《计算机应用研究》|Application Research of Computers

基于软件基因的Android恶意软件检测与分类

Detection and classification of Android malware based on software gene

免费全文下载 (已被下载 次)  
获取PDF全文
作者 韩金,单征,赵炳麟,孙文杰
机构 数学工程与先进计算国家重点实验室,郑州 450001
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2019)06-044-1813-06
DOI 10.19734/j.issn.1001-3695.2018.01.0007
摘要 随着移动互联网的发展,针对Android平台的恶意代码呈现急剧增长。而现有的Android恶意代码分析方法多聚焦于基于特征对恶意代码的检测,缺少统一的系统化分析方法,且少有对恶意代码进行分类的研究。基于这种现状,提出了恶意软件基因的概念,以包含功能信息的片段对恶意代码进行分析;根据Android平台软件的特点,通过代码段和资源段分别提取了软件基因,其中代码段基因基于use-def链(使用—定义链)进行形式化。此外,分别提出了基于恶意软件基因的检测框架和分类框架,通过机器学习中的支持向量机对恶意软件基因进行学习,具有较高的检测率和分类正确率,其中检测召回率达到了98.37%,验证了恶意软件基因在分析同源性中的作用。
关键词 Android安全; 恶意软件基因; use-def链; 检测; 分类
基金项目
本文URL http://www.arocmag.com/article/01-2019-06-044.html
英文标题 Detection and classification of Android malware based on software gene
作者英文名 Han Jin, Shan Zheng, Zhao Binglin, Sun Wenjie
机构英文名 State Key Laboratory of Mathematical Engineering & Advanced Computing,Zhengzhou 450001,China
英文摘要 With the development of mobile Internet, malicious code for Android platform has increased dramatically. And face up to the mount of Android malware, the current analyzing methods are focusing on the characteristic-based detecting, which is lack of a uniform systematic analyzing and classifying method. To resolve this status, this paper proposed the definition of Android malware gene to analyze malware via binary sequence including function and information. And based on the characteristics of Android applications, this paper extracted software gene from code fragment and resource fragment. Therein, the code fragment gene was a kind of formalization of use-def chains. Moreover, this paper proposed a detecting framework and a classifying framework based on malware gene. And it utilized support vector machine(SVM) to learn a machine learning method in the frameworks. In evaluation, the detecting rate and classification correct rate are both high in those frameworks, with a recall rate of 98.37%. It proves the effect of malware gene in analyzing the homology of Android malicious code.
英文关键词 Android security; malware gene; use-def chains; detection; classification
参考文献 查看稿件参考文献
 
收稿日期 2018/1/9
修回日期 2018/2/26
页码 1813-1818
中图分类号 TP309.5
文献标志码 A