基于静态行为特征的细粒度Android恶意软件分类

由于Android系统的开放性，恶意软件通过实施各种恶意行为对Android设备用户构成威胁。针对目前大部分现有工作只研究粗粒度的恶意应用检测，却没有对恶意应用的具体行为类别进行划分的问题，提出了一种基于静态行为特征的细粒度恶意行为分类方法。该方法提取多维度的行为特征，包括API调用、权限、意图和包间依赖关系，并进行了特征优化，而后采用随机森林的方法实现恶意行为分类。在来自于多个应用市场的隶属于73个恶意软件家族的24 553个恶意Android应用程序样本上进行了实验，实验结果表明细粒度恶意应用分类的准确率达95.88%，综合性能优于其它对比方法。

Fine-grained Android malware classification with behavior features

Due to the openness of Android system, malware poses a threat to users of Android devices by implementing various malicious behaviors. At present, most of the existing researches focus on coarse-grained malicious detection, that is, whether an Android application is malicious or not. Aiming at this problem, this paper proposed a fine-grained malicious behavior classification method based on static behavior features. This method extracted and optimized multi-dimensional behavior characteri-stics, including API calls, permissions, intents and package dependencies. And then used random forest to classify malicious behaviors. It conducted the experiments on 24 553 malicious Android application samples in 73 malware families from multiple application markets. The experimental results show that the accuracy of fine-grained malware classification reached to 95.88%, which is better than other comparison methods.