Android恶意软件检测方法研究综述
|
摘要
基于Android系统恶意软件检测的全流程,对比和分析了国内外的研究现状和进展,从样本获取的角度介绍了标准化数据样本的来源及作用,从特征选择的角度阐述了特征选择应遵循的原则;重点从检测方法的角度对比和分析了各种检测方法的优缺点,同时总结和归纳了特征数据集筛选方法以及实验结果评估方法。最后结合实际应用和需求,展望了未来Android恶意软件检测方法的研究和发展方向。
Based on the whole process of malware detection in the Android system,this paper compared and analyzed the status and progress of the research at home and abroad,introduced the source and function of the standardized data samples from the point of view of sample acquisition,and expounded the principles to be followed in the feature selection. This paper compared and analyzed the advantages and disadvantages of various detection methods from the point of view of detection methods,and summed up and summarized the selection methods of feature data sets and the evaluation methods of experimental results.Finally,it prospected the research and development direction of the future Android malware detection method.
Based on the whole process of malware detection in the Android system,this paper compared and analyzed the status and progress of the research at home and abroad,introduced the source and function of the standardized data samples from the point of view of sample acquisition,and expounded the principles to be followed in the feature selection. This paper compared and analyzed the advantages and disadvantages of various detection methods from the point of view of detection methods,and summed up and summarized the selection methods of feature data sets and the evaluation methods of experimental results.Finally,it prospected the research and development direction of the future Android malware detection method.
引文
[1] Jiang Xuxian,Zhou Yajin. Dissecting Android malware:characterization and evolution[C]//Proc of IEEE Symposium on Security and Privacy. Washington DC:IEEE Press,2012:95-109.
[2]张玉清,王凯,杨欢,等. Android安全综述[J].计算机研究与发展,2014,51(7):1385-1396.(Zhang Yuqing,Wang Kai,Yang Huan,et al. Security of Android OS security[J]. Journal of Computer Research and Develpoment,2014,51(7):1385-1396.)
[3] Rastogi V,Chen Yan,Jiang Xuxian. Catch me if you can:evaluating Android anti-malware against transformation attacks[J]. IEEE Trans on Information Forensics&Security,2013,9(1):99-108.
[4] https://virusshare. com/[EB/OL].
[5] http://contagiodump. blogspot. com/[EB/OL].
[6]魏理豪,艾解清,邹洪,等. Android恶意软件的多特征协作决策检测方法[J].计算机工程与应用,2016,52(20):5-13.(Wei Lihao,Ai Jieqing,Zou Hong,et al. Android malware detection method based on multifeature collaborative decision[J]. Computer Engineering and Applications,2016,52(20):5-13.)
[7] Yerima S Y,Sezer S,Mc Williams G. Analysis of Bayesian classification-based approaches for Android malware detection[J]. IET Information Security,2014,8(1):25-36.
[8] Backdoor:Android/Dendroid. A[EB/OL].(2015-06-01). http://www. f-secure. com/v-descs/backdoor_android_dendroid_a. shtml.
[9] Gianazza A,Maggi F,Fattori A,et al. PuppetDroid:a user-centric UI exerciser for automatic dynamic analysis of similar Android applications[EB/OL].(2016-07-13). https://arxiv. org/abs/1402. 4826.
[10]Ham Y J,Lee H W. Detection of malicious android mobile applications based on aggregated system call events[J]. International Journal of Computer&Communication Engineering,2014,3(2):149-154.
[11]Ham Y J,Moon D,Lee H W,et al. Android mobile application system call event pattern analysis for determination of malicious attack[J]. International Journal of Security&Its Applications,2014,8(1):231-246.
[12]Deshotels L,Notani V,Lakhotia A. DroidLegacy:automated familial classification of Android malware[C]//Proc of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop. New York:ACM Press,2014:1-12.
[13]Seo S H,Gupta A,Sallam A M,et al. Detecting mobile malware threats to homeland security through static analysis[J]. Journal of Network&Computer Applications,2014,38(1):43-53.
[14]Arp D,Spreitzenbarth M,Hubner M,et al. DREBIN:effective and explainable detection of Android malware in your pocket[C]//Proc of Network and Distributed System Security Symposium. Reston,Virginia:Internet Society,2014.
[15]Garcia-Teodoro P, Diza-Verdejo J, Maciá-Fernández G, et al.Anomaly-based network intrusion detection:techniques,systems and challenges[J]. Computers&Security,2009,28(1-2):18-28.
