MALWARE DETECTION METHOD AND MOBILE TERMINAL REALIZING THE SAME
First Claim
1. A malware detection method for a mobile terminal, the method comprising:
- extracting, when a platform Application Programming Interface (API) is called by an application, an action of the application from the platform API;
determining, when the extracted action comprises a preset trigger action, whether the application comprises a malware program by comparing the extracted action with a malware pattern file; and
outputting, when the application comprises a malware program, an alert message.
1 Assignment
0 Petitions
Accused Products
Abstract
A malware detection method and a mobile terminal realizing the same are provided. The method monitors execution of applications on the mobile terminal, notifies a user of perceived malicious behavior and guides handling of a detected malicious application. The malware detection method includes extracting, when a platform Application Programming Interface (API) is called by an application, an action of the application from the platform API, determining, when the extracted action is a preset trigger action, whether the application is a malware program by comparing the extracted action with a malware pattern file, and outputting, when the application is a malware program, an alert message.
175 Citations
20 Claims
-
1. A malware detection method for a mobile terminal, the method comprising:
-
extracting, when a platform Application Programming Interface (API) is called by an application, an action of the application from the platform API; determining, when the extracted action comprises a preset trigger action, whether the application comprises a malware program by comparing the extracted action with a malware pattern file; and outputting, when the application comprises a malware program, an alert message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A mobile terminal comprising:
-
an extraction part for extracting, when a platform Application Programming Interface (API) is called by an application, an action of the application from the API; a collection part for collecting the application action extracted by the extraction part; a monitoring part for receiving the application action from the collection part, for determining whether the application action comprises a preset trigger action, for reading, when the application action comprises the trigger action, a malware pattern file from a storage unit, and for determining whether the application comprises a malware program by comparing the application action with the malware pattern file; and a security User Interface (UI) part for outputting, when an alert signal is received from the monitoring part, an alert message about the application. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification