|
|||||
|
|
| Android运行时恶意行为检测模型研究 | |
| 引用本文: | 董航,李祺,董枫,彭勇,徐国爱.Android运行时恶意行为检测模型研究[J].北京邮电大学学报,2014,37(3):58. |
| 作者姓名: | 董航 李祺 董枫 彭勇 徐国爱 |
| 作者单位: | 1. 北京邮电大学 计算机学院信息安全中心, 北京 100876; 2. 中国信息安全测评中心, 北京 100085 |
| 基金项目: | 国家自然科学基金项目(61302087);国家科技支撑计划项目(2012BAH06B02);教育部博士点基金项目(20120005110017) |
| 摘 要: | 为实现Android应用程序恶意行为的有效分析,提出了基于HMMs-SVM的程序行为分类模型,将隐马尔可夫模型(HMM)和支持向量机(SVM)相结合,以动态行为序列作为关键特征,对移动应用软件运行中的网络收发、文件访问等行为建模. 该模型融合了HMM和SVM的优势,并克服了二者的不足,适合于在获取连续动态行为特征序列后进行行为分类. 实验结果表明,该方法分析召回率较高,可以有效对应用中的异常行为进行捕捉,并可以将其按类型分类. |
| 关 键 词: | 隐马尔可夫模型 支持向量机 恶意行为 智能终端 |
| 收稿时间: | 2013-06-21 |
A Detection Model of Malware Behaviors on Android |
|
| DONG Hang,LI Qi,DONG Feng,PENG Yong,XU Guo-ai.A Detection Model of Malware Behaviors on Android[J].Journal of Beijing University of Posts and Telecommunications,2014,37(3):58. | |
| Authors: | DONG Hang LI Qi DONG Feng PENG Yong XU Guo-ai |
| Affiliation: | 1. Beijing University of Posts and Telecommunications, Beijing 100876, China; 2. China Information Technology Security Evaluation Center, Beijing 100085, China |
| Abstract: | A detection method was proposed to analyze the malicious behavior on Android, that combines hidden-Markov model (HMM) with support vector machine (SVM) for modeling as well as construct model for behaviors like networking and data accessing. This model takes advantage of both HMM and SVM and overcomes the shortcomings inside, and it is suitable for classification using dynamic behavior sequences. Experiments show that this method can capture the abnormal behaviors with high accuracy rate and lower false positive rate. |
| Keywords: | hidden-Markov model support vector machine malware smartphone |
| 本文献已被 CNKI 等数据库收录! | |
| 点击此处可从《北京邮电大学学报》浏览原始摘要信息 | |
| 点击此处可从《北京邮电大学学报》下载全文 | |