Method and system for identifying Android escape software based on function call and condition features
The invention discloses a method and a system for identifying Android escape software based on function call and condition features, and solves the problem that the system omits a part of malicious Android software with escape behaviors due to the fact that an existing Android malicious software det...
Saved in:
Main Authors | , , , , , , |
---|---|
Format | Patent |
Language | Chinese English |
Published |
11.11.2022
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The invention discloses a method and a system for identifying Android escape software based on function call and condition features, and solves the problem that the system omits a part of malicious Android software with escape behaviors due to the fact that an existing Android malicious software detection system cannot identify the escape software. The method comprises the following steps: decompiling a test Android APK file to obtain an API called in the tested Android APK, forming a calling relationship between APIs related to some artificially extracted escape software features and sensitive API features in combination with the artificially extracted escape software features and sensitive API features, extracting conditional statements related to API calling points, and extracting the conditional statements related to the API calling points. Therefore, one APK can be represented by two types of data of the call graph and the condition feature, and the APK is further represented in a vectorization manner by |
---|---|
Bibliography: | Application Number: CN202210888793 |