CAO Tianjie2,3
Received:
Revised:
Online:
罗文塽1,曹天杰2,3
通讯作者:
Abstract: Nowadays, Android is the most popular mobile operating system. In order to effectively detect the malware on the Android platform , a static detection method based on non-user operation sequences was proposed. Firstly, constructing the malware's function-call graphs through extracting the API call information of malware. Then, extracting non-user operation sequences from function-call graphs to form malicious behavior database. In the end, detecting malware by calculating the edit distance between non-user operation sequences of the test sample and the malicious behavior database. The experimental results show that the method in this paper can reach 90.8% of the recall rate and 90.3% of the accuracy rate. Compared with the Android malware detection system Androguard and Flowdroid, this method has a remarkable promotion on malware detection.
Key words: Android, malware, static detection, Function-call graphs, API call
摘要: Android是目前最流行的移动操作系统。为了有效地检测Android平台上的恶意软件,提出了一种基于非用户操作序列的静态检测方法。首先通过提取恶意软件的API调用信息,构建恶意软件的函数调用流程图。进而,从函数流程图中提取出其中的非用户操作序列形成恶意行为库。通过计算待检测样本与恶意行为库中的非用户操作序列的编辑距离进行恶意软件识别。实验结果表明,该方法可达到90.8%的召回率,90.3%的正确率,相对于Android恶意软件检测系统Androguard和Flowdroid,在恶意软件检测上检测效果显著提升。
关键词: Android, 恶意软件, 静态检测, 函数调用图, API调用
CLC Number:
中图分类号:TP309
CAO Tianjie. DPCS2017+49+Malware detection approach based on non-user operating sequences[J]. .
罗文塽 曹天杰. DPCS2017+49+基于非用户操作序列的恶意软件检测方法[J]. .
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://www.joca.cn/EN/