Virusschare website. Then, storing the file hash of each application and a label with 'normal' or 'malicious' in a database;
and secondly, extracting application characteristics in batch by using a mode of combining static analysis and dynamic analysis to form a characteristic document. For each android application to be detected submitted by a user, three tools, namely, an apktool tool, an android guard tool and a android box tool are used for detection to obtain a corresponding detection report. The android application is decompiled by the aid of the android tool, configuration files are obtained, and authority features are extracted from the configuration files. Usage, NDK reflection information and encryption obfuscation information of the android four components, namely Activity, Service, BroadcastReceiver and Content Provider, are extracted from the android inspection report. And acquiring the dynamic operation behavior executed by each application through the droidbox. Each android application corresponds to a feature document containing all the features, wherein each line represents one feature;
and thirdly, converting the characteristic document of each application into a two-dimensional matrix form. And traversing all the feature documents obtained from the feature extraction module, acquiring all the appeared features as a word bank, and vectorizing each feature in the word bank. In addition, "Unknown" features are added to the lexicon for later matching of Unknown features that are not in the lexicon. For each application, converting the feature document of the application into a two-dimensional matrix according to the word stock, and using the two-dimensional matrix as the input of a deep learning module;
fourthly, extracting and training features of the input two-dimensional matrix by using a convolutional neural network to obtain a well-learned model serving as a final detection model;
and fifthly, submitting the android application to be detected through the web by a user, comparing whether the android application to be detected is stored in the database through file hash, if so, directly returning a detection report, and if not, detecting through a detection model obtained by the deep learning module to obtain a detection report and returning the report to the user.
Compared with the prior art, the invention has the advantages that:
(1) the method is an effective supplement to the traditional android malicious application detection method. In order to better represent the maliciousness of the android malicious application and reduce the influence of confusion technology and encryption technology on the detection accuracy to the maximum extent, a method combining static analysis and dynamic analysis is applied to analyze and extract the characteristics, the identification capability and the detection accuracy of the system to unknown application are improved, the system has certain expansibility, more characteristics can be added, and a good foundation is laid for more accurately detecting the malicious application.
(2) The characteristics of each application are converted into a two-dimensional matrix form and can be visualized into pictures, the characteristics of malicious applications can be learned more efficiently by combining a convolutional neural network model which is excellent in image recognition, and the higher detection accuracy and the higher detection speed are achieved.
Drawings
FIG. 1 is a flow chart of the system of the present invention;
FIG. 2 is a diagram of a feature extraction module implementation in the system of the present invention;
FIG. 3 is a deep learning module implementation process in the system of the present invention.
Detailed Description
The present invention will be described in detail with reference to the accompanying drawings
As shown in fig. 1, the large-scale android malicious application detection system based on the convolutional neural network of the present invention is composed of a feature extraction module, a feature processing module, a deep learning module, and a malicious application detection module.
The whole implementation process is as follows:
(1) collecting android application samples, wherein the android application samples comprise normal applications and malicious applications, 18000 normal applications are obtained through a crawler Google Play Store, and 18000 malicious applications are obtained through a Virusschare website. The file hash and the tag with "normal" or "malicious" for each application are then stored in a database.
(2) Extracting application characteristics in batch by using a mode of combining static analysis and dynamic analysis to form a characteristic document, as shown in fig. 2, for each android application to be detected submitted by a user, decompiling the android application by using an apktool to obtain a configuration file, and extracting authority characteristics from the configuration file; and extracting the using conditions, NDK reflection information and encryption confusion information of the four android components, namely Activity, Service, Broadcast Receiver and Content Provider, from the android detection report. The above information serves as a static feature. By installing and running the applications 30s in the droidbox, the dynamic operation behavior executed by each application is acquired from the running log thereof as the dynamic feature. The above static and dynamic features collectively serve as the feature set of the present invention. Each android application corresponds to a feature document containing a feature set, where each row represents a feature.
(3) And converting each applied feature document into a two-dimensional matrix form, traversing all feature documents obtained from the feature extraction module, acquiring all the appeared features as a word bank, and vectorizing each feature in the word bank. In addition, "Unknown" features are added to the lexicon for later matching of Unknown features that are not in the lexicon. For each application, the feature document of the application is converted into a two-dimensional matrix according to the word stock and used as the input of the deep learning module.
(4) And (3) extracting and training the features of the input two-dimensional matrix by using a convolutional neural network to obtain a well-learned model which is used as a final detection model.
