基于随机森林的Android恶意应用检测研究
|
摘要
针对Android恶意应用泄露用户隐私以及造成财产损失等问题,提出了一种基于随机森林的恶意应用检测模型。通过批量反向Android应用,依据函数调用图获取其实际使用权限组合,建立应用特征向量库,结合常用的朴素贝叶斯、K-近邻以及随机森林等不同学习方法,建立不同方法的Android恶意应用检测模型。实验结果表明,基于随机森林的检测模型对应用的识别准确性更高,准确率达90%以上。同已有研究相比,具有代价低、准确性高、普适性好等特点。
A malicious forest detection model based on random forest is proposed for Android malicious applications which may disclose users' privacy and cause property damage. With the reverse of Android application to obtain its system permissions, we established an mobile application feature vector library. Combining with naive Bayes, KNN and random forest and other learning methods, we established several different Android malicious application detection models. The experimental results show that the detection model based on random forest has higher recognition accuracy of more than 90%. Compared with existed research, it has the characteristics of low cost,high accuracy, good general characteristics, etc.
A malicious forest detection model based on random forest is proposed for Android malicious applications which may disclose users' privacy and cause property damage. With the reverse of Android application to obtain its system permissions, we established an mobile application feature vector library. Combining with naive Bayes, KNN and random forest and other learning methods, we established several different Android malicious application detection models. The experimental results show that the detection model based on random forest has higher recognition accuracy of more than 90%. Compared with existed research, it has the characteristics of low cost,high accuracy, good general characteristics, etc.
引文
[1]程德杰.Android的开源迷雾与中国厂商的机遇[J].通信世界,2013(7):第13-13页.
[2]SCHULTZ M G,ESKIN E,ZADOK F,et al.Data mining methods for detection of new malicious executables[C]//Security and Privacy,2001.S&P2001.Proceedings.2001 IEEE Symposium on IEEE,2001:38-49.
[3]Liu W.Mutiple classifier system based android malware detection[C]//Machine Learning and Cybernetics(ICMLC),2013 International Conference on IEEE,2013,1:57-62.
[4]SHARMA A,DASH S K.Mining api calls and permissions for android malware detection[C]//International Conference on Cryptology and Network Security.Springer,Cham,2014:191-205.
[5]杨欢等,基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014.37(1):第15-27页.
[6]王菲飞,基于Android平台的手机恶意代码检测与防护技术研究[D].北京:北京交通大学,2012:45-64.
[7]邵舒迪,虞慧群与范贵生,基于权限和API特征结合的Android恶意软件检测方法[J].计算机科学,2017.44(4):第135-139页.
[8]刘智伟与孙其博,基于权限管理的Android应用行为检测[J].信息网络安全,2014(6):第72-77页.
[9]曾寰,Android平台的恶意程序检测研究[D].成都:电子科技大学,2016:44-53.
[10]齐林,刘功申,孟魁,等.基于静态分析的虚假安卓APP分析与检测[J].通信技术,2017,50(12):2840-2845.
[11]PATIL,T.R.AND S.S.SHEREKAR.Performance analysis of Naive Bayes and J48classification algorithm for data classification[J].International journal of computer science and applications,2013.6(2):p.256-261.
[12]SOUCY P,MINEAU G W.A simple KNN algorithm for text categorization[C]//Data Mining,2001.ICDM 2001,Proceedings IEEE International Conference on.IEEE,2001:647-648.
[13]PAL M.Random forest classifier for remote sensing classification[J].International Journal of Remote Sensing,2005,26(1):217-222.
[14]VirusShare.Android Malicious Applications Collection[DB/OL].VirusShare:https://virusshare.com/
[15]WINSNIEWSKI R.Android-apktool:A tool for reverse engineering android apk files[J].2012.
[16]杨柳,王钰.泛化误差的各种交叉验证估计方法综述[J].计算机应用研究,2015(5):1287-1290.
[2]SCHULTZ M G,ESKIN E,ZADOK F,et al.Data mining methods for detection of new malicious executables[C]//Security and Privacy,2001.S&P2001.Proceedings.2001 IEEE Symposium on IEEE,2001:38-49.
[3]Liu W.Mutiple classifier system based android malware detection[C]//Machine Learning and Cybernetics(ICMLC),2013 International Conference on IEEE,2013,1:57-62.
[4]SHARMA A,DASH S K.Mining api calls and permissions for android malware detection[C]//International Conference on Cryptology and Network Security.Springer,Cham,2014:191-205.
[5]杨欢等,基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014.37(1):第15-27页.
[6]王菲飞,基于Android平台的手机恶意代码检测与防护技术研究[D].北京:北京交通大学,2012:45-64.
[7]邵舒迪,虞慧群与范贵生,基于权限和API特征结合的Android恶意软件检测方法[J].计算机科学,2017.44(4):第135-139页.
[8]刘智伟与孙其博,基于权限管理的Android应用行为检测[J].信息网络安全,2014(6):第72-77页.
[9]曾寰,Android平台的恶意程序检测研究[D].成都:电子科技大学,2016:44-53.
[10]齐林,刘功申,孟魁,等.基于静态分析的虚假安卓APP分析与检测[J].通信技术,2017,50(12):2840-2845.
[11]PATIL,T.R.AND S.S.SHEREKAR.Performance analysis of Naive Bayes and J48classification algorithm for data classification[J].International journal of computer science and applications,2013.6(2):p.256-261.
[12]SOUCY P,MINEAU G W.A simple KNN algorithm for text categorization[C]//Data Mining,2001.ICDM 2001,Proceedings IEEE International Conference on.IEEE,2001:647-648.
[13]PAL M.Random forest classifier for remote sensing classification[J].International Journal of Remote Sensing,2005,26(1):217-222.
[14]VirusShare.Android Malicious Applications Collection[DB/OL].VirusShare:https://virusshare.com/
[15]WINSNIEWSKI R.Android-apktool:A tool for reverse engineering android apk files[J].2012.
[16]杨柳,王钰.泛化误差的各种交叉验证估计方法综述[J].计算机应用研究,2015(5):1287-1290.