摘要
文章针对恶意程序检测中难以检测未知恶意程序等问题,提出了一种提取恶意程序语义特征的方法。该方法使用N-gram算法对提取的Android应用程序的权限和API特征建立语义特征序列,并对特征序列进行筛选处理,获得了更具代表性的行为特征序列。首先,为了增加特征的有效性,经验丰富的恶意程序分析专家为每个Android SDK中的API函数添加相应的权重,并使用出现频次和权重值重新计算N-gram序列中每个元素的特征值,从而构建了改进的N-gram序列模型。然后,使用多种机器学习算法进行分类检测,验证其有效性。实验结果表明,提取的特征及改进的N-gram算法可以有效检测Android平台上的恶意程序。
It is difficult to detect malware detection o f unknown m alicious programs, A im ing atsolving this problem , this paper proposes an approach for extracting the dynamic features o f m aliciouscode sem antics. This m ethod extracts the perm issions and API features o f Android application to setup the semantic feature sequence with the A^-gram algorithm. W ith screening o f the feature sequence,the behavior sequence becom es m ore representative. First, in order to increase the effectiveness o fthe characteristics, analysis o f experienced m alware experts for each Android API function in SD Kto add the corresponding w eights, and the use o f frequency and the w eight value o f each elem ent o fthe N-gram sequence characteristics o f re-calculated values in order to build a A^-gram series m odelim proved. Then, using a variety o f m achine learning algorithms for classification and detection, verifyits effectiveness. The experim ental results show that the im proved N-gram algorithm and features inthis paper can effectively detect m alicious programs under Android platform.
出处
《信息网络安全》
2016年第8期74-80,共7页
Netinfo Security
基金
国家自然科学基金[61402125]