[16]Zheng Ming,Sun Mingshen,Lui J C S. Droid analytics:a signature based analytic system to collect,extract,analyze and associate Android malware[C]//Proc of the 12th IEEE International Conference on Trust,Security and Privacy in Computing and Communications.Washington DC:IEEE Computer Society,2013:163-171.
[17]秦中元,王志远,吴伏宝,等.基于多级签名匹配算法的Android恶意应用检测[J].计算机应用研究,2016,33(3):891-895.(Qin Zhongyuan,Wang Zhiyuan,Wu Fubao,et al. Android malware detection based on multi-level signature matching[J]. Application Research of Computers,2016,33(3):891-895.)
[18] Sahs J,Khan L. A machine learning approach to Android malware detection[C]//Proc of Intelligence and Security Informatics Conference. Piscataway,NJ:IEEE Press,2012:141-147.
[19]张国印,曲家兴,李晓光.基于贝叶斯网络的Android恶意行为检测方法[J].计算机工程与应用,2016,52(17):16-23,191.(Zhang Guoyin,Qu Jiaxing,Li Xiaoguang. Way of Android malicious behavior detection based on Bayesian networks[J]. Computer Engineering and Applications,2016,52(17):16-23,191.)
[20]Petsas T,Voyatzis G,Athanasopoulos E,et al. Rage against the virtual machine:hindering dynamic analysis of Android malware[C]//Proc of European Workshop on System Security. New York:ACM Press,2014:1-6.
[21]Suarez-Tangil G,Tapiador J E,Peris-Lopez P,et al. Evolution,detection and analysis of malware for smart devices[J]. IEEE Communications Surveys&Tutorials,2014,16(2):961-987.
[22]Lu Long,Li Zhichun,Wu Zhenyu,et al. CHEX:statically vetting Android apps for component hijacking vulnerabilities[C]//Proc of ACM Conference on Computer and Communications Security. New York:ACM Press,2012:229-240.
[23]Feizollah A,Anuar N B,Sallen R,et al. A study of machine learning classifiers for anomaly-based mobile botnet detection[J]. Malaysian Journal of Computer Science,2013,26(4):251-265.
[24]Malik J,Kaushal R. CREDROID:Android malware detection by network traffic analysis[C]//Proc of ACM Workshop on Privacy-Aware Mobile Computing. New York:ACM Press,2016:28-36.
[25]Felt A P,Chin E,Hanna S,et al. Android permissions demystified[C]//Proc of ACM Conference on Computer and Communications Security. New York:ACM Press,2011:627-638.
[26]Permission[EB/OL]. http://developer. android. com/guide/topics/manifest/permission-element. html.
[27]Peng Hao,Gates C,Sarma B,et al. Using probabilistic generative models for ranking risks of Android apps[C]//Proc of ACM Conference on Computer and Communications Security. New York:ACM Press,2012:241-252.
[28]Wang Yang,Zheng Jun,Sun Chen,et al. Quantitative security risk assessment of Android permissions and applications[C]//Proc of IFIP Wg 11. 3 Conference on Data and Applications Security and Privacy. Berlin:Springer,2013:226-241.
[29]Pandita R,Xiao Xusheng,Yang Wei,et al. WHYPER:towards automating risk assessment of mobile applications[C]//Proc of the22nd USENIX Conference on Security. Berkeley,CA:USENIX Association,2013:527-542.
[30]何文才,闫翔宇,刘培鹤,等.基于最小距离分类器的Android恶意软件检测方案[J].计算机应用研究,2017,34(7):2184-2188.(He Wencai,Yan Xiangyu,Liu Peihe,et al. Android malware detection based on minimum-distance classifier[J]. Application Research of Computers,2017,34(7):2184-2188.
[31]Sarma B P,Li Ninghui,Gates C,et al. Android permissions:a perspective combining risks and benefits[C]//Proc of ACM Symposium on Access Control Models and Technologies. New York:ACM Press,2012:13-22.
[32]Sanz B,Santos I,Laorden C,et al. PUMA:permission usage to detect malware in Android[M]. Berlin:Springer,2013:289-298.
[33]许艳萍,伍淳华,侯美佳,等.基于改进朴素贝叶斯的Android恶意应用检测技术[J].北京邮电大学学报,2016,39(2):43-47.(Xu Yanping,Wu Chunhua,Hou Meijia,et al. Android malware detection technology based on improved Naive Bayesian[J].Journal of Beijing University of Posts and Telecommunications,2016,39(2):43-47.)
