-
公开(公告)号:US11934495B2
公开(公告)日:2024-03-19
申请号:US17262745
申请日:2018-11-26
发明人: Jeong Hyun Yi , Min Koo Kang
IPC分类号: G06F21/14 , G06F8/41 , G06F8/75 , G06F16/903 , G06F21/64
CPC分类号: G06F21/14 , G06F8/427 , G06F8/75 , G06F16/90344 , G06F21/64
摘要: A device for automatically identifying anti-analysis techniques by using the signature extraction, includes an extraction unit which extracts a DEX file and an ELF file from an application file after unpacking the application file, which is in an APK format and includes compressed execution code to be executed on Android, a detection unit which receives the acquired signature classified according to types of the signature, analytically compares the input signature with the signature stored in a database, and detects the signature used in anti-analysis techniques, and a determination unit which determines according to the detected signature what anti-analysis technique is applied to the application. According to the present invention, it is possible to enable an appropriate and quick response to damages due to malicious applications by shortening the time required for analysis and automatically recognizing the application to which the anti-analysis technique is applied.
-
公开(公告)号:US11886589B2
公开(公告)日:2024-01-30
申请号:US17287056
申请日:2021-01-28
发明人: Jeong Hyun Yi , Yong Gu Shin
CPC分类号: G06F21/566 , G06F8/427 , G06F21/54 , G06F21/562 , G06F2221/033
摘要: A process wrapping method for bypassing native code anti-analysis includes receiving an execution instruction intended to run in an application from an Android framework when the application starts, extracting metadata of string and method from a compiled OAT file using an oatdump tool in the Android framework, determining if anti-analysis techniques are applied by comparing with information of a database (DB) based on the transmitted execution instruction and the extracted metadata, modifying the execution instruction based on the determined information when the anti-analysis technique is applied, and sending the modified execution instruction back to the Android framework. Accordingly, it is possible to provide an environment in which malicious applications to which anti-analysis techniques are applied can be easily analyzed.
-
公开(公告)号:US11809557B2
公开(公告)日:2023-11-07
申请号:US17296892
申请日:2021-01-29
发明人: Jeong Hyun Yi , Eun Byeol Ko
CPC分类号: G06F21/562 , G06N3/08 , G06F2221/033
摘要: A mobile malicious code classification method based on feature selection includes extracting Application Programming Interface (API) feature information including a package name, a class name, a method name and a description from a malicious application of a predefined category, vectorizing a training dataset generated using the package name, the class name and the method name in the API feature information for deep learning, learning the vectorized training dataset to generate a classifier, probabilistically classifying to fit a target malicious application into a category, and defining the category of the target malicious application using a result of the classification and outputting a classification important API. Accordingly, it is possible to deal with malicious behaviors of malicious applications quickly and prevent damage caused by the malicious behaviors.
-
公开(公告)号:US20200344261A1
公开(公告)日:2020-10-29
申请号:US16515723
申请日:2019-07-18
发明人: Jeong Hyun Yi , Kichang Kim
摘要: Provided is a method of application malware detection based on dynamic Application Programming Interface (API) extraction, and a readable medium and an apparatus for performing the same. The method of application malware detection based on dynamic API extraction includes generating an API classifier which classifies an input API as malicious or benign using API used in a sample application classified as malicious application apps or benign application apps, and inputting a pre-stored target API into the API classifier to classify the target API as malicious or benign.
-
公开(公告)号:US20210056182A1
公开(公告)日:2021-02-25
申请号:US16996279
申请日:2020-08-18
发明人: Jeong Hyun Yi , Sunjun Lee
摘要: Provided is a method for bypassing an analysis evasion technique, which includes: loading a dummy DEX file; parsing a dummy method containing a dummy code from the dummy DEX file; a bypass point identifying step of determining whether a function to be currently called is a bypass target function to which the analysis evasion technique is applied; a branch target point changing step of changing information according to the determination result so that the dummy code is executed instead of the call target function; and a dummy code executing step of transmitting the dummy code to a framework of the application, so that a modulated framework is executed with a bypass code.
-
公开(公告)号:US10796005B1
公开(公告)日:2020-10-06
申请号:US16527687
申请日:2019-07-31
发明人: Jeong Hyun Yi , Kichang Kim
摘要: Provided is a method of application security vulnerability evaluation based on tree boosting and a readable medium and an apparatus for performing the same. The method of application security vulnerability evaluation based on tree boosting includes the step of generating an API classifier which classifies an input API as benign or malicious using a tree boosting-based algorithm, the step of calculating security vulnerability score of API using the API classifier, and the step of classifying a target application as a malicious application or a benign application according to the security vulnerability score of API used in the target application.
-
公开(公告)号:US11928220B2
公开(公告)日:2024-03-12
申请号:US17420036
申请日:2021-04-01
发明人: Jeong Hyun Yi , Minseong Choi , Sunjun Lee
CPC分类号: G06F21/577 , G06F2221/033
摘要: A method for evaluating the risk of data leakage in an application includes the steps of: extracting a DEX (Dalvik Executable) file and a so (Shared Object) file by decompressing an APK file of a mobile application; extracting DEX code information from the DEX file by parsing the DEX file; translating a content of the so file into IR (Intermediate Representation); extracting IR code information from the translated IR; generating a call-reference structure between the DEX file and the so file by processing the extracted DEX code information and the extracted IR code information; and outputting weakness information according to a risk designated in advance based on the generated call-reference structure. Accordingly, it is possible to extend the call-reference coverage of an android application.
-
公开(公告)号:US11768938B2
公开(公告)日:2023-09-26
申请号:US17289172
申请日:2020-11-26
发明人: Jeong Hyun Yi , Jin Sung Kim
CPC分类号: G06F21/566 , G06F21/52 , G06F2221/033
摘要: A mobile application malicious behavior pattern detection method based on Application Programming Interface (API) call graph extraction includes extracting an API Call Graph (ACG) representing an API call flow from benign applications and applications which perform malicious behavior, generating and vectorizing a training dataset for deep learning using the extracted ACG, generating a deep learning algorithm prediction model by training with the vectorized training dataset, extracting ACG features used in the malicious behavior from the generated prediction model and extracting a malicious behavior pattern from an intersection of the malicious applications, and classifying an application which performs malicious behavior through similarity comparison between the extracted malicious behavior pattern and a pattern extracted from the target application. Accordingly, it is possible to detect the malicious behavior itself using the ACG representing an API call flow.
-
公开(公告)号:US11019099B2
公开(公告)日:2021-05-25
申请号:US16515723
申请日:2019-07-18
发明人: Jeong Hyun Yi , Kichang Kim
摘要: Provided is a method of application malware detection based on dynamic Application Programming Interface (API) extraction, and a readable medium and an apparatus for performing the same. The method of application malware detection based on dynamic API extraction includes generating an API classifier which classifies an input API as malicious or benign using API used in a sample application classified as malicious application apps or benign application apps, and inputting a pre-stored target API into the API classifier to classify the target API as malicious or benign.
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.017 秒)
