基于组合式算法的Android恶意软件检测方法

陈昊; 卿斯汉

doi:10.11959/j.issn.1000-0801.2016253

您当前的位置：

首页 >

文章列表页 >

基于组合式算法的Android恶意软件检测方法

专题：基于Android系统的终端安全 | 更新时间：2024-06-05

- 基于组合式算法的Android恶意软件检测方法
- Android malware detection method based on combined algorithm
- 电信科学 2016年32卷第10期页码：15-21
- 作者机构：
  
  1. 北京大学软件与微电子学院，北京102600
  2. 中国科学院软件研究所，北京100190
  3. 中国科学院信息工程研究所信息安全国家重点实验室，北京100093
- 作者简介：
  
  [ "陈昊（1988-），男，北京大学软件与微电子学院硕士生，主要研究方向为通信及网络安全、移动安全、安全架构及设计、安全评估与渗透测试等。" ]
  [ "卿斯汉（1939-），男，北京大学软件与微电子学院教授，中国科学院软件研究所首席研究员，主要研究方向为移动安全、可信计算、云安全、操作系统安全等。" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(61170282)
- DOI：10.11959/j.issn.1000-0801.2016253
  中图分类号： TP301
- 网络出版日期：2016-10，
  
  纸质出版日期：2016-10-20
- 稿件说明：
移动端阅览
陈昊, 卿斯汉. 基于组合式算法的Android恶意软件检测方法[J]. 电信科学, 2016,32(10):15-21.

Hao CHEN, Sihan QING. Android malware detection method based on combined algorithm[J]. Telecommunications science, 2016, 32(10): 15-21.
陈昊, 卿斯汉. 基于组合式算法的Android恶意软件检测方法[J]. 电信科学, 2016,32(10):15-21. DOI： 10.11959/j.issn.1000-0801.2016253.

Hao CHEN, Sihan QING. Android malware detection method based on combined algorithm[J]. Telecommunications science, 2016, 32(10): 15-21. DOI： 10.11959/j.issn.1000-0801.2016253.

摘要

为解决当前恶意软件静态检测方法中适用面较窄、实用性较低的问题，通过组合式算法筛选出最优分类器，并以此为基础实现了一个检测系统。首先使用逆向工程技术提取软件的特征库，并通过多段筛选得到分类器的初步结果。提出了一种基于最小风险贝叶斯的分类器评价标准，并以此为核心，通过对初步结果赋权值的方式得到最优分类器结果。最后以最优结果为核心实现了一个Android恶意软件检测系统原型。实验结果表明，该检测系统的分析精度为86.4%，并且不依赖于恶意代码的特征。

Abstract

In order to solve the problems in applicability and usability of today's static malware detection method

a detection system was implemented by using the optimal classifier selected by a combined algorithm as the core. Firstly

the reverse engineering was used to extract the software feature

then the preliminary results of the classifier was got by multi-stage screening. A classifier evaluation was presented based on minimum risk Bayes. Using the new one as the core

the optimal classifier results was got by assignment. Finally

an Android malware detection system prototype was realized using the optimal results as the core. Experimental results show that the analysis accuracy of the proposed detection system was 86.4%

and does not depend on characteristics of the malicious code.

关键词

Keywords

references

Alcatel-Lucent Motive security labs malware reports-H1 2015 [R/OL ] . ( 2015 - 09 20 ) [ 2016 - 07 - 30 ] . http://resources. alcatel-lucent.com/asset/189669 http://resources. alcatel-lucent.com/asset/189669 .

SHABTAI A . Malware detection on mobile devices [C ] // The 11th International Conference on Mobile Data Management , May 23 - 26 , 2010 , Kansas City, Missouri, USA . New Jersey : IEEE Press , 2010 : 289 - 290 .

王志国，侯银涛，石荣刚 . Android 智能手机系统的文件实时监控技术 [J ] . 计算机安全， 2009 , 12 ( 12 ): 42 - 44 .

WANG Z G , HOU Y T , SHI R G . The file real-time monitoring technology based on the android smart phone system [J ] . Computer Security , 2009 , 12 ( 12 ): 42 - 44 .

ENCK W , GILBERT P , CHUN B . TaintDroid: an information-flow tracking system for real-time privacy monitoring on smartphones [C ] // 9th USENIX Symposium on Operating Systems Design and Implementation , October 4 - 6 , 2010 , Vancouver, BC, Canada . New Jersey : IEEE Press , 2010 .

冯博，戴航，慕德俊 . Android 恶意软件检测方法研究 [J ] . 计算机技术与发展， 2014 , 24 ( 2 ): 149 - 152 .

FENG B , DAI H , MU D J . A research of malware detection for android [J ] . Computer Technology and Development , 2014 , 24 ( 2 ): 149 - 152 .

卿斯汉 . Android 安全研究进展 [J ] . 软件学报， 2016 , 27 ( 1 ): 45 - 71 .

QING S H . Research progress on Android security [J ] . Journal of Software , 2016 , 27 ( 1 ): 45 - 71 .

