基于评论数据的恶意移动应用检测方法
|
摘要
恶意移动应用通过动态代码加载等手段绕过移动应用市场安全审核,对终端用户造成威胁。为了实现对这些应用进行事后审计,提出一种基于自然语言处理(NLP)的恶意应用检测模型。通过搜集、处理移动应用市场中用户对应用的评论数据,建立恶意分类检测模型。通过对评论数据的处理分类,判断应用是否存在恶意行为,以此对移动应用进行事后安全检查。实验结果表明,建立的恶意应用检测模型准确率达到81%,可以有效识别恶意移动应用。
Malicious mobile applications bypass the mobile application market security audit by means of dynamic code loading and pose a threat to end users. In order to implement post-auditing of these applications, a malicious language detection model based on NLP(natural language processing) is proposed. A malicious classification detection model is established by collecting and processing the user's comment data on the application in the mobile application market. By performing processing and classifying of review data, whether or not the application has malicious behavior is determined, and in this way, afterthe-fact security checks are carried out for mobile application. The experimental results show that the established malicious application detection model has an accuracy rate of 81%, which can effectively identify malicious mobile applications.
Malicious mobile applications bypass the mobile application market security audit by means of dynamic code loading and pose a threat to end users. In order to implement post-auditing of these applications, a malicious language detection model based on NLP(natural language processing) is proposed. A malicious classification detection model is established by collecting and processing the user's comment data on the application in the mobile application market. By performing processing and classifying of review data, whether or not the application has malicious behavior is determined, and in this way, afterthe-fact security checks are carried out for mobile application. The experimental results show that the established malicious application detection model has an accuracy rate of 81%, which can effectively identify malicious mobile applications.
引文
[1]Sebastian P,Yanick F,Antonio B,et al.Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications[Z].NDSS,2014.
[2]Dong-uk K,Jeongtae K,Sehun K.A Malicious Application Detection Framework using Automatic Feature Extraction Tool on Android Market[C].3rd International Conference on Computer Science and Information Technology,2013.
[3]Sen C,Minhui X,Zhushou T,et al.StormDroid:AStreaminglized Machine Learning-Based System for Detecting Android Malware[C].AsiaCCS,2016:377-388.
[4]熊皓,陈杰,江坤航.一种基于行为分析的Android系统恶意程序检测模型[J].湖北理工学院学报,2015,31(03):42-46.XIONG Hao,CHEN Jie,JIANG Kun-hang.A Malware Detection Model of Android System Based on Behavior Analysis[J].Journal of Hubei Polytechnic University,2015,31(03):42-46.
[5]张金鑫,杨晓辉.基于权限分析的Android应用程序检测系统[J].技术研究,2014,7(06):30-34.ZHANG Jin-xin,YANG Xiao-hui.ADetection System of Android Application Based on Permission Analysis[J].Netinfo Security,2014,7(06):42-46.
[6]吴敬征,武延军,武志飞等.基于有向信息流的Android隐私泄漏类恶意应用检测方法[J].中国科学院大学学报,2015,32(06):807-815.WU Jing-zheng,WU Yan-jun,WU Zhi-fei,et al.An Android Privacy Leakage Malicious Application Detection Approach Based on Directed Information Flow[J].Journal of University of Chinese Academy of Sciences,2015,32(06):807-815.
[7]杨欢,张玉清,胡予濮等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014,37(01):15-27.YANG Huan,ZHANG Yu-Qing,HU Yu-Pu,et al.AMalware Behavior Detection System of Android Applications Based on Multi-Class Features[J].Chinese Journal of Computers,2014,37(01):15-27.
[8]Gorla A,Tavecchia I,Gross F,et al.Checking APPBehavior against APP Descriptions[C].Proceedings of the 36th International Conference on Software Engineering,2014:1025-1035.
[9]张家旺,李燕伟.基于机器学习算法的Android恶意程序1774-检测系统[J].计算机应用研究,2017,34(06):1774-1782.ZHANG Jia-wang,LI Yan-wei.Malware Detection System Implementation of Android Application Based on Machine Learning[J].Application Research of Compute rs,2017,34(06):1774-1782.
