摘要
针对现有方法特征提取较为雷同,涉及文件较单一的不足,提出一种基于非常规特征的Android恶意软件检测方法。首先,提出新的文件熵、界面布局和方法指令特征,然后,结合随机森林算法分别进行单一和组合特征检测实验。最后分析实验结果,验证该特征的有效性与可行性,其单一检测准确率比传统的Intents特征和统计学特征效果平均提高8%,训练效率提升近50%,与传统表征效果更好的权限特征组合使用效果更佳,可比单一检测准确率提升近10%。该方法从非常规特征的角度为恶意软件的检测提供了新思路。
Aiming at the disadvantages of the existing methods, which have similar feature extraction and involve single file, proposes a new method of detecting Android malware based on unconventional features. Firstly, proposes a new document entropy, interface layout and method instruction feature. Then, carries out the single and combined feature detection experiments with random forest algorithm. Finally, analyzes the experimental results to verify the validity and feasibility of the feature. The single detection accuracy is about 8% higher than the traditional Intents feature and statistical feature, and the training efficiency is nearly 50%. The combination of the permission features with the traditional representation is better, and the accuracy is nearly 10% higher than that of the single detection. This method provides a new idea for malware detection from the perspective of unconventional features.
引文
[1]D. Gibert,C. Mateu,J.Planes,R. Vicens. Classification of Malware by Using Structural Entropy on Convolutional Neural Networks.AAAI Conference on Artificial Intelligence,North America,apr. 2018.
[2]姜学军,曹烨. MD5散列算法的研究[J].沈阳理工大学学报,2014,33(2):52-55.
[3]陈苏婷,王军华,张艳艳.基于随机森林的Android恶意软件检测方法[J].计算机工程与设计,2017,38(09):2374-2378.
[4]Russell I,Markov Z. An Introduction to the Weka Data Mining System(Abstract Only)[C]. ACM SIGCSE Technical Symposium on Computer Science Education. ACM,2017.
[5]Androguard. http://code.google.com/p/androguard/.
[6]Android Malware Genome Project. http://www.malgenomeproject.org/.
[7]VirusTotal Malware Intelligence Services. https://secure.vt-mis.com/vtmis/.
[8]Google Pla. https://play.google.com/.