| 一种基于混合特征的移动终端恶意软件检测方法 |
| |
| 作者姓名: | 姚烨 钱亮 朱怡安 张黎翔 贾耀 杜家伟 牛军涛 |
| |
| 作者单位: | 西北工业大学 计算机学院 西安 中国 710064 |
| |
| 基金项目: | 国家重点研发计划项目(No.2020YFB1712201);国家工业互联网创新发展工程项目(No.TC190A3X8-16-1,No.TC200H038);陕西省重点研发(重点产业链)项目(No.2019ZDLGY12-07);太仓市大院大所创新项目(No.TC2019DYDS06);东莞市科技装备动员项目(No.KZ2018-14)以及陕西省重点研发计划项目(No.2021ZDLGY05-05)等资助。 |
| |
| 摘 要: | 随着移动终端恶意软件的种类和数量不断增大,本文针对Android系统恶意软件单特征检测不全面、误报率高等技术问题,提出一种基于动静混合特征的移动终端恶意软件检测方法,以提高检测的覆盖率、准确率和效率.该方法首先采用基于改进的CHI方法和凝聚层次聚类算法优化的K-Means方法构建高危权限和敏感API库,然后分别从静态分...
|
| 关 键 词: | 移动终端 恶意软件检测 混合特征检测 机器学习 Android系统 |
| 收稿时间: | 2021/1/25 0:00:00 |
| 修稿时间: | 2021/7/6 0:00:00 |
A Malware Detection Method Based on Hybrid Feature for Mobile Terminals |
| |
| Authors: | Yao Ye Qian Liang Zhu Yian Zhang Lixiang Jia Yao Du Jiawei Niu Juntao |
| |
| Affiliation: | (School of computer science,Northwestern polytechnical University,Xi’an 710064,China) |
| |
| Abstract: | At present, with the large-scale use of the Android system, the types of malware based on the Android system are emerging in endlessly, and the types of viruses are increasing. Aiming at the problems of incomplete detection of single feature of the Android system malware, low accuracy rate, and high false alarm rate, this article proposed a mobile terminal malware detection analysis method based on mixed dynamic and static features to improve the coverage, accuracy and efficiency of malware detection for Android systems. By combining the feature values extracted by the two detection methods, such as the static analysis and dynamic analysis method, the efficiency and accuracy of malware detection are further improved. First, the paper built high-risk permissions and sensitive API libraries based on the improved CHI method and the K-Means method optimized by the agglomerated hierarchical clustering method, and then extracted the mixed characteristics of the mobile terminal system from static analysis and dynamic analysis. In the static analysis, the APK file was decompiled firstly, and the permission application characteristics and sensitive API call characteristics were analyzed. In the dynamic analysis, the dynamic behavior characteristics during the running of the APP were monitored in real time, and the frequency of sensitive API calls during the running process was extracted. Characteristics and system status characteristics. Then the paper used dispersion standardization, TF-IDF weight analysis method and optimal sequence graph method to normalize the mixed features and assign feature weights. Finally, the data sets downloaded from VirusShare and Drebin was de-duplicated and other related processing will be carried out. Then, the malware detection methods based on the mixed features proposed in this article was compared and evaluated, Experiments results showed that this method in this paper had good accuracy and efficiency for the detection of Android system malware, and effectively improves the detection accuracy of malware. |
| |
| Keywords: | mobile terminal malware detection hybrid feature detection machine learning Android system |
| 本文献已被 维普 等数据库收录! |
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
|
