期刊文献+

基于随机森林的抗混淆Android恶意应用检测 被引量:2

Anti-Obfuscated Android Malware Detection Based on Random Forest
下载PDF
导出
摘要 Android恶意应用的迅速增长引发了极大的安全隐患,很多行为特征容易受到代码混淆技术的影响,导致恶意行为无法被有效检测.提出了一种基于随机森林的Android恶意应用检测模型.模型选用危险权限、敏感API调用、Service、Activity、Intent、短信发送频率等特征,其中危险权限和Service等Android组件在代码混淆过程中不受影响,采用随机森林、决策树、SVM和卷积神经网络等机器学习方法,利用10折交叉验证的方法训练.通过实验证明,对于未混淆的数据集,该方法能达到分类准确率95.77%的效果;对于混淆之后的数据集可达到分类准确率91.01%的效果. The rapid growth of Android malware has caused significant security risks.Many behavioral characteristics are easily affected by code obfuscation techniques,resulting in malicious behaviors that cannot be effectively detected.This paper proposes an Android malware detection model based on Random Forest.The model uses dangerous permissions,sensitive API calls,Service,Activity,Intent,and SMS sending frequency as features,among which dangerous permissions and Android components such as service are not affected during the code obfuscation process.Machine learning methods such as Random Forest,Decision Tree,SVM,and 1-NN are used.The model is trained by the ten-fold cross-validation method.Experiments have shown that this method can achieve a classification accuracy of 95.77%for the normal data sets;for the obfuscated data sets,it can achieve a classification accuracy of 91.01%.
作者 王柯林 杨珂 赵瑞哲 辛丽玲 汪秋云 Wang Kelin;Yang Ke;Zhao Ruizhe;Xin Liling;Wang Qiuyun(University of Chinese Academy of Sciences,Beijing 101400;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;State Grid Electronic Commerce Co.,Ltd.(State Grid Xiong’an Financial Technology Group Co.,Ltd.),Beijing 100053;Blockchain Technology Laboratory of State Grid Corporation of China,Beijing 100053)
出处 《信息安全研究》 2021年第2期126-135,共10页 Journal of Information Security Research
基金 国家电网科技项目(SGTYHT/19-JS-217)。
关键词 ANDROID应用 动静态分析 特征选择 随机森林 敏感API调用 Android application dynamic and static analysis feature selection random forest sensitive API calls
  • 相关文献

参考文献6

二级参考文献51

  • 1IDC. Worldwide quarterly mobile phone tracker [EB/OL]. [2013-01-20]. http://www, idc. com/getdoe, jsp?containerld = prUS24108913.
  • 2Engadget. Google play hits 25 billion app downloads[EB/ OL]. (2012-09- 16) [2013-01-20]. http://www, engadget. com[2012[O9]26]google-play-hits-25 billion app-downloads/.
  • 3网秦.2012上半年全球手机安全报告[EB/OL].[2013-01-20].http://on.nq.com/neirong/2012shang.pdf.
  • 4Wisniewski R. Brut. alll @ gmail, com. android apktool [CP/OL]. [ 2013-01-20 ]. https://code, google, corn/p/ android-apktool/.
  • 5Gruver B. jesusfreke @ jesusfreke, corn, small [CP/OL]. [2013- 01- 20]. http://code, google, corn/p/small/.
  • 6Google. DDMS [CP/OL]. ]2013-01 -20]. http://developer. android, com]guide/developing/debugging/ddms, htrnl.
  • 7Dupuy E. JD-GUI [CP/OL]. [2013-01-20]. http://java. decompiler, free. fr/.
  • 8Panxiaobo. pxb1988 @ gmail, corn, yyjdelete @ gmail, com. dex2jar [CP/OL]. [2013-01-20]. http://code, google, corn/p/ dex2jar/.
  • 9Shabtai A, Kanonov U, Elovici Y, et al. "Andromaly": A behavioral malware detection framework for android devices [J]. Journal of Intelligent Information System, 2012, 38 (1): 161-190.
  • 10Xie L, Zhang X, Seifert J P, et al. pBMDS= A behavior based malware detection system for cellphone devices [C] // Proc of the 3rd ACM Conf on Wireless Network Security. New York: ACM, 2010: 37-48.

共引文献21

同被引文献6

引证文献2

二级引证文献3

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部