基于改进随机森林算法的Android恶意软件检测

Android系统的开放性和第三方应用市场的多样性，使其在取得高市场占有率的同时也带来了巨大的风险，导致Android恶意应用层出不穷并广泛传播，严重威胁了用户的隐私和经济安全. 如何有效检测Android恶意应用受到了研究人员的广泛关注. 根据是否运行应用程序，将现有的恶意应用检测方法分为静态检测和动态检测. 其中，静态检测的效率和代码覆盖率均优于动态检测，Drebin等静态检测工具取得了广泛应用. 为此，系统调研了Android恶意应用静态检测领域的研究进展，并进行了分析和总结. 首先，介绍了Android应用静态特征；然后，根据静态特征的不同，分别对基于权限、应用程序编程接口（application programming interface，API）和操作码等不同静态特征的Android恶意应用检测方法进行了分析，并总结了常用的Android应用数据集和评价Android恶意应用检测性能的常用指标；最后，对Android恶意应用静态检测技术的发展进行了总结和展望，以期为该领域的研究人员提供参考.

MEGDroid: A model-driven event generation framework for dynamic Android malware analysis

Due to the openness of the Android system and the diversity of the third-party application markets, Android system has achieved a high market share while brought huge risks. As a result, Android malware emerge endlessly and spread widely, which seriously threaten users’ privacy and economic security. How to effectively detect Android malware has been widely concerned by researchers. According to whether the application is executed or not, the existing malware detection methods are divided into static detection and dynamic detection. Between the two, the static detection methods outperform the dynamic detection methods in terms of efficiency and code coverage, Drebin and other static detection tools have been widely used. We systematically review the research progress in the field of static Android malware detection. First, the static features of Android applications are introduced. Then, according to different static features used for detecting Android malware, the static Android malware detection methods are classified into three categories: permissions, application programming interface（API）, and opcode based approaches, and the Android application data sets and indicators commonly used to evaluate the detection performance of Android malware are summarized. Finally, potential research directions of static Android malware detection techniques in the future are discussed, which provides references for researchers in related directions.