公开(公告)号：US20240386105A1

公开(公告)日：2024-11-21

申请号：US18696479

申请日：2022-04-01

Applicant: Foundation of Soongsil University-Industry Cooperation

Inventor： Jeong Hyun YI ,  Hae Hyun CHO ,  Sun Jun LEE ,  Young Hoon BAN

IPC: G06F21/56 ,  G06F8/53

Abstract: A method for detecting a mobile malicious application based on an implementation feature in a mobile malicious application detection apparatus based on an implementation feature and the method comprises decompiling a labeled application to remove preset information; extracting abstract syntax tree (AST) that is an implementation feature for each method; generating an AST node list; generating and vectorizing the generated AST node list as a learning dataset for deep learning; generating a classification model by learning a vectorized learning dataset; and outputting a classification result of a target application based on the classification model. This can reduce the false positive rate, extract many features from the obfuscated application, and detect malicious applications by classifying mobile applications as normal or malicious behaviors based on the behaviors performed by the application.

公开(公告)号：US20200089873A1

公开(公告)日：2020-03-19

申请号：US16198781

申请日：2018-11-22

Applicant: Foundation of Soongsil University-Industry Cooperation

Inventor： Jeong Hyun YI ,  Jongsu LIM ,  Sun Jun LEE ,  Yong Gu SHIN ,  Kyu Ho KIM

IPC: G06F21/54 ,  G06F8/41 ,  G06F21/56

Abstract: A dynamic code extraction-based automatic anti-analysis evasion and code logic analysis apparatus, includes: a recognition module that extracts a DEX file and a SO file by unpacking an execution code of an application and recognizes an analysis avoidance technique by comparing a signature which is included in the extracted DEX file and SO file; a instrumentation module that extracts a code to be analyzed from a byte code configuring the DEX file and a native code configuring the SO file, compares the extracted code with the data stored in a database, and outputs a code excluding an anti-analysis technique as a log file; and a deobfuscation module that deobfuscates an obfuscated code which is included in the APK on the basis of the output log file and generates an APK file in which an obfuscation technique is released on the basis of the deobfuscated code.