[34]Wu Dongjie,Mao C H,Wei Teen,et al. DroidMat:Android malware detection through manifest and API calls tracing[C]//Proc of the 7th Asia Joint Conference on Information Security. Washington DC:IEEE Computer Society,2012:62-69.
[35]周裕娟,张红梅,张向利,等.基于Android权限信息的恶意软件检测[J].计算机应用研究,2015,32(10):3036-3040.(Zhou Yujuan,Zhang Hongmei,Zhang Xiangli,et al. Malware detection based on Android permission information[J]. Application Research of Computers,2015,32(10):3036-3040.)
[36]Moonsamy V,Rong Jia,Liu Shaowu. Mining permission patterns for contrasting clean and malicious Android applications[J]. Future Generation Computer Systems,2014,36(3):122-132.
[37]Huang Chunying,Tsai Y,Hsu C. Performance evaluation on permission-based detection for Android malware[M]. Berlin:Springer,2013:111-120.
[38]Google. Introducing art[M]. New York:Mc Graw-Hill Education,2014.
[39]李挺,董航,袁春阳,等.基于Dalvik指令的Android恶意代码特征描述及验证[J].计算机研究与发展,2014,51(7):1458-1466.(Li Ting,Dong Hang,Yuan Chunyang,et al. Description of Android malware feature based on Dalvik instructions[J]. Journal of Computer Research and Development,2014,51(7):1458-1466.)
[40]Grace M,Zhou Yajin,Zhang Qiang,et al. RiskRanker:scalable and accurate zero-day Android malware detection[C]//Proc of International Conference on Mobile Systems,Applications,and Services. New York:ACM Press,2012:281-294.
[41]Yerima S Y,Sezer S,Mc Williams G,et al. A new Android malware detection approach using Bayesian classification[C]//Proc of the27th IEEE International Conference on Advanced Information Networking and Applications. Washington DC:IEEE Computer Society,2013:121-128.
[42]祝小兰,王俊峰,杜垚,等.基于敏感权限及其函数调用图的Android恶意代码检测[J].四川大学学报:自然科学版,2016,53(3):526-533.(Zhu Xiaolan,Wang Junfeng,Du Yao,et al.Detecting Android malware based on sensitive permissions and function-call graphs[J]. Journal of Sichuan University:Natural Science Edition,2016,53(3):526-533.)
[43] Suarez-Tangil G,Tapiador J E,Peris-Lopez P,et al. Dendroid:a text mining approach to analyzing and classifying code structures in Android malware families[J]. Expert Systems with Applications,2014,41(4):1104-1117.
[44]Crussell J,Gibler C,Chen Hao. Attack of the clones:detecting cloned applications on Android markets[C]//Proc of European Symposium on Research in Computer Security. Berlin:Springer,2012:37-54.
[45]Xu Jianlin,Yu Yifan,Chen Zhen,et al. Mob Safe:cloud computing based forensic analysis for massive mobile applications using data mining[J]. Journal of Tsinghua University:Science and Technology,2013,18(4):418-427.
[46]Chin E,Felt A P,Greenwood K,et al. Analyzing inter-application communication in Android[J]. Plant&Soil,2011,269(1-2):309-320.
[47]Chen Jian,Alalfi M H,Dean T R,et al. Detecting Android malware using clone detection[J]. Journal of Computer Science and Technology,2015,30(5):942-956.
[48]王志强,张玉清,刘奇旭,等.一种Android恶意行为检测算法[J].西安电子科技大学学报,2015,42(3):8-14.(Wang Zhiqiang,Zhang Yuqing,Liu Qixu,et al. Algorithm to detect Android malicious behaviors[J]. Journal of Xidian University,2015,42(3):8-14.)
[49]Zhang Luoshi,Yan Niu,Xiao Wu,et al. A3:automatic analysis of Android malware[C]//Proc of the 1st International Workshop on Cloud Computing&Information Security. Paris:Atlantis Press,2013:89-93.
[50]Baeza-Yates R A,Ribeiro-Neto B. Modern information retrieval[M].[S. l.]:Addison Wesley,2011:26-28.
[51]Shabtai A,Fledel Y,Elovici Y. Automated static code analysis for classifying Android applications using machine learning[C]//Proc of International Conference on Computational Intelligence and Security.Washington DC:IEEE Press,2011:329-333.
[52]程运安,汪奕祥.基于多特征的Android恶意软件检测方法[J].计算机工程与应用,2017,53(8):95-101.(Chen Yun’an,Wang Yixiang. An Android malware detection method based on Naive Bayes algorithm with multiple characters[J]. Computer Engineering and Applications,2017,53(8):95-101.)