(4.1) the structure of the convolutional neural network is shown in FIG. 3. For an input two-dimensional matrix, firstly, convolution is carried out by utilizing convolution kernels of 3 different scales, wherein the lengths of the convolution kernels are 3, 4 and 5 respectively, the width of the convolution kernels is the same as that of the two-dimensional matrix, 50 convolution kernels of each scale are provided, and a plurality of groups of feature maps are extracted by adopting a ReLU as an activation function. And then, a maximum pooling strategy is used for each convolution result, the data scale is reduced, and the generalization processing capacity of the convolutional neural network is enhanced. And finally, sending the data into a softmax classifier through a full connection layer for classification.
And (4.2) randomly selecting 50% of the normal application and malicious application sets as training samples, wherein 10% of the training samples are used as verification samples. The remaining 50% was used as test sample. And in each training process, observing the accuracy and the loss value of the verification sample, and stopping training when the loss value is not reduced any more to obtain a mature learning model as a final detection model.
(4.3) dividing the characteristics into 3 groups, wherein the characteristic group I is authority characteristics, the characteristic group II is characteristics obtained in an android detection report, the characteristic group III is dynamic characteristics, and the influence of different characteristic groups on the detection accuracy and the training time is shown in Table 1.
Table 1 shows the results of the experimental tests performed in the system of the present invention.
Table 1 when there is only feature group i, the detection accuracy is 98.8913%, and the training time is 79 s; when the feature group I and the feature group II are added, the detection accuracy is 99.0807%, the training time is 126s, and the effectiveness of the feature group II is illustrated; when the feature group I and the feature group III are added, the detection accuracy is 99.1019%, the training time is 134s, and the effectiveness of the feature group III is illustrated; when all feature sets were added, the detection accuracy increased to 99.2104%, and the training time was 141 s. With the addition of the feature group, the detection accuracy rate is higher and higher, and the effectiveness of the feature group for identifying malicious applications and the expansibility of a system are verified.
(5) And submitting the android application to be detected through the web by a user, comparing whether the android application to be detected exists in the database through file hash, if so, directly returning a detection report, and if not, detecting through a detection model obtained by the deep learning module to obtain a detection report and returning the report to the user.
In a word, the method and the system reduce the influence of confusion technology and encryption technology on the detection accuracy to the maximum extent, analyze and extract the android application characteristics more comprehensively, have certain expansibility, can add more characteristics, and lay a good foundation for more accurately detecting malicious applications. The feature document of each application is converted into a two-dimensional matrix form and can be visualized into a picture, and features of malicious applications can be learned more efficiently by combining a convolutional neural network model which is excellent in image recognition, so that higher detection accuracy and higher detection speed are achieved.
Claims (7)
1. A large-scale android malicious application detection system based on a convolutional neural network is characterized by comprising: the device comprises a feature extraction module, a feature processing module, a deep learning module and a malicious application detection module; wherein:
a feature extraction module: for each android application to be detected submitted by a user, detecting by using an apktool tool, an android guard tool and a android box tool respectively to obtain a corresponding detection report, wherein the apktool is used for decompiling the android application to obtain a configuration file, and extracting authority features from the configuration file; extracting the using conditions, NDK reflection information and encryption confusion information of four android components, namely Activity, Service, Broadcast Receiver and Content Provider, from the android detection report; acquiring a dynamic operation behavior executed by each application through a android box, wherein each android application corresponds to a feature document containing all the features, and each line represents one feature;
a characteristic processing module: traversing all feature documents obtained from the feature extraction module, obtaining all the appeared features as a word bank, vectorizing each feature in the word bank, adding an 'Unknown' feature in the word bank for later matching Unknown features which are not in the word bank, and converting the feature documents into a two-dimensional matrix according to the word bank for each application as the input of a deep learning module;
a deep learning module: extracting and training features of the input two-dimensional matrix by using a convolutional neural network to obtain a well-learned model serving as a final detection model;
malicious application detection module: a user submits android application to be detected through a web, and whether the android application exists in a database or not is compared through file hashes, wherein the database is the collected file hashes of all android normal and malicious applications and tags with 'normal' or 'malicious'; and if the detection report exists, the detection report is directly returned, and if the detection report does not exist, the detection is carried out through the detection model obtained by the deep learning module, the detection report is obtained, and the report is returned to the user.
2. The convolutional neural network-based large-scale android malicious application detection system of claim 1, characterized in that: the deep learning module is realized as follows:
for an input two-dimensional matrix, firstly, convolution is carried out by utilizing convolution kernels of 3 different scales, wherein the lengths of the convolution kernels are 3, 4 and 5 respectively, the width of the convolution kernels is the same as that of the two-dimensional matrix, 50 convolution kernels of each scale are provided, a plurality of groups of feature maps are extracted by adopting ReLU as an activation function, then a maximum pooling strategy is used for each convolution result to reduce the data scale and enhance the generalization processing capability of a convolution neural network, finally, the convolution results are sent to a softmax classifier through a full connection layer for classification, and a learning mature model is obtained through continuous training and is used as a final detection model.
