[1]郑尧,王轶骏,薛质. 通过AndroidManifest和API调用追踪的恶意检测[J].计算机技术与发展,2017,27(03):126-130.
 ZHENG Yao,WANG Yi-jun,XUE Zhi. Android Malware Detection of Calls Tracing with AndroidManifest and API[J].,2017,27(03):126-130.
点击复制

 通过AndroidManifest和API调用追踪的恶意检测()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
27
期数:
2017年03期
页码:
126-130
栏目:
安全与防范
出版日期:
2017-03-10

文章信息/Info

Title:
 Android Malware Detection of Calls Tracing with AndroidManifest and API
文章编号:
1673-629X(2017)03-0126-05
作者:
 郑尧王轶骏薛质
 上海交通大学 电子信息与电气工程学院
Author(s):
 ZHENG YaoWANG Yi-junXUE Zhi
关键词:
 Android恶意应用静态分析基于特征组件间通信
Keywords:
 Android malwarestatic analysisfeature-basedICC
分类号:
TP393
文献标志码:
A
摘要:
 研究了一种静态基于特征向量的机制,提供了一种静态分析的方法,用来检测Android恶意应用.为了识别不同Android恶意软件的意图,各种聚类算法被应用在此机制中,用来增强对Android任意应用程序的行为建模能力.同时研发了一套系统—XDroidMat.XDroidMat从每个Android应用程序的AndroidManifest.xml中抽取出静态信息,把组件作为切入点,往后追踪组件间通信及其API的调用.然后使用"k-means"算法加强建立恶意程序模型的能力.聚类的个数是通过奇异值分解算法决定的.最后采用"kNN"算法判别应用程序是恶意应用还是正常合法的应用.实验结果表明,XDroid-Mat的准确率达到了98.12%,在检测Android恶意应用中性能优异.
Abstract:
 A static feature-based mechanism is studied to provide a static analysis method for detection of the Android malware. In order to identify the intention of different Android malware,all kinds of clustering algorithms are applied to enhance the malware modeling ca-pability to any Android procedure. Besides,a system,called XDroidMat,is developed. The XDroidMat extracts the information from each application’ s manifest file and regards components as entry points drilling down for tracing API Calls related to permissions. Then it uses k-means algorithm to strengthen the malware modeling capability. The number of clusters is decided by Singular Value Decomposition ( SVD) method on the low rank approximation. Finally,it uses kNN algorithm to classify the application as benign or malicious. The ex-perimental results show XDroidMat can get 98. 12% accuracy and do well in detecting the Android malware.

相似文献/References:

[1]张志宏,吴庆波,邵立松,等.基于飞腾平台TOE协议栈的设计与实现[J].计算机技术与发展,2014,24(07):1.
 ZHANG Zhi-hong,WU Qing-bo,SHAO Li-song,et al. Design and Implementation of TCP/IP Offload Engine Protocol Stack Based on FT Platform[J].,2014,24(03):1.
[2]梁文快,李毅. 改进的基因表达算法对航班优化排序问题研究[J].计算机技术与发展,2014,24(07):5.
 LIANG Wen-kuai,LI Yi. Research on Optimization of Flight Scheduling Problem Based on Improved Gene Expression Algorithm[J].,2014,24(03):5.
[3]黄静,王枫,谢志新,等. EAST文档管理系统的设计与实现[J].计算机技术与发展,2014,24(07):13.
 HUANG Jing,WANG Feng,XIE Zhi-xin,et al. Design and Implementation of EAST Document Management System[J].,2014,24(03):13.
[4]侯善江[],张代远[][][]. 基于样条权函数神经网络P2P流量识别方法[J].计算机技术与发展,2014,24(07):21.
 HOU Shan-jiang[],ZHANG Dai-yuan[][][]. P2P Traffic Identification Based on Spline Weight Function Neural Network[J].,2014,24(03):21.
[5]李璨,耿国华,李康,等. 一种基于三维模型的文物碎片线图生成方法[J].计算机技术与发展,2014,24(07):25.
 LI Can,GENG Guo-hua,LI Kang,et al. A Method of Obtaining Cultural Debris’ s Line Chart Based on Three-dimensional Model[J].,2014,24(03):25.
[6]翁鹤,皮德常. 混沌RBF神经网络异常检测算法[J].计算机技术与发展,2014,24(07):29.
 WENG He,PI De-chang. Chaotic RBF Neural Network Anomaly Detection Algorithm[J].,2014,24(03):29.
[7]刘茜[],荆晓远[],李文倩[],等. 基于流形学习的正交稀疏保留投影[J].计算机技术与发展,2014,24(07):34.
 LIU Qian[],JING Xiao-yuan[,LI Wen-qian[],et al. Orthogonal Sparsity Preserving Projections Based on Manifold Learning[J].,2014,24(03):34.
[8]尚福华,李想,巩淼. 基于模糊框架-产生式知识表示及推理研究[J].计算机技术与发展,2014,24(07):38.
 SHANG Fu-hua,LI Xiang,GONG Miao. Research on Knowledge Representation and Inference Based on Fuzzy Framework-production[J].,2014,24(03):38.
[9]叶偲,李良福,肖樟树. 一种去除运动目标重影的图像镶嵌方法研究[J].计算机技术与发展,2014,24(07):43.
 YE Si,LI Liang-fu,XIAO Zhang-shu. Research of an Image Mosaic Method for Removing Ghost of Moving Targets[J].,2014,24(03):43.
[10]余松平[][],蔡志平[],吴建进[],等. GSM-R信令监测选择录音系统设计与实现[J].计算机技术与发展,2014,24(07):47.
 YU Song-ping[][],CAI Zhi-ping[] WU Jian-jin[],GU Feng-zhi[]. Design and Implementation of an Optional Voice Recording System Based on GSM-R Signaling Monitoring[J].,2014,24(03):47.

更新日期/Last Update: 2017-05-18