[53]Burguera I,Zurutuza U,Nadjm-Tehrani S. Crowdroid:behaviorbased malware detection system for Android[C]//Proc of ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. New York:ACM Press,2011:15-26.
[54]Zhao Min,Ge Fangbin,Zhang Tao,et al. AntiMalDroid:an efficient SVM-based malware detection framework for Android[C]//Proc of International Conference on Information Computing and Applications.Berlin:Springer,2011:158-166.
[55]Yan L K,Yin Heng. DroidScope:seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis[C]//Proc of the 21st USENIX Conference on Security. Berkeley,CA:USENIX Association,2013:29.
[56]Su X,Chuah M,Tan G. Smartphone dual defense protection framework:detecting malicious applications in Android m Arkets[C]//Proc of the 8th International Conference on Mobile Ad hoc and Sensor Networks. Washington DC:IEEE Computer Society,2012:153-160.
[57]Khune R S,Thangakumar J. A cloud-based intrusion detection system for Android smartphones[C]//Proc of International Conference on Radar,Communication and Computing. Washington DC:IEEE Press,2013:180-184.
[58]蔡志标,彭新光.基于系统调用的Android恶意软件检测[J].计算机工程与设计,2013 34(11):3757-3761.(Cai Zhibiao,Peng Xinguang. Detection of Android malware based on system calls[J].Computer Engineering and Design,2013,34(11):3757-3761.)
[59] Dini G,Martinelli F,Saracino A,et al. MADAM:a multi-level anomaly detector for Android malware[C]//Proc of International Conference on Mathematical Methods,Models and Architectures for Computer Network Security. Berlin:Springer,2012:240-253.
[60]Amos B,Turner H,White J. Applying machine learning classifiers to dynamic Android malware detection at scale[C]//Proc of the 9th International Wireless Communications and Mobile Computing Conference. Piscataway,NJ:IEEE Press,2013:1666-1671.
[61]Ham H S,Choi M J. Analysis of Android malware detection performance using machine learning classifiers[C]//Proc of International Conference on ICT Convergence. Piscataway,NJ:IEEE Press,2013:490-495.
[62]Hoffmann J,Neumann S,Holz T. Mobile malware detection based on energy fingerprints:a dead end?[C]//Proc of International Workshop on Recent Advances in Intrusion Detection. Berlin:Springer,2013:348-368.
[63]Machiry A,Tahiliani R,Naik M. Dynodroid:an input generation system for Android apps[C]//Proc of Joint Meeting on Foundations of Software Engineering. New York:ACM Press,2013:224-234.
[64] Blasing T,Batyuk L,Schmidt A D,et al. An Android application sandbox system for suspicious software detection[C]//Proc of International Conference on Malicious and Unwanted Software. Piscataway,NJ:IEEE Press,2010:55-62.
[65]潘夏福.基于KNN算法和K-means算法的Android恶意软件检测[J].电脑知识与技术,2016,12(14):216-218.(Pan Xiafu.Detection of Android malware based on KNN glgorithm and K-means algorithm[J]. Computer Knowledge and Technology,2016,12(14):216-218.)
[66]Spreitzenbarth M,Freiling F,Echtler F,et al. Mobile-sandbox:having a deeper look into Android applications[C]//Proc of ACM Symposium on Applied Computing. New York:ACM Press,2013:1808-1815.
[67]Eder T,Rodler M,Vymazal D,et al. ANANAS:a framework for analyzing Android applications[C]//Proc of International Conference on Availability, Reliability and Security. Washington DC:IEEE Computer Society,2013:711-719.
[68]Jensen R,Shen Qiang. Computational intelligence and feature selection:rough and fuzzy approaches[M]. Hoboken:Wiley-IEEE Press,2008:438.
[69]Shabtai A,Elovici Y. Applying behavioral detection on Androidbased devices[C]//Proc of International Conference on Mobile Wireless Middleware,Operating Systems,and Applications. Berlin:Springer,2010:235-249.
[70]Shabtai A,Tenenboim-Chekina L,Mimran D,et al. Mobile malware detection through analysis of deviations in application network behavior[J]. Computers&Security,2014,43(6):1-18.
[71]王聪,张仁斌,李钢.基于关联特征的贝叶斯Android恶意程序检测技术[J].计算机应用与软件,2017,34(1):286-292.(Wang Cong,Zhang Renbin,Li Gang. Bayesian Android malware detection technology based on the features of association[J]. Computer Applications and Software,2017,34(1):286-292.)
