基于权限相关性的Android恶意软件检测

doi:10.11772/j.issn.1001-9081.2014.05.1322

计算机应用 ›› 2014, Vol. 34 ›› Issue (5): 1322-1325.DOI: 10.11772/j.issn.1001-9081.2014.05.1322

基于权限相关性的Android恶意软件检测

张锐,杨吉云

重庆大学计算机学院，重庆 400044

收稿日期:2013-11-01 修回日期:2013-12-17 出版日期:2014-05-01 发布日期:2014-05-30
通讯作者: 张锐
作者简介:张锐(1987-)，男，重庆长寿人，硕士研究生，主要研究方向：Android安全；杨吉云(1975-)，男，重庆万州人，副教授，博士，主要研究方向：信息安全、计算机检测与控制。

Android malware detection based on permission correlation

ZHANG Rui,YANG Jiyun

Android malware detection based on permission correlation

Received:2013-11-01 Revised:2013-12-17 Online:2014-05-01 Published:2014-05-30
Contact: ZHANG Rui

摘要/Abstract

摘要：

针对Android平台恶意软件检测需求和Android权限特征冗余的问题，提出一套从权限相关性角度快速检测恶意软件的方案。采用卡方检验计算各权限属性对于分类结果的影响大小，去除冗余权限特征，再对权限属性聚类，提取代表性权限特征，进一步减少冗余。最后利用基于不同权限特征权重的改进朴素贝叶斯算法进行软件分类。在收集的2000个软件样本上进行了实验，恶意软件漏检率为10.33%，总体预测准确率达到88.98%。实验结果表明，该方案利用少量权限特征，能够初步检测Android应用软件是否有恶意倾向，为深入判断分析提供参考依据。

Abstract:

Considering the demand of detecting Android malware and the redundancy of permission properties, a fast scheme was proposed to detect malware from the perspective of permission correlation. To eliminate the redundant permissions, Chi-square test was used to compute the influence of the permission on the classification results. Then some representative permissions were selected on the basis of permission clustering to further reduce redundancy. Finally an improved Naive Bayesian classification based on the weights of different permissions was proposed to classify the software. Results of the experiments conducted on 2000 software samples show that the miss rate of malware detection is 10.33% and the overall prediction accuracy is 88.98%. Experiments indicate that this scheme is capable of detecting malware on Android platform by using a few permission properties, which can provide a reference for further analysis and judgment.

中图分类号:

TP311.53

张锐杨吉云. 基于权限相关性的Android恶意软件检测[J]. 计算机应用, 2014, 34(5): 1322-1325.

ZHANG Rui YANG Jiyun. Android malware detection based on permission correlation[J]. Journal of Computer Applications, 2014, 34(5): 1322-1325.

