摘要
Android恶意应用的迅速增长引发了极大的安全隐患,很多行为特征容易受到代码混淆技术的影响,导致恶意行为无法被有效检测.提出了一种基于随机森林的Android恶意应用检测模型.模型选用危险权限、敏感API调用、Service、Activity、Intent、短信发送频率等特征,其中危险权限和Service等Android组件在代码混淆过程中不受影响,采用随机森林、决策树、SVM和卷积神经网络等机器学习方法,利用10折交叉验证的方法训练.通过实验证明,对于未混淆的数据集,该方法能达到分类准确率95.77%的效果;对于混淆之后的数据集可达到分类准确率91.01%的效果.
The rapid growth of Android malware has caused significant security risks.Many behavioral characteristics are easily affected by code obfuscation techniques,resulting in malicious behaviors that cannot be effectively detected.This paper proposes an Android malware detection model based on Random Forest.The model uses dangerous permissions,sensitive API calls,Service,Activity,Intent,and SMS sending frequency as features,among which dangerous permissions and Android components such as service are not affected during the code obfuscation process.Machine learning methods such as Random Forest,Decision Tree,SVM,and 1-NN are used.The model is trained by the ten-fold cross-validation method.Experiments have shown that this method can achieve a classification accuracy of 95.77%for the normal data sets;for the obfuscated data sets,it can achieve a classification accuracy of 91.01%.
作者
王柯林
杨珂
赵瑞哲
辛丽玲
汪秋云
Wang Kelin;Yang Ke;Zhao Ruizhe;Xin Liling;Wang Qiuyun(University of Chinese Academy of Sciences,Beijing 101400;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;State Grid Electronic Commerce Co.,Ltd.(State Grid Xiong’an Financial Technology Group Co.,Ltd.),Beijing 100053;Blockchain Technology Laboratory of State Grid Corporation of China,Beijing 100053)
出处
《信息安全研究》
2021年第2期126-135,共10页
Journal of Information Security Research
基金
国家电网科技项目(SGTYHT/19-JS-217)。