3. A large-scale android malicious application detection method based on a convolutional neural network is characterized by comprising the following steps: the method comprises the following steps:
firstly, collecting android application samples, extracting file hashes of the android application samples, and storing the file hashes of the android application samples and tags with 'normal' or 'malicious' in a database;
secondly, extracting application characteristics in batch by using a mode of combining static analysis and dynamic analysis to form a characteristic document;
thirdly, converting the characteristic document of each application into a two-dimensional matrix form;
fourthly, extracting and training features of the input two-dimensional matrix by using a convolutional neural network to obtain a well-learned model serving as a final detection model;
and fifthly, submitting the android application to be detected through the web by a user, comparing whether the android application to be detected is stored in the database through file hash, if so, directly returning a detection report, and if not, detecting through a detection model obtained by the deep learning module to obtain a detection report and returning the report to the user.
4. The convolutional neural network-based large-scale android malicious application detection method as claimed in claim 3, characterized in that: in the first step, the android applications comprise normal applications and malicious applications, wherein 18000 normal applications are acquired through a crawler Google Play Store, 18000 malicious applications are acquired through a Virusschare website, and then the file hash and the label with 'normal' or 'malicious' of each application are stored in a database.
5. The convolutional neural network-based large-scale android malicious application detection method as claimed in claim 3, characterized in that: in the second step, the application features are extracted in batch by using a combination of static and dynamic analysis, wherein the features obtained by the static analysis include: the authority characteristics extracted from the configuration file obtained after decompilation, and the Service conditions, NDK reflection information and encryption confusion information of four android components, namely Activity, Service, Broadcast Receiver and ContentProvider, extracted from the android guard detection report; the characteristics obtained by the dynamic analysis are that the application executes the dynamic operation behavior acquired within 30s in the droidbox.
6. The convolutional neural network-based large-scale android malicious application detection method as claimed in claim 3, characterized in that: in the third step, the feature document of each application is converted into a two-dimensional matrix form, firstly, all the feature documents obtained from the feature extraction module are traversed, all the appeared features are obtained to be used as a word stock, and each feature in the word stock is vectorized; furthermore, an "Unknown" feature is added to the lexicon for later matching of Unknown features not in the lexicon, for each application, its feature document is converted from the lexicon into a two-dimensional matrix, with each row representing a feature.
7. The convolutional neural network-based large-scale android malicious application detection method as claimed in claim 3, characterized in that: in the fourth step, for an input two-dimensional matrix, convolution is carried out by utilizing convolution kernels of 3 different scales, wherein the lengths of the convolution kernels are 3, 4 and 5 respectively, the width of the convolution kernels is the same as that of the two-dimensional matrix, 50 convolution kernels of each scale are adopted, a plurality of groups of characteristic graphs are extracted by adopting a ReLU as an activation function, then a maximum pooling strategy is used for each convolution result, the data scale is reduced, and the generalization processing capacity of a convolutional neural network is enhanced; finally, the full connection layer is sent into a softmax classifier for classification; and continuously training to obtain a learning mature model as a final detection model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910903669.4A CN110704841A (en) | 2019-09-24 | 2019-09-24 | Convolutional neural network-based large-scale android malicious application detection system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910903669.4A CN110704841A (en) | 2019-09-24 | 2019-09-24 | Convolutional neural network-based large-scale android malicious application detection system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110704841A true CN110704841A (en) | 2020-01-17 |
Family
ID=69195607
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910903669.4A Pending CN110704841A (en) | 2019-09-24 | 2019-09-24 | Convolutional neural network-based large-scale android malicious application detection system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110704841A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112434296A (en) * | 2020-12-09 | 2021-03-02 | 广东工业大学 | Detection method and device for malicious android application |
| CN112632548A (en) * | 2020-12-30 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Malicious android program detection method and device, electronic device and storage medium |
