Android平台下恶意软件分析与检测
|
摘要
针对Android平台下恶意软件侵扰问题,提出一种基于权限—敏感API特征的加权朴素贝叶斯分类算法的检测方案。首先对Android应用程序中的配置文件进行解析,然后利用Apktool工具对APK文件进行反编译,提取出权限—敏感API特征集,并通过信息增益算法和卡方检验算法过滤冗余数据,最后利用加权朴素贝叶斯分类算法的恶意软件检测模型进行分类判断。实验结果证明,该系统能有效提高分类器的效率和恶意软件的检测率。
Aiming at the problem of malware intrusion under Android platform at present,this paper proposes an Android malware detection scheme based on the weighted naive Bayes classification algorithm based on the permission-sensitive API features. Firstly,the configuration files in the Android application is analyzed,Then the Apktool tool to decompile the APK file is used to extract the permission-sensitive API feature set,and the residual data in the feature set is filtered by the information gain algorithm and the Chi-square test algorithm;Finally,use the weighted naive Bayesian classification algorithm to maliciously The software detection model performs classification and judgment. The experimental results verify that the system can effectively improve the efficiency of the classifier and the detection rate of malware.
Aiming at the problem of malware intrusion under Android platform at present,this paper proposes an Android malware detection scheme based on the weighted naive Bayes classification algorithm based on the permission-sensitive API features. Firstly,the configuration files in the Android application is analyzed,Then the Apktool tool to decompile the APK file is used to extract the permission-sensitive API feature set,and the residual data in the feature set is filtered by the information gain algorithm and the Chi-square test algorithm;Finally,use the weighted naive Bayesian classification algorithm to maliciously The software detection model performs classification and judgment. The experimental results verify that the system can effectively improve the efficiency of the classifier and the detection rate of malware.
引文
[1]360安全卫士.2018年上半年中国互联网安全告[EB/OL].http://www.freebuf.com.
[2]BORJA S,IGOR S,LAORDEN C,et al.PUMA:permission usage to detect malware in Android[C].International Jiont Conference CISIS’12-ICEUTE’12-SOCO’12 Special Sessions.Berlin,Germany:Springer,2012:289-298.
[3]ZHU X L,WANG J F,DU Y,et al.Detecting android malware based on sensitive permissions and function-call graphs[J].Journal of Sichuan University:Natural Science Edition,2016,53(3):526-533.
[4]盛超,魏盛娜.基于权限与敏感API的恶意程序检测方法[J].网络通信及安全,2017(1):96-101.
[5]YAN M,PENG X G.Permission detection system based on Android security mechanism[J].Computer Engineering and Design,2013,34(3):854-858.
[6]陈伟鹤,邱道龙.一种增强的Android安全机制模型[J].无线通信技术,2014(3):152-157.
[7]SHI R,JIANGSU N.Detection of malicious application based on improved na?ve Bayesian algorithm Android[J].Journal of Security and Safety Technology,2016,4(3):39-44.
[8]ZHOU Y J,JIANG X X.Dissecting Android malware:characterization and evolution.north carolina state university[J].Security and Privacy(SP),IEEE,2012(5):43-46.
[9]ZHOU Y,JIANG X.Dissecting android malware:characterization and evolution[C].Proceedings of the 2012 IEEE Symposium on Security and Privacy.Washington,D.C.:IEEE Computer Society,2012:95-109.
[10]邵舒迪,虞慧群,范贵生.基于权限和API特征结合的Android恶意软件检测方法[J].计算机科学,2017(8):139-141.
[11]刘磊,李广力,徐玥,等.基于移动平台的异构并行字符串匹配算法[J].吉林大学学报,2017(5):88-92.
[12]任克强,张国萍.基于相对文档频的平衡信息增益降维方法[J].江西理工大学学报,2008(3):92-96.
[13]FEIZOLLAH A,ANUAR N B,SALLEH R,et al.A review on feature selection in mobile malware detection[J].Digital Investigation,2015(13):22-37.
