首页 | 本学科首页   官方微博 | 高级检索  
     

一种基于模糊哈希的Android变种恶意软件检测方法
引用本文:王文冲,凌 捷. 一种基于模糊哈希的Android变种恶意软件检测方法[J]. 计算机工程与应用, 2018, 54(18): 133-138. DOI: 10.3778/j.issn.1002-8331.1706-0064
作者姓名:王文冲  凌 捷
作者单位:广东工业大学 计算机学院,广州 510006
摘    要:Android移动平台中恶意软件变种数量与日俱增,为了能够高效快速地检测出变种样本,提出一种能够根据Apk中字符串以及函数长度分布特征,来生成模糊哈希值的方法,使得同类变种的恶意软件间的哈希值相似。在对变种恶意软件进行检测时,首先利用k-means方法对已知病毒库所产生的模糊哈希值进行聚类,从而简化病毒库。再利用哈密顿距离来计算其与病毒库中各模糊哈希间哈密顿距离。当距离小于阈值,则表示检测到变种。实验结果表明,提出的方法具有检测速度快,抗干扰能力强等特点。

关 键 词:Android变种  恶意软件检测  模糊哈希值  

Android malware detection approach based on fuzzy Hash
WANG Wenchong,LING Jie. Android malware detection approach based on fuzzy Hash[J]. Computer Engineering and Applications, 2018, 54(18): 133-138. DOI: 10.3778/j.issn.1002-8331.1706-0064
Authors:WANG Wenchong  LING Jie
Affiliation:School of Computer Science and Technology, Guangdong University of Technology, Guangzhou 510006, China
Abstract:Malware variants in the Android mobile platform are increasing rapidly. In order to detect the malware variants efficiently, this paper proposes a method to generate the fuzzy Hash number, which is based on the strings and function in the Apks. The malicious software in the same kind of variants has the similar Hash value. Through detecting malware variants, the k-means algorithm is used to simplify the size of malware database. And then the Hamilton distance is used to measure the distance between them. When the distance is less than a threshold, it means a malware variant has been detected. Experimental results demonstrat that the method has a high capability of speed and resistance.
Keywords:Android variant  malware detection  fuzzy Hash  
点击此处可从《计算机工程与应用》浏览原始摘要信息
点击此处可从《计算机工程与应用》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号