参考文献

［1］NetQin Mobile Inc. The first half of 2013 NetQin global mobile phone safety report ［R/OL］. ［2013-07-23］. http://cn.nq.com/neirong/2013Q2.pdf. (网秦.2013年上半年网秦全球手机安全报告［R/OL］.［2013-07-23］.http://cn.nq.com/neirong/2013Q2.pdf.)
［2］YI L, ZHANG N, LIU D. Study on mobile malware situation and trends ［J］. Information and Communications Technologies, 2013,7(2):75-79.(衣莉莉,张尼,刘镝.移动恶意软件现状及发展趋势［J］.信息通信技术,2013,7(2):75-79.)
［3］JIANG X, ZHOU Y. A survey of Android malware ［M］. New York: Springer, 2013:3-20.
［4］CHU J, ZHENG L. The security analysis of Android OS ［J］. Microcomputer and Its Application,2013,20(7):1-3.(初建朝, 郑力明. Android安全性分析［J］.微型机与应用,2013,20(7):1-3.)
［5］SCHMIDT A D, BYE R, SCHMIDT H G, et al. Static analysis of executables for collaborative malware detection on Android ［C］// Proceedings of the 2009 IEEE International Conference on Communications. Piscataway: IEEE Press, 2009:631-635.
［6］BURGUERA I, ZURUTUZA U, NADJM-TEHRANI S. Crowdroid: behavior-based malware detection system for Android ［C］// Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. New York: ACM, 2011:15-26.
［7］CHIANG H S, TSAUR W. Mobile malware behavioral analysis and preventive strategy using ontology ［C］// Proceedings of the 2010 IEEE Second International Conference on Social Computing. Piscataway: IEEE Press, 2010:1080-1085.
［8］SHABTAI A, ELOVICI Y. Applying behavioral detection on Android-based devices ［C］// Proceedings of the Mobile Wireless Middleware, Operating Systems, and Applications. Berlin: Springer, 2010,48:235-249.
［9］Google. Manifest.permission ［EB/OL］. ［2013-11-01］. http://developer.android.com/reference/android/Manifest.permission.html.
［10］BARRERA D, KAYACIK H G, van OORSCHOT P C, et al. A methodology for empirical analysis of permission-based security models and its application to Android ［C］// CCS '10: Proceedings of the 17th ACM Conference on Computer and Communications Security. New York: ACM, 2010:73-84.
［11］ZHOU Y, JIANG X. Dissecting Android malware: characterization and evolution ［C］// Proceedings of the 2012 IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 2012:95-109.
［12］KIRA K, RENDELL L A. The feature selection problem: traditional methods and a new algorithm ［C］// AAAI '92: Proceedings of the 10th National Conference on Artificial Intelligence. Palo Alto: AAAI Press,1992:129-134.
［13］DASH M, LIU H. Consistency-based search in feature selection ［J］. Artificial Intelligence, 2003,151(1/2):155-176.
［14］YU L,LIU H. Efficient feature selection via analysis of relevance and redundancy ［J］. Journal of Machine Learning Research, 2004,5(10):1205-1224.
［15］PENG H. Discussion about the naive Bayesian classifier based on selected and weighted attributes ［D］. Guangzhou: Zhongshan Univiserty, 2010.(彭浩威.选择性加权朴素贝叶斯分类方法的讨论［D］.广州：中山大学，2010.)
［16］virusshare.com. Because sharing is caring ［EB/OL］.［2013-10-21］. http://virusshare.com/support.
［17］LI Z, CHENG S, JIANG F. Static detection method for malicious behavior in Android Apps ［J］. Computer Systems and Applications, 2013,22(7):148-151.(李子锋,程绍银,蒋凡.一种Android应用程序恶意行为的静态检测方法［J］.计算机系统应用,2013,22(7):148-151.)

[1]	张杨, 董士程. 面向并发程序中锁机制的智能化推荐方法[J]. 计算机应用, 2021, 41(6): 1597-1603.
[2]	刘成斌, 郑巍, 樊鑫, 杨丰玉. 基于网络表征学习的混合缺陷预测模型[J]. 计算机应用, 2019, 39(12): 3633-3638.
[3]	秦彪, 郭帆, 涂风涛. 面向Android应用的静态污点分析结果的正确性验证[J]. 计算机应用, 2019, 39(10): 3018-3027.
[4]	张杨, 梁亚楠, 张冬雯, 孙仕欣. 并发程序中数据竞争检测方法[J]. 计算机应用, 2019, 39(1): 61-65.
[5]	张杨梁亚楠张冬雯孙仕欣. 并发程序中数据竞争检测方法研究[J]. 计算机应用, 0, (): 0-0.
[6]	李颖颖, 高伟, 高雨辰, 翟胜伟, 李朋远. 发掘函数级单指令多数据向量化的方法[J]. 计算机应用, 2017, 37(8): 2200-2208.
[7]	余海李斌王培霞贾荻王永吉. 基于组合分类算法的源代码注释质量评估方法[J]. , 0, (): 0-0.

基于权限相关性的Android恶意软件检测

Android malware detection based on permission correlation

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 7

编辑推荐

Metrics