基于软件基因的Android恶意软件检测与分类

随着移动互联网的发展，针对Android平台的恶意代码呈现急剧增长。而现有的Android恶意代码分析方法多聚焦于基于特征对恶意代码的检测，缺少统一的系统化的分析方法，且少有对恶意代码分类的研究。基于这种现状，提出了恶意软件基因的概念，以包含功能信息的片段对恶意代码进行分析；基于Android平台软件的特点，通过代码段和资源段分别提取了软件基因，其中代码段基因基于use-def链（使用-定义链）进行形式化。此外，分别提出了基于恶意软件基因的检测框架和分类框架，通过机器学习中的支持向量机对恶意软件基因进行学习，有较高的检测率和分类正确率，其中检测召回率达到了98.37%，验证了恶意软件基因在分析同源性中的作用。

Detection and classification of Android malware based on malware gene

With the development of mobile internet, malicious code for Android platform has increased dramatically. And face up to the mount of Android malware, the current analyzing methods are focusing on the characteristic-based detecting, which is lack of a uniform systematic analyzing and classifying method. To resolve this status, this paper proposed the definition of Android malware gene to analyzing malware via binary sequence including function and information. And based on the characteristics of Android applications, this paper extract software gene from code fragment and resource fragment. Therein, the code fragment gene is a kind of formalization of use-def chains. Moreover, this paper proposed a detecting framework and a classifying framework based on malware gene. And this paper utilized a machine learning method, support vector machine(SVM) , in the frameworks. In evaluation, the detecting rate and classification correct rate are both high in those frameworks, with a recall rate of 98.37%. It proves the effect of malware gene in analyzing the homology of Android malicious code.