期刊文献+

多上下文特征的Android恶意程序静态检测方法 被引量:7

Static detection approach for Android malware based on multi-context features
原文传递
导出
摘要 提出一种基于多上下文特征的Android恶意程序检测方法,将敏感权限、广义敏感应用程序接口(API)和敏感系统广播三类敏感资源作为原始特征,并与其发生的上下文相结合形成程序特征,区分应用程序的良性和恶意行为.构造了基于回调函数的过程间控制流图,并定义了一组过滤压缩规则.用该方法对4972个应用程序进行检测分析,结果表明:随机森林算法在本文的特征集上表现效果最佳,准确率为95.4%,召回率为96.5%,本文方法比其他方法的检测效果更优. The static approach to detecting Android malware was proposed based on multi-context features.Three raw features(the generalized sensitive application programming interfaces,permissions and system broadcasts)were combined with their contexts(callback methods,components and applications respectively)as program features to distinguish malware and benign applications.In order to extract the program features effectively,the inter-process control flow graphs of callbacks were constructed,and a set of filtering and compression rules was proposed.Our approach was evaluated on 4972 samples.The comparison experiment shows that the random forest algorithm has the best performance on the selected feature set,with an accuracy rate of 95.4%and a recall rate of 96.5%,which is better than most of current methods.
作者 刘晓建 雷倩 杜茜 刘柯宏 LIU Xiaojian;LEI Qian;DU Xi;LIU Kehong(School of Computer Science and Technology,Xi’an University of Science and Technology,Xi’an 710054,China)
出处 《华中科技大学学报(自然科学版)》 EI CAS CSCD 北大核心 2020年第2期85-90,共6页 Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金 国家自然科学基金资助项目(61702408) 陕西省科技计划资助项目(2017JM6105) 教育部协同育人资助项目(2010918001).
关键词 恶意程序检测 静态分析 机器学习 多上下文特征 广义敏感应用程序接口(API) malware detection static analysis machine learning multi-context features generalized sensitive application programming interface(API)
  • 相关文献

参考文献3

二级参考文献12

共引文献108

同被引文献47

引证文献7

二级引证文献24

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部