[14]郑艳梅,鲜茜.基于权限信息的Android恶意软件分类检测[J].现代计算机学报,2018(11):76-79.
[15]ZHANG R,YANG J Y.Android malware detection based on permission correlation[J].Journal of Computer Applications,2014,34(5):1322-1325.
[16]张立民,刘峰,张瑞峰.一种构造系数的自相关函数特征提取算法[J].无线电通信技术,2012,38(5):56-59.
[17]MITCHELL T.Machine learning[M].Beijing:China Machine Press,2012:112-136.
[18]GOU K X,JUN G X,ZHAO Z.Learning Bayesian network structure from distributed homogeneous data[C].Eighth ACIS International Conference on Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing,2007:250-254.
[19]居友道.基于改进朴素贝叶斯算法的Android恶意软件检测[D].南京:南京邮电大学,2016.
[20]STUTTARD D,PINTO M.The Web application hacker’s handbook:finding and exploiting security flaws[M].[S.l.].Wiley,2011.
[2]BORJA S,IGOR S,LAORDEN C,et al.PUMA:permission usage to detect malware in Android[C].International Jiont Conference CISIS’12-ICEUTE’12-SOCO’12 Special Sessions.Berlin,Germany:Springer,2012:289-298.
[3]ZHU X L,WANG J F,DU Y,et al.Detecting android malware based on sensitive permissions and function-call graphs[J].Journal of Sichuan University:Natural Science Edition,2016,53(3):526-533.
[4]盛超,魏盛娜.基于权限与敏感API的恶意程序检测方法[J].网络通信及安全,2017(1):96-101.
[5]YAN M,PENG X G.Permission detection system based on Android security mechanism[J].Computer Engineering and Design,2013,34(3):854-858.
[6]陈伟鹤,邱道龙.一种增强的Android安全机制模型[J].无线通信技术,2014(3):152-157.
[7]SHI R,JIANGSU N.Detection of malicious application based on improved na?ve Bayesian algorithm Android[J].Journal of Security and Safety Technology,2016,4(3):39-44.
[8]ZHOU Y J,JIANG X X.Dissecting Android malware:characterization and evolution.north carolina state university[J].Security and Privacy(SP),IEEE,2012(5):43-46.
[9]ZHOU Y,JIANG X.Dissecting android malware:characterization and evolution[C].Proceedings of the 2012 IEEE Symposium on Security and Privacy.Washington,D.C.:IEEE Computer Society,2012:95-109.
[10]邵舒迪,虞慧群,范贵生.基于权限和API特征结合的Android恶意软件检测方法[J].计算机科学,2017(8):139-141.
[11]刘磊,李广力,徐玥,等.基于移动平台的异构并行字符串匹配算法[J].吉林大学学报,2017(5):88-92.
[12]任克强,张国萍.基于相对文档频的平衡信息增益降维方法[J].江西理工大学学报,2008(3):92-96.
[13]FEIZOLLAH A,ANUAR N B,SALLEH R,et al.A review on feature selection in mobile malware detection[J].Digital Investigation,2015(13):22-37.
[14]郑艳梅,鲜茜.基于权限信息的Android恶意软件分类检测[J].现代计算机学报,2018(11):76-79.
[15]ZHANG R,YANG J Y.Android malware detection based on permission correlation[J].Journal of Computer Applications,2014,34(5):1322-1325.
[16]张立民,刘峰,张瑞峰.一种构造系数的自相关函数特征提取算法[J].无线电通信技术,2012,38(5):56-59.
[17]MITCHELL T.Machine learning[M].Beijing:China Machine Press,2012:112-136.
[18]GOU K X,JUN G X,ZHAO Z.Learning Bayesian network structure from distributed homogeneous data[C].Eighth ACIS International Conference on Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing,2007:250-254.
[19]居友道.基于改进朴素贝叶斯算法的Android恶意软件检测[D].南京:南京邮电大学,2016.
[20]STUTTARD D,PINTO M.The Web application hacker’s handbook:finding and exploiting security flaws[M].[S.l.].Wiley,2011.