Patent
Android malicious code detection system and method based on Opcode backtracking
Yuan Haitao,Pan Xuanchen,Xiao Xinguang +2 more
- 02 Jul 2014
5
TL;DR: In this paper, an android malicious code detection system and method based on Opcode backtracking is presented. But, the method is limited to Android, and it is not suitable for Java.
read more
Abstract: The invention discloses an android malicious code detection system and method based on Opcode backtracking. The method includes the steps that firstly, a rule base is established, and detection strategies are customized by the rule base according to an object to be detected; an API called initially is placed in a queue as a name to be matched; the name to be matched is read from the queue, and names of functions called by all Opcode instructions are obtained by using a dex analysis and Opcode disassembling module; the names of the called functions are contrasted with the name to be matched, the name of the function where the successfully matched Opcode instruction belongs is placed in the queue as a name to be matched, the operations are repeated until the queue is empty, whether a called relational tree conforms to detection rules customized in the rule base or not is analyzed and judged on the basis of the rule base, and if yes, the relational tree is a malicious sample; otherwise the relational tree is safe. According to the Android malicious mode detection system and method based on Opcode backtracking, the problems of false alarm and alarm failure in an existing malicious code detection method can be well solved.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Patent
Distributed source code detection system and the method based on the serialized intermediate representation
Zhang Lei,Han Jian +1 more
- 04 Jan 2017
TL;DR: In this paper, a distributed source code detection system based on the serialized intermediate representation is presented, the system functions in the following steps: coordinating the nodes, determining the programming language and the edition of compiler used for the source code to be detected.
3
Patent
A processor instruction set testing method and device
Meng Dan,Li Danping,Zhu Ziyuan,Shi Gang +3 more
- 21 Jun 2019
TL;DR: In this paper, the whole instruction space is divided into a defined instruction set and an undefined instruction set according to an instruction set manual published by a processor design manufacturer; the two types of instruction sets respectively adopt different testing methods.
2
Patent
Android malicious application family classification method and device and electronic equipment
Liu Chao,Yu Min,Song Li,Jianguo Jiang,Weiqing Huang,Zhu Dali +5 more
- 31 May 2019
TL;DR: In this article, an Android malicious application family classification method and device and electronic equipment is presented. And the method comprises the steps: carrying out the preprocessing of an APK file of an Android malware application, and obtaining a smali file corresponding to the APK, counting different method blocks containing sensitive elements, and uniformly expressing the Opcode by using a formalized operation code to generate a sensitive operation code sequence, generating a text feature vector, and classifying the Android malicious applications.
1
Patent
Method and device for detecting malicious code in elf file
Yuan Haitao,Yue Dong,Hu Xuefei,Pan Xuanchen +3 more
- 02 Jun 2016
TL;DR: In this paper, a method for detecting malicious code in an ELF file is presented, which includes the acquisition of functions as well as code instruction offset and code instruction length of the functions in ELF files.
Patent
Sample processing method, apparatus and system
Ji Yuchao
- 24 May 2017
TL;DR: In this paper, a sample processing method, apparatus and system is described, where each piece of version information transmitted through a version sniffing API is taken as the pollution object, so that whether the to-be-detected sample is deformed or not, whether it executes the environment detection or not can be accurately detected.
Related Papers (5)
Robert Grieb,David M. McWherter +1 more
- 19 Jun 1998
Zhu Haixing
- 04 May 2016
Qingbao Li,Ping Zhang,Guangyu Zeng +2 more
- 13 Apr 2011