[72]张思琪.基于改进贝叶斯分类的Android恶意软件检测[J].无线电通信技术,2014,40(6):73-76.(Zhang Siqi. Android malware detection technology based on improved Bayesian classification[J]. Radio Communications Technology,2014,40(6):73-76.)
[73]张锐,杨吉云.基于权限相关性的Android恶意软件检测[J].计算机应用,2014,34(5):1322-1325.(Zhang Rui,Yang Jiyun.Android malware detection based on permission correlation[J]. Journal of Computer Applications,2014,34(5):1322-1325.)
[74]卢文清,何加铭,曾兴斌,等.基于混合特征的Android恶意软件静态检测[J].无线电通信技术,2014,40(6):64-68.(Lu Wenqing,He Jiaming,Zeng Xingbin,et al. Android malware static detection based on hybrid features[J]. Radio Communications Technology,2014,40(6):64-68.)
[2]张玉清,王凯,杨欢,等. Android安全综述[J].计算机研究与发展,2014,51(7):1385-1396.(Zhang Yuqing,Wang Kai,Yang Huan,et al. Security of Android OS security[J]. Journal of Computer Research and Develpoment,2014,51(7):1385-1396.)
[3] Rastogi V,Chen Yan,Jiang Xuxian. Catch me if you can:evaluating Android anti-malware against transformation attacks[J]. IEEE Trans on Information Forensics&Security,2013,9(1):99-108.
[4] https://virusshare. com/[EB/OL].
[5] http://contagiodump. blogspot. com/[EB/OL].
[6]魏理豪,艾解清,邹洪,等. Android恶意软件的多特征协作决策检测方法[J].计算机工程与应用,2016,52(20):5-13.(Wei Lihao,Ai Jieqing,Zou Hong,et al. Android malware detection method based on multifeature collaborative decision[J]. Computer Engineering and Applications,2016,52(20):5-13.)
[7] Yerima S Y,Sezer S,Mc Williams G. Analysis of Bayesian classification-based approaches for Android malware detection[J]. IET Information Security,2014,8(1):25-36.
[8] Backdoor:Android/Dendroid. A[EB/OL].(2015-06-01). http://www. f-secure. com/v-descs/backdoor_android_dendroid_a. shtml.
[9] Gianazza A,Maggi F,Fattori A,et al. PuppetDroid:a user-centric UI exerciser for automatic dynamic analysis of similar Android applications[EB/OL].(2016-07-13). https://arxiv. org/abs/1402. 4826.
[10]Ham Y J,Lee H W. Detection of malicious android mobile applications based on aggregated system call events[J]. International Journal of Computer&Communication Engineering,2014,3(2):149-154.
[11]Ham Y J,Moon D,Lee H W,et al. Android mobile application system call event pattern analysis for determination of malicious attack[J]. International Journal of Security&Its Applications,2014,8(1):231-246.
[12]Deshotels L,Notani V,Lakhotia A. DroidLegacy:automated familial classification of Android malware[C]//Proc of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop. New York:ACM Press,2014:1-12.
[13]Seo S H,Gupta A,Sallam A M,et al. Detecting mobile malware threats to homeland security through static analysis[J]. Journal of Network&Computer Applications,2014,38(1):43-53.
[14]Arp D,Spreitzenbarth M,Hubner M,et al. DREBIN:effective and explainable detection of Android malware in your pocket[C]//Proc of Network and Distributed System Security Symposium. Reston,Virginia:Internet Society,2014.
[15]Garcia-Teodoro P, Diza-Verdejo J, Maciá-Fernández G, et al.Anomaly-based network intrusion detection:techniques,systems and challenges[J]. Computers&Security,2009,28(1-2):18-28.
[16]Zheng Ming,Sun Mingshen,Lui J C S. Droid analytics:a signature based analytic system to collect,extract,analyze and associate Android malware[C]//Proc of the 12th IEEE International Conference on Trust,Security and Privacy in Computing and Communications.Washington DC:IEEE Computer Society,2013:163-171.
[17]秦中元,王志远,吴伏宝,等.基于多级签名匹配算法的Android恶意应用检测[J].计算机应用研究,2016,33(3):891-895.(Qin Zhongyuan,Wang Zhiyuan,Wu Fubao,et al. Android malware detection based on multi-level signature matching[J]. Application Research of Computers,2016,33(3):891-895.)
[18] Sahs J,Khan L. A machine learning approach to Android malware detection[C]//Proc of Intelligence and Security Informatics Conference. Piscataway,NJ:IEEE Press,2012:141-147.