[10]Pandita R,XIAO Xu-sheng,YANG Wei,et al.WHYPER:Towards Automating Risk Assessment of Mobile Applications[C].Proceedings of the 22nd USENIXSecurity Symposium,2013:527-542.
[11]QU Zheng-yang,Rastogi V,ZHANG Xin-yi,et al.AutoCog:Measuring the Description-to-Permission Fidelity in Android Applications[C].Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security,2014:1354-1365.
[12]Gorla A,Tavecchia I,Gross F,et al.Checking APPBehavior against App Descriptions[C].Proceedings of the 36th International Conference on Software Engineering,2014:1025-1035.
[13]张贤贤,王浩宇,郭耀等.基于众包和机器学习的移动应用隐私评级研究[J].计算机科学与探索,2018,12(08):1238-1251.ZHANG Xian-xian,WANG Hao-yu,GUO Yao,et al.Privacy Rating for Mobile Apps Based on Crowdsourcing and Machine-Learning Techniques[J].Journal of Frontiers of Computer Science&Technology,2018,12(08):1238-1251.
[14]LIN Jia-liu,Amini S,Hong J I,et al.Expectation and Purpose:Understanding Users Mental Models of Mobile APP Privacy Through Crowdsourcing[C].Proceedings of the 2012 ACM Conference on Ubiquitous Computing,2012:501-510.
[15]中华人民共和国工业和信息化部.移动互联网恶意代码描述规范[EB/OL].(2011-05-14)[2018-09-01].https://wenku.baidu.com/view/2978e18ccc22bcd126ff0c90.html.Ministry of Industry and Information Technology of the People’s Republic of China.Malicious Code Description Specification for Mobile Internet[EB/OL].(2011-05-14)[2018-09-01].https://wenku.baidu.com/view/2978e18ccc22bcd126ff0c90.html.
[16]Wikipedia contributors.Cohen’s kappa.[EB/OL].(2005-04-06)[2018-09-15]https://en.wikipedia.org/wiki/Cohen%27s_kappa.
[17]Michal Mimino Danilak.langdetect.[EB/OL].(2014-05-14)[2018-09-15].https://github.com/Mimino666/langdetect.
[18]SUN Jun-yi.Jieba[EB/OL].(2012-11-06)[2018-09-15].https://github.com/fxsjy/jieba.
[19]Gerard S,Mcgill M J.Introduction to Modern Information Retrieval[Z].1986.
[20]Wikipedia Contributors.Tf-idf[EB/OL].(2005-06-16)[2018-09-15].https://en.wikipedia.org/wiki/Tf%E2%80%93idf.
[21]Hispasec Sistemas.VirusTotal[EB/OL].(2004-06-10)[2018-09-15].https://www.virustotal.com/#/home/upload.
[22]犇众信息.Janus[EB/OL].(2017-05-26)[2018-09-15].https://appscan.io.Benzhong Information.Janus[EB/OL].(2017-05-26)[2018-09-15].https://appscan.io.
[2]Dong-uk K,Jeongtae K,Sehun K.A Malicious Application Detection Framework using Automatic Feature Extraction Tool on Android Market[C].3rd International Conference on Computer Science and Information Technology,2013.
[3]Sen C,Minhui X,Zhushou T,et al.StormDroid:AStreaminglized Machine Learning-Based System for Detecting Android Malware[C].AsiaCCS,2016:377-388.
[4]熊皓,陈杰,江坤航.一种基于行为分析的Android系统恶意程序检测模型[J].湖北理工学院学报,2015,31(03):42-46.XIONG Hao,CHEN Jie,JIANG Kun-hang.A Malware Detection Model of Android System Based on Behavior Analysis[J].Journal of Hubei Polytechnic University,2015,31(03):42-46.
[5]张金鑫,杨晓辉.基于权限分析的Android应用程序检测系统[J].技术研究,2014,7(06):30-34.ZHANG Jin-xin,YANG Xiao-hui.ADetection System of Android Application Based on Permission Analysis[J].Netinfo Security,2014,7(06):42-46.