| CN113761912A (en) * | 2021-08-09 | 2021-12-07 | 国家计算机网络与信息安全管理中心 | Interpretable judging method and device for malicious software attribution attack organization |
| CN117688565A (en) * | 2024-02-04 | 2024-03-12 | 北京中科网芯科技有限公司 | Malicious application detection method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102945349A (en) * | 2012-10-19 | 2013-02-27 | 北京奇虎科技有限公司 | Method and device for processing unknown files |
| CN107798243A (en) * | 2017-11-25 | 2018-03-13 | 国网河南省电力公司电力科学研究院 | The detection method and device of terminal applies |
| CN108959924A (en) * | 2018-06-12 | 2018-12-07 | 浙江工业大学 | A kind of Android malicious code detecting method of word-based vector sum deep neural network |
| CN108985060A (en) * | 2018-07-04 | 2018-12-11 | 中共中央办公厅电子科技学院 | A kind of extensive Android Malware automated detection system and method |
| KR20190072074A (en) * | 2017-12-15 | 2019-06-25 | 서강대학교산학협력단 | Malware detection system and method thereof |
-
2019
- 2019-09-24 CN CN201910903669.4A patent/CN110704841A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102945349A (en) * | 2012-10-19 | 2013-02-27 | 北京奇虎科技有限公司 | Method and device for processing unknown files |
| CN107798243A (en) * | 2017-11-25 | 2018-03-13 | 国网河南省电力公司电力科学研究院 | The detection method and device of terminal applies |
| KR20190072074A (en) * | 2017-12-15 | 2019-06-25 | 서강대학교산학협력단 | Malware detection system and method thereof |
| CN108959924A (en) * | 2018-06-12 | 2018-12-07 | 浙江工业大学 | A kind of Android malicious code detecting method of word-based vector sum deep neural network |
| CN108985060A (en) * | 2018-07-04 | 2018-12-11 | 中共中央办公厅电子科技学院 | A kind of extensive Android Malware automated detection system and method |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112434296A (en) * | 2020-12-09 | 2021-03-02 | 广东工业大学 | Detection method and device for malicious android application |
| CN112632548A (en) * | 2020-12-30 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Malicious android program detection method and device, electronic device and storage medium |
| CN112632548B (en) * | 2020-12-30 | 2024-01-23 | 北京天融信网络安全技术有限公司 | Malicious android program detection method and device, electronic equipment and storage medium |
| CN113761912A (en) * | 2021-08-09 | 2021-12-07 | 国家计算机网络与信息安全管理中心 | Interpretable judging method and device for malicious software attribution attack organization |
| CN113761912B (en) * | 2021-08-09 | 2024-04-16 | 国家计算机网络与信息安全管理中心 | Interpretable judging method and device for malicious software attribution attack organization |
| CN117688565A (en) * | 2024-02-04 | 2024-03-12 | 北京中科网芯科技有限公司 | Malicious application detection method and system |
| CN117688565B (en) * | 2024-02-04 | 2024-05-03 | 北京中科网芯科技有限公司 | Malicious application detection method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP4058916B1 (en) | Detecting unknown malicious content in computer systems | |
| CN107204960B (en) | Webpage identification method and device and server | |
| CN110704841A (en) | Convolutional neural network-based large-scale android malicious application detection system and method | |
| Zhu et al. | Android malware detection based on multi-head squeeze-and-excitation residual network | |
| CN112866023B (en) | Network detection method, model training method, device, equipment and storage medium | |
| Mehtab et al. | AdDroid: rule-based machine learning framework for android malware analysis | |
| CN111639337B (en) | Unknown malicious code detection method and system for massive Windows software | |
| US10872270B2 (en) | Exploit kit detection system based on the neural network using image | |
| CN105229661B (en) | Method, computing device and the storage medium for determining Malware are marked based on signal | |
| CN107688743B (en) | Malicious program detection and analysis method and system | |
| Qiu et al. | Cyber code intelligence for android malware detection | |
| CN108959924A (en) | A kind of Android malicious code detecting method of word-based vector sum deep neural network | |
| CN107368856B (en) | Malicious software clustering method and device, computer device and readable storage medium | |
| CN113935033B (en) | Feature fusion malicious code family classification method, device and storage medium | |
| CN112148305B (en) | Application detection method, device, computer equipment and readable storage medium | |
| CN108563951B (en) | Virus detection method and device | |
| CN109271788A (en) | A kind of Android malware detection method based on deep learning | |
| CN106874760A (en) | A kind of Android malicious code sorting techniques based on hierarchy type SimHash | |
| Niu et al. | Detecting malware on X86-based IoT devices in autonomous driving | |
| Gao et al. | Malware detection using LightGBM with a custom logistic loss function | |
| CN108959930A (en) | Malice PDF detection method, system, data storage device and detection program | |
| CN111581640A (en) | Malicious software detection method, device and equipment and storage medium | |
| Shrestha et al. | High-performance classification of phishing URLs using a multi-modal approach with MapReduce | |
| CN110012013A (en) | A kind of virtual platform threat behavior analysis method and system based on KNN | |
| CN115545091A (en) | Integrated learner-based malicious program API (application program interface) calling sequence detection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200117 |
|
| RJ01 | Rejection of invention patent application after publication |