[19]张国印,曲家兴,李晓光.基于贝叶斯网络的Android恶意行为检测方法[J].计算机工程与应用,2016,52(17):16-23,191.(Zhang Guoyin,Qu Jiaxing,Li Xiaoguang. Way of Android malicious behavior detection based on Bayesian networks[J]. Computer Engineering and Applications,2016,52(17):16-23,191.)
[20]Petsas T,Voyatzis G,Athanasopoulos E,et al. Rage against the virtual machine:hindering dynamic analysis of Android malware[C]//Proc of European Workshop on System Security. New York:ACM Press,2014:1-6.
[21]Suarez-Tangil G,Tapiador J E,Peris-Lopez P,et al. Evolution,detection and analysis of malware for smart devices[J]. IEEE Communications Surveys&Tutorials,2014,16(2):961-987.
[22]Lu Long,Li Zhichun,Wu Zhenyu,et al. CHEX:statically vetting Android apps for component hijacking vulnerabilities[C]//Proc of ACM Conference on Computer and Communications Security. New York:ACM Press,2012:229-240.
[23]Feizollah A,Anuar N B,Sallen R,et al. A study of machine learning classifiers for anomaly-based mobile botnet detection[J]. Malaysian Journal of Computer Science,2013,26(4):251-265.
[24]Malik J,Kaushal R. CREDROID:Android malware detection by network traffic analysis[C]//Proc of ACM Workshop on Privacy-Aware Mobile Computing. New York:ACM Press,2016:28-36.
[25]Felt A P,Chin E,Hanna S,et al. Android permissions demystified[C]//Proc of ACM Conference on Computer and Communications Security. New York:ACM Press,2011:627-638.
[26]Permission[EB/OL]. http://developer. android. com/guide/topics/manifest/permission-element. html.
[27]Peng Hao,Gates C,Sarma B,et al. Using probabilistic generative models for ranking risks of Android apps[C]//Proc of ACM Conference on Computer and Communications Security. New York:ACM Press,2012:241-252.
[28]Wang Yang,Zheng Jun,Sun Chen,et al. Quantitative security risk assessment of Android permissions and applications[C]//Proc of IFIP Wg 11. 3 Conference on Data and Applications Security and Privacy. Berlin:Springer,2013:226-241.
[29]Pandita R,Xiao Xusheng,Yang Wei,et al. WHYPER:towards automating risk assessment of mobile applications[C]//Proc of the22nd USENIX Conference on Security. Berkeley,CA:USENIX Association,2013:527-542.
[30]何文才,闫翔宇,刘培鹤,等.基于最小距离分类器的Android恶意软件检测方案[J].计算机应用研究,2017,34(7):2184-2188.(He Wencai,Yan Xiangyu,Liu Peihe,et al. Android malware detection based on minimum-distance classifier[J]. Application Research of Computers,2017,34(7):2184-2188.
[31]Sarma B P,Li Ninghui,Gates C,et al. Android permissions:a perspective combining risks and benefits[C]//Proc of ACM Symposium on Access Control Models and Technologies. New York:ACM Press,2012:13-22.
[32]Sanz B,Santos I,Laorden C,et al. PUMA:permission usage to detect malware in Android[M]. Berlin:Springer,2013:289-298.
[33]许艳萍,伍淳华,侯美佳,等.基于改进朴素贝叶斯的Android恶意应用检测技术[J].北京邮电大学学报,2016,39(2):43-47.(Xu Yanping,Wu Chunhua,Hou Meijia,et al. Android malware detection technology based on improved Naive Bayesian[J].Journal of Beijing University of Posts and Telecommunications,2016,39(2):43-47.)
[34]Wu Dongjie,Mao C H,Wei Teen,et al. DroidMat:Android malware detection through manifest and API calls tracing[C]//Proc of the 7th Asia Joint Conference on Information Security. Washington DC:IEEE Computer Society,2012:62-69.
[35]周裕娟,张红梅,张向利,等.基于Android权限信息的恶意软件检测[J].计算机应用研究,2015,32(10):3036-3040.(Zhou Yujuan,Zhang Hongmei,Zhang Xiangli,et al. Malware detection based on Android permission information[J]. Application Research of Computers,2015,32(10):3036-3040.)
[36]Moonsamy V,Rong Jia,Liu Shaowu. Mining permission patterns for contrasting clean and malicious Android applications[J]. Future Generation Computer Systems,2014,36(3):122-132.
[37]Huang Chunying,Tsai Y,Hsu C. Performance evaluation on permission-based detection for Android malware[M]. Berlin:Springer,2013:111-120.
