基于权限与行为的Android恶意软件检测研究
|
摘要
针对Android平台恶意应用,从Android自身权限机制入手,提出了一种静态权限特征分析和动态行为分析相结合、将行为映射为权限特征的方法,并采用关联分析算法挖掘出权限特征之间的关联规则,把权限特征和行为特征作为朴素贝叶斯分类算法的输入,建立了一个恶意应用检测模型,最后通过实验验证了该方法的有效性和准确性。
For the Android platform malicious application, a method of mapping behavior to privilege characteristics by combining static privilege feature analysis and dynamic behavior analysis was proposed, and association analysis algorithm was used to dig out the association rules between privilege features. Feature as a naive Bayesian classification algorithm input, a malicious application detection model was established. Finally, the experiment verify the effectiveness and accuracy of the method.
For the Android platform malicious application, a method of mapping behavior to privilege characteristics by combining static privilege feature analysis and dynamic behavior analysis was proposed, and association analysis algorithm was used to dig out the association rules between privilege features. Feature as a naive Bayesian classification algorithm input, a malicious application detection model was established. Finally, the experiment verify the effectiveness and accuracy of the method.
引文
[1]Strategy analytics:Android captures record 88 percent share of global smartphone shipments in Q3 2016[EB/OL].https://www.strategyanalytics.com/strategy-analytics/news/strategy-analyticspress-releases/strategy-analytics-press-release/2016/11/02/strategy-analytics-android-captures-record-88-percent-share-of-global-smartphone-s hipments-in-q3-2016?slid=90814&spg=3#.WG2VCl V951s.
[2]2016年第三季度中国互联网安全报告[EB/OL].http://www.docin.com/p-1787390122.html&form Daily=1.The Chinese Internet security reportin the third quarter of 2016[EB/OL].http://www.docin.com/p-1787390122.html&form Daily=1.
[3]张怡婷,张扬,张涛,等.基于朴素贝叶斯的Android软件恶意行为智能识别[J].东南大学学报,2015,45(2):224-230.ZHANG Y T,ZHANG Y,ZHANG T,et al.Based on naive bayesian Android software malicious behavior intelligent identification[J].Journal of Southeast University,2015,45(2):224-230.
[4]陈宏伟.基于关联分析的Android权限滥用攻击检测系统研究[D].合肥:中国科学技术大学,2016.CHEN H W.Research on Android rights abuse attack detection system based on correlation analysis[D].Hefei:China University of Science and Technology,2016.
[5]张锐,杨吉云.基于权限相关性的Android恶意软件检测[J].计算机应用,2014,34(5):1322-1325.ZHANG R,YANG J Y.Android malware detection based on permission relevance[J].Journal of Computer Applications,2014,34(5):1322-1325.
[6]黄梅根,曾云科.基于权限组合的Android窃取隐私恶意应用检测方法[J].计算机应用与软件,2016,33(9):320-333.HUANG M G,ZENG Y K.Based on the combination of authority Android steal privacy application detection method[J].Computer Applications and Software,2016,33(9):320-333.
[7]ENCK W,GILBERT P,CHUN B G,et al.Taint Droid:an information flow tracking system for real-time privacy monitoring on smartphones[C]//Usenix Symposium on Operating Systems Design and Implementation(OSDI 2010).2010:393-407.
[8]ZHANG Y,YANG M,XU B,et al.Vetting undesirable behaviors in Android apps with permission use analysis[C]//The 20th ACM Conference on Computer and Communications Security.2013:611-622.
[9]The developer’s guide[EB/OL].https://developer.android.google.cn/guide/index.html.
[10]杨欢,张玉清,胡予濮,等.基于权限频繁模式挖掘算法的Android恶意应用检测方法[J].通信学报,2013,34(Z1):106-115.YANG H,ZHANG Y Q,HU Y P,et al.Android malicious application detection method based on privilege frequent pattern mining algorithm[J].Journal on Communications,2013,34(Z1):106-115.
