排序方式: 共有310条查询结果,搜索用时 15 毫秒
61.
Mobile malware is rapidly increasing and its detection has become a critical issue. In this study, we summarize the common characteristics of this mali-cious software on Android platform. We design a de-tection engine consisting of six parts: decompile, grammar parsing, control flow and data flow analysis, safety analysis, and comprehensive evaluation. In the comprehensive evaluation, we obtain a weight vector of 29 evaluation indexes using the analytic hierarchy process. During this process, the detection engine ex-ports a list of suspicious API. On the basis of this list, the evaluation part of the engine performs a compre-hensive evaluation of the hazard assessment of soft-ware sample. Finally, hazard classification is given for the software. The false positive rate of our approach for detecting malware samples is 4. 7% and normal samples is 7.6% . The experimental results show that the accuracy rate of our approach is almost similar to the method based on virus signatures. Compared with the method based on virus signatures, our approach performs well in detecting unknown malware. This approach is promising for the application of malware detection. 相似文献
62.
63.
64.
计算机反病毒厂商每天接收成千上万的病毒样本,如何快速有效地将这些海量样本家族化是一个亟待解决的问题。提出了一种可伸缩性的聚类方法,面对输入海量的病毒样本向量化特征集,使用局部敏感哈希索引技术进行初次快速聚类,使用扩展K均值算法进行二次细致聚类。实验表明该聚类方法在有限牺牲准确度的情况下,大为提高了病毒聚类的时间效率。 相似文献
65.
近年来,Android组件的安全性是研究热点,但作为Android四大组件之一的广播接收器,则鲜见有关其安全性的研究成果。在研究Android广播机制的基础上,对其安全结构与特点进行了深入分析。基于Android广播机制的安全挑战,针对性地给出相应的安全对策。最后,总结并展望今后的研究方向。 相似文献
66.
针对当前Android平台资源受限及恶意软件检测能力不足这一问题,以现有Android安装方式、触发方式和恶意负载方面的行为特征为识别基础,构建了基于ROM定制的Android软件行为动态监控框架,采用信息增益、卡方检验和Fisher Score的特征选择方法,评估了支持向量机(SVM)、决策树、k-邻近(KNN)和朴素贝叶斯(NB)分类器四类算法在Android恶意软件分类检测方面的有效性。通过对20916个恶意样本及17086个正常样本的行为日志的整体分类效果进行评估,结果显示,SVM算法在恶意软件判定上准确率可以达到93%以上,误报率低于2%,整体效果最优。可应用于在线云端分析环境和检测平台,满足海量样本处理需求。 相似文献
67.
针对手机恶意软件检测问题,提出一种手机恶意软件检测的分布式模型(MPMD-DIM),使手机端和分布式检测服务器以及分布式检测服务器之间协同工作,实现快速准确地检测手机恶意软件。模型利用改进的反向选择算法和动态克隆选择算法优化恶意软件检测过程,及时做出免疫响应;通过分布式检测服务器之间的疫苗提取和接种,产生二次免疫应答,加速检测过程。实验表明,该模型可以提高对已知手机恶意软件的检测率,改善对未知和变化的手机恶意软件的检测准确率,实现手机对恶意软件的群体协防。 相似文献
68.
一种蓝牙环境下恶意程序的传播模型 总被引:1,自引:0,他引:1
在分析蓝牙恶意程序传播过程的基础上,将蓝牙协议的作用及设备移动方式抽象为若干个统计学参数,通过理论推导建立了一种蓝牙恶意程序传播动力学的分析模型.该模型表明,认证机制等安全措施的引入可大大降低蓝牙恶意程序的传播过程,这对设计安全的蓝牙协议及设备具有积极的意义.仿真结果表明,该模型能够很好地描述蓝牙环境下恶意程序的传播特性. 相似文献
69.
70.
This study was conducted to enable prompt classification of malware, which
was becoming increasingly sophisticated. To do this, we analyzed the important features
of malware and the relative importance of selected features according to a learning model
to assess how those important features were identified. Initially, the analysis features
were extracted using Cuckoo Sandbox, an open-source malware analysis tool, then the
features were divided into five categories using the extracted information. The 804
extracted features were reduced by 70% after selecting only the most suitable ones for
malware classification using a learning model-based feature selection method called the
recursive feature elimination. Next, these important features were analyzed. The level of
contribution from each one was assessed by the Random Forest classifier method. The
results showed that System call features were mostly allocated. At the end, it was
possible to accurately identify the malware type using only 36 to 76 features for each of
the four types of malware with the most analysis samples available. These were the
Trojan, Adware, Downloader, and Backdoor malware. 相似文献