[38]Google. Introducing art[M]. New York:Mc Graw-Hill Education,2014.
[39]李挺,董航,袁春阳,等.基于Dalvik指令的Android恶意代码特征描述及验证[J].计算机研究与发展,2014,51(7):1458-1466.(Li Ting,Dong Hang,Yuan Chunyang,et al. Description of Android malware feature based on Dalvik instructions[J]. Journal of Computer Research and Development,2014,51(7):1458-1466.)
[40]Grace M,Zhou Yajin,Zhang Qiang,et al. RiskRanker:scalable and accurate zero-day Android malware detection[C]//Proc of International Conference on Mobile Systems,Applications,and Services. New York:ACM Press,2012:281-294.
[41]Yerima S Y,Sezer S,Mc Williams G,et al. A new Android malware detection approach using Bayesian classification[C]//Proc of the27th IEEE International Conference on Advanced Information Networking and Applications. Washington DC:IEEE Computer Society,2013:121-128.
[42]祝小兰,王俊峰,杜垚,等.基于敏感权限及其函数调用图的Android恶意代码检测[J].四川大学学报:自然科学版,2016,53(3):526-533.(Zhu Xiaolan,Wang Junfeng,Du Yao,et al.Detecting Android malware based on sensitive permissions and function-call graphs[J]. Journal of Sichuan University:Natural Science Edition,2016,53(3):526-533.)
[43] Suarez-Tangil G,Tapiador J E,Peris-Lopez P,et al. Dendroid:a text mining approach to analyzing and classifying code structures in Android malware families[J]. Expert Systems with Applications,2014,41(4):1104-1117.
[44]Crussell J,Gibler C,Chen Hao. Attack of the clones:detecting cloned applications on Android markets[C]//Proc of European Symposium on Research in Computer Security. Berlin:Springer,2012:37-54.
[45]Xu Jianlin,Yu Yifan,Chen Zhen,et al. Mob Safe:cloud computing based forensic analysis for massive mobile applications using data mining[J]. Journal of Tsinghua University:Science and Technology,2013,18(4):418-427.
[46]Chin E,Felt A P,Greenwood K,et al. Analyzing inter-application communication in Android[J]. Plant&Soil,2011,269(1-2):309-320.
[47]Chen Jian,Alalfi M H,Dean T R,et al. Detecting Android malware using clone detection[J]. Journal of Computer Science and Technology,2015,30(5):942-956.
[48]王志强,张玉清,刘奇旭,等.一种Android恶意行为检测算法[J].西安电子科技大学学报,2015,42(3):8-14.(Wang Zhiqiang,Zhang Yuqing,Liu Qixu,et al. Algorithm to detect Android malicious behaviors[J]. Journal of Xidian University,2015,42(3):8-14.)
[49]Zhang Luoshi,Yan Niu,Xiao Wu,et al. A3:automatic analysis of Android malware[C]//Proc of the 1st International Workshop on Cloud Computing&Information Security. Paris:Atlantis Press,2013:89-93.
[50]Baeza-Yates R A,Ribeiro-Neto B. Modern information retrieval[M].[S. l.]:Addison Wesley,2011:26-28.
[51]Shabtai A,Fledel Y,Elovici Y. Automated static code analysis for classifying Android applications using machine learning[C]//Proc of International Conference on Computational Intelligence and Security.Washington DC:IEEE Press,2011:329-333.
[52]程运安,汪奕祥.基于多特征的Android恶意软件检测方法[J].计算机工程与应用,2017,53(8):95-101.(Chen Yun’an,Wang Yixiang. An Android malware detection method based on Naive Bayes algorithm with multiple characters[J]. Computer Engineering and Applications,2017,53(8):95-101.)
[53]Burguera I,Zurutuza U,Nadjm-Tehrani S. Crowdroid:behaviorbased malware detection system for Android[C]//Proc of ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. New York:ACM Press,2011:15-26.
[54]Zhao Min,Ge Fangbin,Zhang Tao,et al. AntiMalDroid:an efficient SVM-based malware detection framework for Android[C]//Proc of International Conference on Information Computing and Applications.Berlin:Springer,2011:158-166.
[55]Yan L K,Yin Heng. DroidScope:seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis[C]//Proc of the 21st USENIX Conference on Security. Berkeley,CA:USENIX Association,2013:29.
[56]Su X,Chuah M,Tan G. Smartphone dual defense protection framework:detecting malicious applications in Android m Arkets[C]//Proc of the 8th International Conference on Mobile Ad hoc and Sensor Networks. Washington DC:IEEE Computer Society,2012:153-160.
