| 一种基于Native层的Android恶意代码检测机制 |
| |
| 引用本文: | 孙炳林,庄毅.一种基于Native层的Android恶意代码检测机制[J].计算机与现代化,2019,0(5):1. |
| |
| 作者姓名: | 孙炳林 庄毅 |
| |
| 作者单位: | 南京航空航天大学计算机科学与技术学院,江苏 南京,211106;南京航空航天大学计算机科学与技术学院,江苏 南京,211106 |
| |
| 基金项目: | 国家自然科学基金面上项目(61572253); 航空科学基金资助项目(2016ZC52030) |
| |
| 摘 要: | Android现有的恶意代码检测机制主要是针对bytecode层代码,这意味着嵌入Native层的恶意代码不能被检测,最新研究表明86%的热门Android应用都包含Native层代码。为了解决该问题,本文提出一种基于Native层的Android恶意代码检测机制,将smali代码和so文件转换为汇编代码,生成控制流图并对其进行优化,通过子图同构方法与恶意软件库进行对比,计算相似度值,并且与给定阈值进行比较,以此来判断待测软件是否包含恶意代码。实验结果表明,跟其他方法相比,该方法可以检测出Native层恶意代码而且具有较高的正确率和检测率。
|
| 关 键 词: | 安卓 恶意代码检测 控制流图 子图同构 |
| 收稿时间: | 2019-05-14 |
An Android Malicious Code Detection Mechanism Based on Native Layer |
| |
| SUN Bing-lin,ZHUANG Yi.An Android Malicious Code Detection Mechanism Based on Native Layer[J].Computer and Modernization,2019,0(5):1. |
| |
| Authors: | SUN Bing-lin ZHUANG Yi |
| |
| Abstract: | Android’s existing malicious code detection mechanism is mainly for the bytecode layer codes. This means that malicious code embedded in Native layer can’t be detected. The latest research shows that 86% of popular Android APPs contain Native layer code. In order to solve this problem, this paper proposes an Android malicious code detection mechanism based on Native layer, which converts smali code and so file into assembly code, generates control flow graph then optimizes it. Through comparing with malware library by subgraph isomorphism method, the similarity values are calculated and compared with the given thresholds to determine whether the software under test contains malicious code. The experimental results show that compared with the others the method can detect malicious code of Native layer and has higher accuracy and detection rate. |
| |
| Keywords: | Android malware detection control flow graph subgraph isomorphism |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机与现代化》浏览原始摘要信息 |
|
点击此处可从《计算机与现代化》下载全文 |
