摘要
Android恶意软件的爆炸式增长给用户带来了严重的危害,而现有的应对方法普遍侧重于提升检测的正确率,较少考虑误报和漏检这两类误判情况。针对上述问题,提出一种基于信息量差加权集成的Android恶意软件检测方法。提取样本中权限和Intent这两类静态特征构造多组特征集;基于Stacking分层策略,将正负样本分类正确事件和分类错误事件的信息量差作为贡献度量,根据度量值指导基学习器加权集成,以获得最佳分类效果。实验结果表明,在由Drebin和Contagio构成的恶意样本集中,该方法的检测正确率在0.951~0.985之间,误报率和漏检率低至0.008和0.004,对比其他检测方法具有明显的优势。
The explosive growth of Android malware has hurt users seriously,and the existing coping methods emphasizes improving the accuracy while pays little attention to false positives and false negatives.Focusing on the problem,we propose a weighted ensemble method based on information difference for Android malware detection—WEID.WEID extracted the static features of permissions and intents from samples to construct five feature sets.Based on Stacking stratification strategy,WEID took the information difference of positive and negative sample correct and incorrect classification as the contribution metric of base-learners,and guided the weighted ensemble of the above learners according to the metric to obtain the optimal classification.Experimental results show that the detection accuracy of the proposed method in the malicious sample set consisting of Drebin and Contagio is capable of 0.951~0.985 with low false positive rate and false negative rate as low as 0.008 and 0.004,which is better than other detection methods.
作者
张高峰
鲍旭丹
刘敬
夏雪晗
郑利平
Zhang Gaofeng;Bao Xudan;Liu Jing;Xia Xuehan;Zheng Liping(School of Software,Hefei University of Technology,Hefei 230601,Anhui,China;School of Computer and Information,Hefei University of Technology,Hefei 230601,Anhui,China;Anhui Province Key Laboratory of Industrial Safety and Emergency Technology,Hefei University of Technology,Hefei 230601,Anhui,China)
出处
《计算机应用与软件》
北大核心
2022年第9期332-338,共7页
Computer Applications and Software
基金
国家自然科学基金项目(61972128)
国家自然科学基金青年基金项目(61702155)
安徽省自然科学基金面上项目(1808085MF176)
中央高校基本科研业务费专项资金项目(PA2019GDPK0071)。
