[1]黄 伟,陈 昊,郭雅娟,等.基于集成分类的恶意应用检测方法[J].南京理工大学学报(自然科学版),2016,40(01):35.
 Huang Wei,Chen Hao,Guo Yajuan,et al.Mobile malware detection approach using ensemble classification[J].Journal of Nanjing University of Science and Technology,2016,40(01):35.
点击复制

基于集成分类的恶意应用检测方法
分享到:

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

卷:
40卷
期数:
2016年01期
页码:
35
栏目:
出版日期:
2016-02-29

文章信息/Info

Title:
Mobile malware detection approach using ensemble classification
作者:
黄 伟陈 昊郭雅娟姜海涛
江苏省电力公司 电力科学研究院,江苏 南京 210036
Author(s):
Huang WeiChen HaoGuo YajuanJiang Haitao
Research Institute of Jiangsu Electric Power Company,Nanjing 210036,China
关键词:
安卓 分类 集成学习 恶意应用检测 静态分析 支持向量机 特征选择
Keywords:
Android classification ensemble learning malware detection static analysis support vector machine feature selection
分类号:
TP319
摘要:
针对难以准确判断单一的特征和单一的数据挖掘算法对于恶意应用检测精度影响的问题,该文提出了一种基于集成分类的恶意应用检测方法,该方法以安卓平台上的应用为研究对象,采用静态分析方法提取三类特征:权限特征、组件特征和函数调用特征; 在此基础上,分别为每一类特征应用多种基分类器建立分类模型,并采用集成学习的思想设计一致性函数产生多种基分类器的决策结果作为某一特征上的分类结果; 最后,再次采用集成学习的思想,融合每一类特征的分类结果,产生面向多特征的恶意应用分类结果。针对应用市场的真实应用的检测分析结果表明:面向多特征的集成分类检测方法能提高恶意应用检测精度。
Abstract:
To accurately know the contributions of a single feature and a single data mining algorithm to high detection accuracy for malware detection,this paper puts forward a mobile malware detection approach using ensemble techniques for the Android platform.The proposed approach extracts three kinds of features from a given mobile application,including privilege feature,component feature and API call feature.Several classification models are built for each kind of feature using several base classifiers respectively.A consensus function for each feature is designed to make decision to obtain an optimal classification output.In the next step,another consensus function is designed and applied to the outputs from all kinds of features in order to obtain the final classification output.This paper carries out the empirical experiment evaluation on mobile applications from the real world application markets,and the compared results show that our approach can get a better detection accuracy in terms of F1 score than a single data mining algorithm.

参考文献/References:

[1] Anastasia S,Dennis G.Review of the mobile malware detection approaches[C]//Proceedings of the 23rd International Conference on Parallel,Distributed and Network-Based Processing.Washington,USA:IEEE Computer Society,2015:600-603.
[2]Islam R,Tian R,Batten L M,et al.Review:classification of malware based on integrated static and dynamic features[J].Journal of Network and Computer Applications,2013,36(2):646-656.
[3]Mas’Ud M Z,Sahib S,Abdollah M F,et al.Analysis of features selection and machine learning classifier in Android malware detection[C]//Proceedings of IEEE International Conference on Information Science and Applications.Washington,USA:IEEE Computer Society,2014:1-5.
[4]Zhou Yajin,Wang Zhi,Zhou Wu,et al.Hey,you,get off of my market:detecting malicious Apps in official and alternative Android markets[C]//Proceedings of the 19th Annual Network & Distributed System Security Symposium.Washington,USA:Internet Society,2012:123-129.
[5]Zhang Yuan,Yang Min,Yang Zhemin,et al.Permission use analysis for vetting undesirable behaviors in Android Apps[J].IEEE Transactions on Information Forensics and Security,2014,9(11):1828-1842.
[6]Pandita R,Xiao X,Yang W,et al.WHYPER:towards automating risk assessment of mobile applications[C]//Proceedings of the 22nd USENIX Security Symposium.Berkeley,USA:USENIX,2013:89-97.
[7]Salehi Z,Ghiasi M,Sami A.A miner for malware detection based on API function calls and their arguments[C]//Proceedings of the 16th CSI International Symposium on Artificial Intelligence and Signal Processing.Washington,USA:IEEE Computer Society,2012:563-568.
[8]卢文清,何加铭,曾兴斌,等.基于混合特征的android恶意软件静态检测[J].无线电通信技术,2014,40(6):64-68.