DAVIES S , RUSSELL S . Np-completeness of searches for smallest possible feature sets [C ] // AAAI Fall 94 Symposium on Relevance , July 31 - August 4 , 1994 , Seattle, Washington, USA . New Jersey : IEEE Press , 1994 : 37 - 39 .

刘华文 . 基于信息熵的特征选择算法研究 [D ] ．长春：吉林大学， 2010 : 21 - 28 .

LIU H W . A study on feature selection algorithms using information entropy [J ] . Changchun:Jilin University , 2010 : 21 - 28 .

SCHMIDT A , BYE R , SCHMIDT H , et al . Static analysis of executables for collaborative malware detection on android [C ] // The 9th IEEE International Conference on Communications , June 14 - 18 , 2009 , Dresden, Germany . New Jersey : IEEE Press , 2009 : 1 - 5 .

童振飞，杨庚 . Android平台恶意软件的静态行为检测 [J ] . 江苏通信：技术与实践， 2011 : 39 - 47 .

TONG Z F , YANG G . Static behavior detection of malware on android platform [J ] . Jiangsu Communication: Technology Practice , 2011 : 39 - 47 .

欧阳博宇，刘新，徐婵，等 . 基于支持向量机的恶意软件行为评估系统 [J ] . 计算机应用， 2015 , 35 ( 4 ): 972 - 976 , 980

OUYANG B Y , LIU X , XU C , et al . Malware behavior assessment system based on support vector machine [J ] . Journal of Computer Applications , 2015 , 35 ( 4 ): 972 - 976 , 980

计智伟，胡珉，尹建新 . 特征选择算法综述 [J ] . 电子设计工程， 2011 , 19 ( 9 ): 46 - 51 .

JI Z W , HU M , YIN J X . A survey of feature selection algorithm [J ] . Electronic Design Engineering , 2011 , 19 ( 9 ): 46 - 51 .

HUANG C , YANG D , CHUANG Y . Application of wrapper approach and composite classifier to the stock trend prediction [J ] . Expert Systems with Application , 2008 , 4 ( 34 ): 2870 - 2878 .

GALAR M , FERNANDEZ A , BARRENECHEA E , et al . A review on ensembles for the class imbalance problem: bagging-, boosting-, and hybrid-based approaches [J ] . IEEE Transactions on Systems Man ＆ Cybernetics Part C , 2012 , 42 ( 4 ): 463 - 484 .

中国互联网协会 . 恶意软件定义细则 [EB/OL ] . ( 2007 - 06 - 15 )[ 2006 - 07 - 01 ] http://www.isc.org.cn/hdzt/feyrj/listinfo-4196.html http://www.isc.org.cn/hdzt/feyrj/listinfo-4196.html .

InternetSocietyofChina . Thedefinitionofmalicioussoftware [EB/OL ] . ( 2007 - 06 - 15 )[ 2006 - 07 - 01 ] http://www.isc.org.cn/hdzt/feyrj/listinfo-4196.html http://www.isc.org.cn/hdzt/feyrj/listinfo-4196.html .

CLAUD X . 移动安全这五年 [EB/OL ] . ( 2014 - 10 - 01 ) [ 2016 - 07 - 10 ] http://www.csdn.net/article/2014-10-01/2821943-safe-5-years http://www.csdn.net/article/2014-10-01/2821943-safe-5-years .

XIAO C . Mobile security in 5 years [EB/OL ] . ( 2014 - 10 - 01 ) [ 2016 - 07 - 10 ] http://www.csdn.net/article/2014-10-01/2821943-safe-5-years http://www.csdn.net/article/2014-10-01/2821943-safe-5-years .

UNUCHEK R . The most sophisticated android trojan [EB/OL ] . ( 2013 - 06 - 06 ) [ 2016 - 07 - 10 ] http://securelist.com/blog/research/35929/ the-most-sophisticated-android-trojan/ http://securelist.com/blog/research/35929/ the-most-sophisticated-android-trojan/ .

GUYON I , ELISSEEFF A . An introduction to variable and feature selection [J ] . Journal of Machine Learning Research , 2003 ( 3 ): 1157 - 1182 .

ZHANG R . ROC curve-threshold evaluation criteria [EB/OL ] . ( 2012 - 03 - 16 ) [ 2016 - 07 - 30 ] . http://blog.csdn.net/abcjennifer/article/details/7359370 http://blog.csdn.net/abcjennifer/article/details/7359370 .

王科欣，徐辉 . 基于最小错误率与最小风险的贝叶斯分类比较与研究 [J ] . 科技信息， 2009 ( 23 ): 236 - 245 .

WANG K X , XU H . Comparative study on minimum error rate bayes and minimum risk bayes [J ] . Science ＆ Technology Information , 2009 ( 23 ): 236 - 245 .

浏览量

592

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于最大信息系数的软件缺陷数目预测特征选择方法

基于改进特征选择方法的文本情感分类研究

一种基于指纹和声纹决策级融合识别方法

基于实例学习和协同子集搜索的特征选择方法

基于DPI数据挖掘实现URL分类挂载的相关技术研究