«上一篇/Previous Article|本期目录/Table of Contents|下一篇/Next Article»

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:

24

期数:

2014年02期

页码:

149-152

栏目:

安全与防范

出版日期:

2014-02-28

文章信息/Info

Title:

Research of Malware Detection Approach for Android

文章编号:

1673-629X（2014）02-0149-04

作者:

冯博; 戴航; 慕德俊

西北工业大学 自动化学院

Author(s):

FENG Bo; DAI Hang; MU De-jun

关键词:

Android安全; 恶意软件; 动态检测; 机器学习

Keywords:

Android security; malware; dynamic detection; machine learning

文献标志码:

A

摘要:

针对Android恶意软件泛滥的局面，提出了一种基于行为的恶意软件动态检测的方法。首先，综合收集软件运行时的动态信息，包括软件运行时系统的信息和软件的内核调用信息，并将内核调用序列截断成定长短序列的形式。其次，将各方面信息统一为属性、属性值的形式。以信息增益作为指标，选用C4.5算法筛选出信息增益高、作用不重叠的属性，并依据信息增益的大小为各属性正比分配权重因子。最后，用K最近邻算法完成机器学习，识别出与样本类似的恶意软件，并将未知类型的软件标记为疑似恶意。实验结果表明，该方法识别率高、误报率低。通过增大学习样本库，识别的效果可以进一步提高。

Abstract:

In view of the flood situation for Android malware,propose a method of behavior-based dynamic malware detection. First,get a comprehensive collection of software run-time information,including system information and kernel calls. The kernel call sequences are truncated to fixed length. Second,form all the information as property and values. Taking information gain as an indicator,select proper-ties that have high information gain and different impact by applying the C4. 5 algorithm,and proportionally assign weighting factor to properties based on the size of the information gain. Finally,apply K-Nearest Neighbor algorithm to complete the process of machine learning,making the system identify malicious software that similar to the sample,and regard unknown types of software as suspected malware. The result of experiment shows that the method has a high true positive rate and low false positive rate. Moreover,the result can be further improved with the increase of the learning sample library.

常用功能

更新日期/Last Update: 1900-01-01