基于卡方检验的Android恶意应用检测方法
|
摘要
移动终端爆发式增长造成了恶意应用的大量出现,给用户的隐私安全和财产安全带来了巨大的危害.为提高Android应用恶意性检测的准确性,本文将卡方检验与基尼不纯度增量相结合获取更有价值的特征属性;并改进朴素贝叶斯算法提高Android应用恶意性判断的准确性.实验结果表明:新的特征处理方法能够有效提高检测性能;同时,改进后的朴素贝叶斯算法相比原始算法而言准确率有较大的提升.
The explosive growth of mobile terminals has produced endless malicious applications,bring on great harm to the security of users' privacy and property.To solve this problem,a method based on chi-squared test and Gini impurity increment was proposed for more valuable features extraction and the Na■ve Bayes algorithm improvement,so as to improve the estimation accuracy of Android malevolence applications.Test shows that the new features processing method can improve the classification performance of algorithms.At the same time,the improved Na■ve Bayes algorithm can achieve higher accuracy than before.
The explosive growth of mobile terminals has produced endless malicious applications,bring on great harm to the security of users' privacy and property.To solve this problem,a method based on chi-squared test and Gini impurity increment was proposed for more valuable features extraction and the Na■ve Bayes algorithm improvement,so as to improve the estimation accuracy of Android malevolence applications.Test shows that the new features processing method can improve the classification performance of algorithms.At the same time,the improved Na■ve Bayes algorithm can achieve higher accuracy than before.
引文
[1]付玉辉.2016年中国信息传播产业发展概述[J].移动通信,2017,41(1):7-12.Fu Yuhui.Review of China’s information and communication industries in 2016[J].Mobile Communications,2017,41(1):7-12.(in Chinese)
[2]Daniel G.Nokia releases annual threat intelligence report for 2017[R/OL].[2017-11-02].https:∥www.androidheadlines.com/2017/11/nokia-releases-annual-threat-intelligence-report-2017.html.
[3]国家计算机网络应急中心.中国移动互联网发展状况及其安全报告(2017)[R/OL].[2017-11-02].http:∥www.cert.org.cn/publish/main/46/index.html.National Computer Network Emergency Center.China mobile internet development and securityreport(2017)[R/OL].[2017-11-02].http:∥www.cert.org.cn/publish/main/46/index.html.(in Chinese)
[4]杨欢,张玉清,胡予濮,等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014,37(1):15-27.Yang Huan,Zhang Yuqin,Hu Yupu,et al.A malware behavior detection system of Android applications based on multi-class features[J].Chinese Journal of Computers,2014,37(1):15-27.(in Chinese)
[5]曾立鹍,唐泉彬,牛斗.Android系统应用程序组件安全性分析[J].软件,2014,35(3):147-151.Zeng Likun,Tang Quanbin,Niu Dou.Analysis the security of components in android application[J].Computer Engineering&Software,2014,35(3):147-151.(in Chinese)
[6]秦中元,王志远,吴伏宝,等.基于多级签名匹配算法的Android恶意应用检测[J].计算机应用研究,2016,33(3):891-894.Qin Zhongyuan,Wang Zhiyuan,Wu Fubao,et al.Android malware detection based on multi-level signature matching[J].Application Research of Computers,2016,33(3):891-894.(in Chinese)
[7]马锐,任帅敏,马科,等.基于粒子群优化算法的Android应用自动化测试方法[J].北京理工大学学报:自然科学版,2017,37(12):1265-1270.Ma rui,Ren Shuaimin,Ma Ke,et al.Test automation for Android applications based on particle swarm optimization algorithm[J].Transactions of Beijing Institute of Technology,2017,37(12):1265-1270.(in Chinese)
[8]Venugopal D.An efficient signature representation and matching method for mobile devices[C]∥Proceedings of the 2nd Annual International Workshop on Wireless Internet Article.Boston,USA:ACM Press,2006:1-9.
[9]Zheng M,Sun M,Liu J C S.Droid analytics:a signature based analytic system to collect,extract,analyze and associate android malware[C]∥Proceedings of IEEEInternational Conference on Trust.Washington,USA:IEEE Press,2013:163-171.
[10]Chin E,Felta P,Greenwood K,et al.Analyzing interapplication communication in Android[C]∥Proceedings of the 9th ACM International Conference on Mobile Systems,Applications and Services.New York:ACM Press,2011:239-252.
