Method and system for identifying Android escape software based on function call and condition features

• Main Authors: WANG YIHANG, NIU WEINA, REN XIXUAN, ZHANG RAN, YAN RAN, ZHANG XIAOSONG, LIU XINGYU
• Format: Patent
• Language: Chinese; English
• Published: 11.11.2022
• Subjects: CALCULATING; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; HANDLING RECORD CARRIERS; PHYSICS; PRESENTATION OF DATA; RECOGNITION OF DATA; RECORD CARRIERS

The invention discloses a method and a system for identifying Android escape software based on function call and condition features, and solves the problem that the system omits a part of malicious Android software with escape behaviors due to the fact that an existing Android malicious software detection system cannot identify the escape software. The method comprises the following steps: decompiling a test Android APK file to obtain an API called in the tested Android APK, forming a calling relationship between APIs related to some artificially extracted escape software features and sensitive API features in combination with the artificially extracted escape software features and sensitive API features, extracting conditional statements related to API calling points, and extracting the conditional statements related to the API calling points. Therefore, one APK can be represented by two types of data of the call graph and the condition feature, and the APK is further represented in a vectorization manner by