[11]HUANG J J,ZHANG X Y,TAN L.Detecting sensitive data disclosure via bi-directional text correlation analysis[C]//The 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering.2016:169-180.
[12]AKSHAY N,PRATEEK S.The curse of 140 characters:evaluating the efficacy of SMS spam detection on Android[C]//The 3rd ACMworkshop on Security and Privacy in Smartphones&Mobile Devices.2013:33-42.
[13]蔡泽廷,姜梅.基于权限的朴素贝叶斯Android恶意软件检测研究[J].电脑知识与技术,2013,9(14):3288-3291.CAI Z T,JIANG M.Research on naive bayesian Android malware detection based on permission[J].Computer Knowledge and Technology,2013,9(14):3288-3291.
[14]Virus Share.com.Beacause sharing is caring[EB/OL].https://virusshare.com/.
[2]2016年第三季度中国互联网安全报告[EB/OL].http://www.docin.com/p-1787390122.html&form Daily=1.The Chinese Internet security reportin the third quarter of 2016[EB/OL].http://www.docin.com/p-1787390122.html&form Daily=1.
[3]张怡婷,张扬,张涛,等.基于朴素贝叶斯的Android软件恶意行为智能识别[J].东南大学学报,2015,45(2):224-230.ZHANG Y T,ZHANG Y,ZHANG T,et al.Based on naive bayesian Android software malicious behavior intelligent identification[J].Journal of Southeast University,2015,45(2):224-230.
[4]陈宏伟.基于关联分析的Android权限滥用攻击检测系统研究[D].合肥:中国科学技术大学,2016.CHEN H W.Research on Android rights abuse attack detection system based on correlation analysis[D].Hefei:China University of Science and Technology,2016.
[5]张锐,杨吉云.基于权限相关性的Android恶意软件检测[J].计算机应用,2014,34(5):1322-1325.ZHANG R,YANG J Y.Android malware detection based on permission relevance[J].Journal of Computer Applications,2014,34(5):1322-1325.
[6]黄梅根,曾云科.基于权限组合的Android窃取隐私恶意应用检测方法[J].计算机应用与软件,2016,33(9):320-333.HUANG M G,ZENG Y K.Based on the combination of authority Android steal privacy application detection method[J].Computer Applications and Software,2016,33(9):320-333.
[7]ENCK W,GILBERT P,CHUN B G,et al.Taint Droid:an information flow tracking system for real-time privacy monitoring on smartphones[C]//Usenix Symposium on Operating Systems Design and Implementation(OSDI 2010).2010:393-407.
[8]ZHANG Y,YANG M,XU B,et al.Vetting undesirable behaviors in Android apps with permission use analysis[C]//The 20th ACM Conference on Computer and Communications Security.2013:611-622.
[9]The developer’s guide[EB/OL].https://developer.android.google.cn/guide/index.html.
[10]杨欢,张玉清,胡予濮,等.基于权限频繁模式挖掘算法的Android恶意应用检测方法[J].通信学报,2013,34(Z1):106-115.YANG H,ZHANG Y Q,HU Y P,et al.Android malicious application detection method based on privilege frequent pattern mining algorithm[J].Journal on Communications,2013,34(Z1):106-115.
[11]HUANG J J,ZHANG X Y,TAN L.Detecting sensitive data disclosure via bi-directional text correlation analysis[C]//The 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering.2016:169-180.
[12]AKSHAY N,PRATEEK S.The curse of 140 characters:evaluating the efficacy of SMS spam detection on Android[C]//The 3rd ACMworkshop on Security and Privacy in Smartphones&Mobile Devices.2013:33-42.
[13]蔡泽廷,姜梅.基于权限的朴素贝叶斯Android恶意软件检测研究[J].电脑知识与技术,2013,9(14):3288-3291.CAI Z T,JIANG M.Research on naive bayesian Android malware detection based on permission[J].Computer Knowledge and Technology,2013,9(14):3288-3291.
[14]Virus Share.com.Beacause sharing is caring[EB/OL].https://virusshare.com/.