Method for fast and intelligent comparison and security detection of mobile malware big data

Inventors

• Quanlong Guan · Tangxia, CN
• Weiqi Luo · Tangxia, CN
• Huanming Zhang · Zhongshan, CN
• Zhefu Li · Tangxia, CN
• Lin Cui · Longbeilingcun, CN
• Yuanfen Wu · Tangxia, CN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/602
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method for detecting mobile malware, including step S1: compressing a mobile software subject to detection and a primary mobile software each containing N functions, wherein each of the functions is compressed into a hash value, a description entropy and a compressed string; S2: calculating a quantity of identical functions between the mobile software subject to detection and the primary mobile software; and then finding out a quantity of similar functions using Hdsim method or entropy_descpt_sim method; and then calculating a degree of similarity to obtain a value of similarity; S3: comparing the value of similarity with a predetermined threshold value; if the value of similarity is greater then or equal to the predetermined threshold value, the mobile software subject to detection is suspected to repackaging; if the value of similarity is smaller than the predetermined threshold value, the mobile software subject to detection is not suspected to repackaging.