[57]Khune R S,Thangakumar J. A cloud-based intrusion detection system for Android smartphones[C]//Proc of International Conference on Radar,Communication and Computing. Washington DC:IEEE Press,2013:180-184.
[58]蔡志标,彭新光.基于系统调用的Android恶意软件检测[J].计算机工程与设计,2013 34(11):3757-3761.(Cai Zhibiao,Peng Xinguang. Detection of Android malware based on system calls[J].Computer Engineering and Design,2013,34(11):3757-3761.)
[59] Dini G,Martinelli F,Saracino A,et al. MADAM:a multi-level anomaly detector for Android malware[C]//Proc of International Conference on Mathematical Methods,Models and Architectures for Computer Network Security. Berlin:Springer,2012:240-253.
[60]Amos B,Turner H,White J. Applying machine learning classifiers to dynamic Android malware detection at scale[C]//Proc of the 9th International Wireless Communications and Mobile Computing Conference. Piscataway,NJ:IEEE Press,2013:1666-1671.
[61]Ham H S,Choi M J. Analysis of Android malware detection performance using machine learning classifiers[C]//Proc of International Conference on ICT Convergence. Piscataway,NJ:IEEE Press,2013:490-495.
[62]Hoffmann J,Neumann S,Holz T. Mobile malware detection based on energy fingerprints:a dead end?[C]//Proc of International Workshop on Recent Advances in Intrusion Detection. Berlin:Springer,2013:348-368.
[63]Machiry A,Tahiliani R,Naik M. Dynodroid:an input generation system for Android apps[C]//Proc of Joint Meeting on Foundations of Software Engineering. New York:ACM Press,2013:224-234.
[64] Blasing T,Batyuk L,Schmidt A D,et al. An Android application sandbox system for suspicious software detection[C]//Proc of International Conference on Malicious and Unwanted Software. Piscataway,NJ:IEEE Press,2010:55-62.
[65]潘夏福.基于KNN算法和K-means算法的Android恶意软件检测[J].电脑知识与技术,2016,12(14):216-218.(Pan Xiafu.Detection of Android malware based on KNN glgorithm and K-means algorithm[J]. Computer Knowledge and Technology,2016,12(14):216-218.)
[66]Spreitzenbarth M,Freiling F,Echtler F,et al. Mobile-sandbox:having a deeper look into Android applications[C]//Proc of ACM Symposium on Applied Computing. New York:ACM Press,2013:1808-1815.
[67]Eder T,Rodler M,Vymazal D,et al. ANANAS:a framework for analyzing Android applications[C]//Proc of International Conference on Availability, Reliability and Security. Washington DC:IEEE Computer Society,2013:711-719.
[68]Jensen R,Shen Qiang. Computational intelligence and feature selection:rough and fuzzy approaches[M]. Hoboken:Wiley-IEEE Press,2008:438.
[69]Shabtai A,Elovici Y. Applying behavioral detection on Androidbased devices[C]//Proc of International Conference on Mobile Wireless Middleware,Operating Systems,and Applications. Berlin:Springer,2010:235-249.
[70]Shabtai A,Tenenboim-Chekina L,Mimran D,et al. Mobile malware detection through analysis of deviations in application network behavior[J]. Computers&Security,2014,43(6):1-18.
[71]王聪,张仁斌,李钢.基于关联特征的贝叶斯Android恶意程序检测技术[J].计算机应用与软件,2017,34(1):286-292.(Wang Cong,Zhang Renbin,Li Gang. Bayesian Android malware detection technology based on the features of association[J]. Computer Applications and Software,2017,34(1):286-292.)
[72]张思琪.基于改进贝叶斯分类的Android恶意软件检测[J].无线电通信技术,2014,40(6):73-76.(Zhang Siqi. Android malware detection technology based on improved Bayesian classification[J]. Radio Communications Technology,2014,40(6):73-76.)
[73]张锐,杨吉云.基于权限相关性的Android恶意软件检测[J].计算机应用,2014,34(5):1322-1325.(Zhang Rui,Yang Jiyun.Android malware detection based on permission correlation[J]. Journal of Computer Applications,2014,34(5):1322-1325.)
[74]卢文清,何加铭,曾兴斌,等.基于混合特征的Android恶意软件静态检测[J].无线电通信技术,2014,40(6):64-68.(Lu Wenqing,He Jiaming,Zeng Xingbin,et al. Android malware static detection based on hybrid features[J]. Radio Communications Technology,2014,40(6):64-68.)