[6]吴敬征,武延军,武志飞等.基于有向信息流的Android隐私泄漏类恶意应用检测方法[J].中国科学院大学学报,2015,32(06):807-815.WU Jing-zheng,WU Yan-jun,WU Zhi-fei,et al.An Android Privacy Leakage Malicious Application Detection Approach Based on Directed Information Flow[J].Journal of University of Chinese Academy of Sciences,2015,32(06):807-815.
[7]杨欢,张玉清,胡予濮等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014,37(01):15-27.YANG Huan,ZHANG Yu-Qing,HU Yu-Pu,et al.AMalware Behavior Detection System of Android Applications Based on Multi-Class Features[J].Chinese Journal of Computers,2014,37(01):15-27.
[8]Gorla A,Tavecchia I,Gross F,et al.Checking APPBehavior against APP Descriptions[C].Proceedings of the 36th International Conference on Software Engineering,2014:1025-1035.
[9]张家旺,李燕伟.基于机器学习算法的Android恶意程序1774-检测系统[J].计算机应用研究,2017,34(06):1774-1782.ZHANG Jia-wang,LI Yan-wei.Malware Detection System Implementation of Android Application Based on Machine Learning[J].Application Research of Compute rs,2017,34(06):1774-1782.
[10]Pandita R,XIAO Xu-sheng,YANG Wei,et al.WHYPER:Towards Automating Risk Assessment of Mobile Applications[C].Proceedings of the 22nd USENIXSecurity Symposium,2013:527-542.
[11]QU Zheng-yang,Rastogi V,ZHANG Xin-yi,et al.AutoCog:Measuring the Description-to-Permission Fidelity in Android Applications[C].Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security,2014:1354-1365.
[12]Gorla A,Tavecchia I,Gross F,et al.Checking APPBehavior against App Descriptions[C].Proceedings of the 36th International Conference on Software Engineering,2014:1025-1035.
[13]张贤贤,王浩宇,郭耀等.基于众包和机器学习的移动应用隐私评级研究[J].计算机科学与探索,2018,12(08):1238-1251.ZHANG Xian-xian,WANG Hao-yu,GUO Yao,et al.Privacy Rating for Mobile Apps Based on Crowdsourcing and Machine-Learning Techniques[J].Journal of Frontiers of Computer Science&Technology,2018,12(08):1238-1251.
[14]LIN Jia-liu,Amini S,Hong J I,et al.Expectation and Purpose:Understanding Users Mental Models of Mobile APP Privacy Through Crowdsourcing[C].Proceedings of the 2012 ACM Conference on Ubiquitous Computing,2012:501-510.
[15]中华人民共和国工业和信息化部.移动互联网恶意代码描述规范[EB/OL].(2011-05-14)[2018-09-01].https://wenku.baidu.com/view/2978e18ccc22bcd126ff0c90.html.Ministry of Industry and Information Technology of the People’s Republic of China.Malicious Code Description Specification for Mobile Internet[EB/OL].(2011-05-14)[2018-09-01].https://wenku.baidu.com/view/2978e18ccc22bcd126ff0c90.html.
[16]Wikipedia contributors.Cohen’s kappa.[EB/OL].(2005-04-06)[2018-09-15]https://en.wikipedia.org/wiki/Cohen%27s_kappa.
[17]Michal Mimino Danilak.langdetect.[EB/OL].(2014-05-14)[2018-09-15].https://github.com/Mimino666/langdetect.
[18]SUN Jun-yi.Jieba[EB/OL].(2012-11-06)[2018-09-15].https://github.com/fxsjy/jieba.
[19]Gerard S,Mcgill M J.Introduction to Modern Information Retrieval[Z].1986.
[20]Wikipedia Contributors.Tf-idf[EB/OL].(2005-06-16)[2018-09-15].https://en.wikipedia.org/wiki/Tf%E2%80%93idf.
[21]Hispasec Sistemas.VirusTotal[EB/OL].(2004-06-10)[2018-09-15].https://www.virustotal.com/#/home/upload.
[22]犇众信息.Janus[EB/OL].(2017-05-26)[2018-09-15].https://appscan.io.Benzhong Information.Janus[EB/OL].(2017-05-26)[2018-09-15].https://appscan.io.