摘要
庞大的用户群使得Android系统成为各种恶意攻击的主要目标之一,将数据挖掘方法应用于Android恶意软件检测正在成为防范恶意攻击的一种有效手段。针对现有研究在在检测精确度和召回率等方面存在的不足,提出一种基于Adaboost算法的Android恶意软件检测方法。该方法采用静态分析和动态调试相结合的手段提取软件的一组身份和行为特征,经规范化和降维处理后作为训练样本。选择SVM作为基分类器,利用训练样本集和Adaboost算法对基分类器进行迭代训练,依据组合优化理论最终得到一个强分类器,利用该分类器对待测软件进行检测,从而建立起一个恶意软件检测模型。利用Python语言实现基于上述模型的检测工具Ada Detect达到了对恶意软件的智能识别。实验结果表明,该方法在检测精确度和召回率等方面均达到了良好的检测性能。
Due to a large group of users,Android platform has become one of the main objectives of all kinds of malicious attacks,and the data mining method applied to the Android malware detection is becoming an effective means to prevent malicious attacks. In view of the existing research deficiencies in detection precision and recall rate,a kind of Android malware detection method based on Ada Boost algorithm is proposed. With this method,dynamic analysis and static debugging combined means are adopted to extract a group identities and features of software,which are taken as training samples after normalization and dimension reduction. With SVM being selected as base classifier,the training sample set and the Ada Boost algorithm are applied in the iterative training of base classifier to get a strong classifier based on the theory of combinatorial optimization. Then this classifier is used to test software,so as to establish a malware detection model. The use of Python language to realize the model checking tool Ada Detect is based on the achieved intelligent identification of malicious software. The experimental results show that the method achieves good detection performance in the detection accuracy and recall rate.
出处
《贵州师范学院学报》
2016年第3期23-27,共5页
Journal of Guizhou Education University
基金
安徽省高校质量工程项目"计算机网络技术教学团队"(2015jxtd074)
安徽省高校质量工程项目"物联网应用技术专业综合改革试点"(2015zy104)
