基于Xgboost的Android恶意软件检测方法
|
摘要
Android操作系统是当今最流行的智能手机操作系统,Android平台的恶意软件也急剧增长,而目前仍然没有十分有效的手段对Android恶意软件进行检测,该文通过分析Android恶意软件并获取特征,采用机器学习算法Xgboost对Android恶意软件进行检测分类。选取Permission、Intent和API作为特征属性并进行优化选择,用Xgboost算法对特征集进行训练和测试,得到最终分类结果。实验结果表明,提出的基于检测方法有较好的检测准确率和较低的误报率。
Android operating system is the most popular smartphone operating system nowadays.Malware on Android platform is also growing rapidly.At present,there is still no very effective means to detect Android malware.By analyzing the characteristics of Android malware,machine learning algorithm Xgboost is used to detect and classify Android malware.Extract Permission,Intent and API as feature attributes and select the optimal feature subset by feature selection algorithm.Xgboost algorithm is used to detect and classify Android malware.The experimental results show that thedetection method proposed have better accuracy of detection and lower false positive rate.
Android operating system is the most popular smartphone operating system nowadays.Malware on Android platform is also growing rapidly.At present,there is still no very effective means to detect Android malware.By analyzing the characteristics of Android malware,machine learning algorithm Xgboost is used to detect and classify Android malware.Extract Permission,Intent and API as feature attributes and select the optimal feature subset by feature selection algorithm.Xgboost algorithm is used to detect and classify Android malware.The experimental results show that thedetection method proposed have better accuracy of detection and lower false positive rate.
引文
[1] Qing SH. Research progress on Android security. Ruan JianXue Bao/Journal of Software, 2016,27(1):45-71(in Chinese).http://www.jos.org.cn/1000-9825/4914.html
[2] ZHANG R, YANG J Y. Android malware detection based onpermission relevance[J]. Journal of Computer Applications,2014, 34(5):1322-1325.
[3] Li W, Ge J, Dai G. Detecting Malware for Android Platform:An SVM-Based Approach[C]//IEEE International Conferenceon Cyber Security and Cloud Computing. Piscataway, New Jer-sey, USA:IEEE Press, 2015:464-469.
[4]赵洋,胡龙,熊虎,等.基于沙盒的Android恶意软件动态分析方案[J].信息网络安全,2014,(12):21-26.
[5] Enck W, Gilbert P, Han S, et al. TaintDroid:An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones[C]//ACM Transactions on Computer Systems.New York, New York, USA:ACM Press, 2014:393-407.
[6]孙润康,彭国军,李晶雯,等.基于行为的Android恶意软件判定方法及其有效性[J].计算机应用,2016, 36(4):973-978.
[7]杨欢,张玉清,胡予淮,等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014, 37(1):15-27.
[8] TIANQI C, GUESTRIN C. XGBoost:A Scalable Tree BoostingSystem[C]//KDD'16 Proceedings of the 22nd ACM SIGKDDInternational Conference on Knowledge Discovery and DataMining. USA, California San Francisco:AMC, 2016.
[9] FENG S Q. Android software security and reverse analysis[M].Beijing:PTPRESS, 2013.
[10] https://play.google.com/store
[11] JIANG X,ZHOU Y. Dissecting Android malware:character-ization and evolution[C]//IEEE Symposium on Security&Pri-vacy. New Jersey, USA:IEEE, 2012:95-109.
[12] YUAN M Y. Data Mining and Machine Learning:WEKAApplication Technology and Practice[M]. Beijing:Tsinghua University Press,2016:329-344.
[2] ZHANG R, YANG J Y. Android malware detection based onpermission relevance[J]. Journal of Computer Applications,2014, 34(5):1322-1325.
[3] Li W, Ge J, Dai G. Detecting Malware for Android Platform:An SVM-Based Approach[C]//IEEE International Conferenceon Cyber Security and Cloud Computing. Piscataway, New Jer-sey, USA:IEEE Press, 2015:464-469.
[4]赵洋,胡龙,熊虎,等.基于沙盒的Android恶意软件动态分析方案[J].信息网络安全,2014,(12):21-26.
[5] Enck W, Gilbert P, Han S, et al. TaintDroid:An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones[C]//ACM Transactions on Computer Systems.New York, New York, USA:ACM Press, 2014:393-407.
[6]孙润康,彭国军,李晶雯,等.基于行为的Android恶意软件判定方法及其有效性[J].计算机应用,2016, 36(4):973-978.
[7]杨欢,张玉清,胡予淮,等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014, 37(1):15-27.
[8] TIANQI C, GUESTRIN C. XGBoost:A Scalable Tree BoostingSystem[C]//KDD'16 Proceedings of the 22nd ACM SIGKDDInternational Conference on Knowledge Discovery and DataMining. USA, California San Francisco:AMC, 2016.
[9] FENG S Q. Android software security and reverse analysis[M].Beijing:PTPRESS, 2013.
[10] https://play.google.com/store
[11] JIANG X,ZHOU Y. Dissecting Android malware:character-ization and evolution[C]//IEEE Symposium on Security&Pri-vacy. New Jersey, USA:IEEE, 2012:95-109.
[12] YUAN M Y. Data Mining and Machine Learning:WEKAApplication Technology and Practice[M]. Beijing:Tsinghua University Press,2016:329-344.