Lu Wenqing,He Jiaming,Zeng Xingbin,et al.Android malware static detection based on hybrid features[J].Radio Communications Technology,2014,40(6):64-68.
[9]杨欢,张玉清,胡予濮,等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014,37(1):15-27.
Yang Huan,Zhang Yuqing,Hu Yupu,et al.A malware behavior detection system of Android applications based on multi-class features[J].Chinese Journal of Computers,2014,37(1):15-27.
[10]戚湧,胡俊,於东军.基于自组织映射与概率神经网络的增量式学习算法[J].南京理工大学学报,2013,37(1):1-6.
Qi Yong,Hu Jun,Yu Dongjun.Incremental learning algorithm based on self-organizing map and probabilistic neural network[J].Journal of Nanjing University of Science and Technology,2013,37(1):1-6.
[11]Yerima S Y,Sezer S,Muttik I.High accuracy Android malware detection using ensemble learning[J].IET Information Security,2015,9(6):313-320.
[12]胡扬波,王成现,袁杰.配网抢修移动应用系统的设计与实现[J].江苏电机工程,2014,33(3):49-52.
Hu Yangbo,Wang Chengxian,Yuan Jie.Design and realization of a mobile application system for electric distribution network rush repair[J].Jiangsu Electrical Engineering,2014,33(3):49-52.

相似文献/References:

[1]余正涛,邹俊杰,赵兴,等.基于主动学习的最小二乘支持向量机稀疏化[J].南京理工大学学报(自然科学版),2012,36(01):12.
 YU Zheng-tao,ZOU Jun-jie,ZHAO Xing,et al.Sparseness of Least Squares Support Vector Machines Based on Active Learning[J].Journal of Nanjing University of Science and Technology,2012,36(01):12.
[2]潘志松,燕继坤,杨绪兵,等.单实例分类算法研究[J].南京理工大学学报(自然科学版),2009,(04):444.
 PAN Zhi-song,YAN Ji-kun,YANG Xu-bing,et al.Classification Algorithm Based on Single Sample[J].Journal of Nanjing University of Science and Technology,2009,(01):444.
[3]黄双喜,张友良.并行、协同设计环境下的产品建模[J].南京理工大学学报(自然科学版),1999,(04):312.
 HuangShuangxi ZhangYouliang.The Product Modeling in Concurrent and Cooperative Environment[J].Journal of Nanjing University of Science and Technology,1999,(01):312.
[4]郭英智,申继平,李大庆.平面反射系统分类方法[J].南京理工大学学报(自然科学版),1994,(04):61.
 Guo Yingzhi.Research on Classified Method of Plane Reflecting System。[J].Journal of Nanjing University of Science and Technology,1994,(01):61.
[5]朱 虹,李千目,戚湧.一种基于改进最近邻算法的忠诚度预测方法[J].南京理工大学学报(自然科学版),2017,41(04):448.[doi:10.14177/j.cnki.32-1397n.2017.41.04.008]
 Zhu Hong,Li Qianmu,Qi Yong.Loyalty prediction method based on improvednearest neighbor algorithm[J].Journal of Nanjing University of Science and Technology,2017,41(01):448.[doi:10.14177/j.cnki.32-1397n.2017.41.04.008]

备注/Memo

备注/Memo:
收稿日期:2015-07-21修回日期:2015-09-23
作者简介:黄伟(1980-),男,高级工程师,主要研究方向:信息安全,E-mail:hw_jsepri@163.com; 通讯作者:陈昊(1980-),女,硕士,高级工程师,主要研究方向:移动安全,数据挖掘,E-mail:ch_ jsepri@163.com。
引文格式:黄伟,陈昊,郭雅娟,等.基于集成分类的恶意应用检测方法[J].南京理工大学学报,2016,40(1):35-40.
投稿网址:http://zrxuebao.njust.edu.cn
DOI:10.14177/j.cnki.32-1397n.2016.40.01.006
更新日期/Last Update: 2016-02-29