[11]Chan P P F,Hui L C K,Yiu S M.DroidChecker:analyzing android applications for capability leak[C]∥Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks.New York:ACM Press,2012:125-136.
[12]Wei X T,Gomfz L,Neamtiu I,et al.ProfileDroid:multilayer profiling of android applications[C]∥Proceedings of the 18th Annual International Conference on Mobile Computing and Networking.New York:IEEE Press,2012:137-148.
[13]Grace M,Zhou Y,Zhang Q,et al.Risk ranker:scalable and accurate zero-day android malware detection[C]∥Proceedings of the 10th ACM International Conference on Mobile Systems,Applications and Service.New York:ACM Press,2012:281-294.
[14]Enck W,Gilbert P,Chun B G,et al.TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems,2012,32(2):1-29.
[2]Daniel G.Nokia releases annual threat intelligence report for 2017[R/OL].[2017-11-02].https:∥www.androidheadlines.com/2017/11/nokia-releases-annual-threat-intelligence-report-2017.html.
[3]国家计算机网络应急中心.中国移动互联网发展状况及其安全报告(2017)[R/OL].[2017-11-02].http:∥www.cert.org.cn/publish/main/46/index.html.National Computer Network Emergency Center.China mobile internet development and securityreport(2017)[R/OL].[2017-11-02].http:∥www.cert.org.cn/publish/main/46/index.html.(in Chinese)
[4]杨欢,张玉清,胡予濮,等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014,37(1):15-27.Yang Huan,Zhang Yuqin,Hu Yupu,et al.A malware behavior detection system of Android applications based on multi-class features[J].Chinese Journal of Computers,2014,37(1):15-27.(in Chinese)
[5]曾立鹍,唐泉彬,牛斗.Android系统应用程序组件安全性分析[J].软件,2014,35(3):147-151.Zeng Likun,Tang Quanbin,Niu Dou.Analysis the security of components in android application[J].Computer Engineering&Software,2014,35(3):147-151.(in Chinese)
[6]秦中元,王志远,吴伏宝,等.基于多级签名匹配算法的Android恶意应用检测[J].计算机应用研究,2016,33(3):891-894.Qin Zhongyuan,Wang Zhiyuan,Wu Fubao,et al.Android malware detection based on multi-level signature matching[J].Application Research of Computers,2016,33(3):891-894.(in Chinese)
[7]马锐,任帅敏,马科,等.基于粒子群优化算法的Android应用自动化测试方法[J].北京理工大学学报:自然科学版,2017,37(12):1265-1270.Ma rui,Ren Shuaimin,Ma Ke,et al.Test automation for Android applications based on particle swarm optimization algorithm[J].Transactions of Beijing Institute of Technology,2017,37(12):1265-1270.(in Chinese)
[8]Venugopal D.An efficient signature representation and matching method for mobile devices[C]∥Proceedings of the 2nd Annual International Workshop on Wireless Internet Article.Boston,USA:ACM Press,2006:1-9.
[9]Zheng M,Sun M,Liu J C S.Droid analytics:a signature based analytic system to collect,extract,analyze and associate android malware[C]∥Proceedings of IEEEInternational Conference on Trust.Washington,USA:IEEE Press,2013:163-171.
[10]Chin E,Felta P,Greenwood K,et al.Analyzing interapplication communication in Android[C]∥Proceedings of the 9th ACM International Conference on Mobile Systems,Applications and Services.New York:ACM Press,2011:239-252.
[11]Chan P P F,Hui L C K,Yiu S M.DroidChecker:analyzing android applications for capability leak[C]∥Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks.New York:ACM Press,2012:125-136.
[12]Wei X T,Gomfz L,Neamtiu I,et al.ProfileDroid:multilayer profiling of android applications[C]∥Proceedings of the 18th Annual International Conference on Mobile Computing and Networking.New York:IEEE Press,2012:137-148.
[13]Grace M,Zhou Y,Zhang Q,et al.Risk ranker:scalable and accurate zero-day android malware detection[C]∥Proceedings of the 10th ACM International Conference on Mobile Systems,Applications and Service.New York:ACM Press,2012:281-294.
[14]Enck W,Gilbert P,Chun B G,et al.TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems,2012,32(2):1-29.