基于混合特征的Android恶意软件静态检测

当前智能手机市场中,Android占有很大的市场份额,又因其他的开源,基于Android系统的智能手机很容易成为攻击者的首选目标。随着对Android恶意软件的快速增长,Android手机用户迫切需要保护自己手机安全的解决方案。为此,对多款Android恶意软件进行静态分析,得出Android恶意软件中存在危险API列表、危险系统调用列表和权限列表,并将这些列表合并,组成Android应用的混合特征集。应用混合特征集,结合主成分分析(PCA)和支持向量机(SVM),建立Android恶意软件的静态检测模型。利用此模型实现仿真实验,实验结果表明,该方法能够快速检测Android应用中恶意软件,且不用运行软件,检测准确率较高。

Android Malware Static Detection Based on Hybrid Features

Android occupies a large share in the current smart phone market,and due to its open source, smart phones based on Android are very easy to become the first targets of attacks.With the rapid growth of Android mobile malware,Android owners urgently need security solutions to protect their mobile phones.In this paper,static analysis is performed on many types of Android malware, and a conclusion is got that there are dangerous API list,dangerous system call list and permission list in Android malware.These lists are combined into a hybrid feature set which is then used in combination with principal component analysis （PCA） and support vector machine （SVM） to establish an Android malware static testing model.The simulation experiments realized through this model show that the method can rapidly detect malicious software and it＇ s not necessary to run software,the detection accuracy is also higher.