[1]陈 昊,姜海涛,郭 静,等.基于系统调用的安卓恶意应用检测方法[J].南京理工大学学报(自然科学版),2017,41(06):720.[doi:1005-9830(2017)06-0720-05]
 Chen Hao,Jiang Haitao,Guo Jing,et al.Android malware detection method based on system calls[J].Journal of Nanjing University of Science and Technology,2017,41(06):720.[doi:1005-9830(2017)06-0720-05]
点击复制

基于系统调用的安卓恶意应用检测方法()
分享到:

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

卷:
41卷
期数:
2017年06期
页码:
720
栏目:
出版日期:
2017-12-31

文章信息/Info

Title:
Android malware detection method based on system calls
文章编号:
10.14177/j.cnki.32-1397n.2017.41.06.009
作者:
陈 昊1姜海涛1郭 静1周 超1姚 楠1徐 建2
1.国网江苏省电力公司 电力科学研究院,江苏 南京 211103; 2.南京理工大学 计算机科学与工程学院,江苏 南京 210094
Author(s):
Chen Hao1Jiang Haitao1Guo Jing1Zhou Chao1Yao Nan1Xu Jian2
1.State Grid Jiangsu Electric Power Company Research Institute,Nanjing 211103,China; 2.School ofComputer Science and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China
关键词:
安卓 恶意应用检测 静态检测 动态检测 特征化 系统调用次数 系统调用依赖图
Keywords:
Android malware detection static detection dynamic detection characterization system call frequency system call dependency
分类号:
TP309.2
DOI:
1005-9830(2017)06-0720-05
摘要:
针对恶意应用静态检测方法精度低的问题,以安卓(Android)应用运行时产生的系统调用为研究对象,提出1种恶意应用动态检测方法。将Android移动应用在沙盒环境下通过事件仿真获得的系统调用序列进行特征化,设计了基于系统调用次数和基于系统调用依赖图的2种特征表示方法。采用集成学习方法构建分类器,区分恶意应用和正常应用。采用来自于第三方应用市场的3 000个样本进行了实验验证。结果表明,基于系统调用依赖图的特征表示方法优于基于系统调用次数的特征表示方法,采用集成分类器具有较好的检测精度,达95.84%。
Abstract:
A dynamic Android malware detection approach is proposed aiming at the low accuracy of static malware detection approaches by researching the system calls of Android applies.The system calls achieved by stimulated events of Android applies from the sandbox are characterized,and two feature representation methods are designed based on system call frequency and system call dependency respectively.Malware and goodware are distinguished by a classifier constructed by ensemble method.The two methods are tested on 3 000 Android applications from the third-part market.The experimental results show that,the feature representation method based on system call dependency is better than that based on system call frequency,and the ensemble-based classifier has a good detection accuracy of 95.84%.

参考文献/References:

[1] 胡扬波,王成现,袁杰.配网抢修移动应用系统的设计与实现[J].江苏电机工程,2014,33(3):49-52.
Hu Yangbo,Wang Chengxian,Yuan Jie.Design and realization of a mobile application system for electric distribution network rush repair[J].Jiangsu Electrical Engineering,2014,33(3):49-52.
[2]李云鹏,季晨宇,范国祥.基于物联网技术的用电侧移动营销系统设计[J].江苏电机工程,2015,34(5):80-84.
Li Yunpeng,Ji Chenyu,Fan Guoxiang.Designing of mobile marketing system based on the internet of things technique[J].Jiangsu Electrical Engineering,2015,34(5):80-84.
[3]Chan P P F,Hui L C K,Yiu S M.DroidChecker:Analyzing Android applications for capability leak[C]//The 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks.New York,USA:ACM,2012:125-136.
[4]黄伟,陈昊,郭雅娟,等.基于集成分类的恶意应用检测方法[J].南京理工大学学报,2016,40(1):35-40.
Huang Wei,Chen Hao,Guo Yajuan,et al.Mobile malware detection approach using ensemble classification[J].Journal of Nanjing University of Science and Technology,2016,40(1):35-40.
[5]杨欢,张玉清,胡予濮,等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014,37(1):15-27.
Yang Huan,Zhang Yuqing,Hu Yupu,et al.A malware behavior detection system of Android applications based on multi-class features[J].Chinese Journal of Computers,2014,37(1):15-27.
[6]Enck W,Gilbert P,Han S,et al.TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems(TOCS),2014,32(2):1-29.
[7]Yuan Zhenlong,Lu Yu,Wang Zhen,et al.Droid-sec:Deep learning in Android malware detection[J].ACM SIGCOMM Computer Communication Review-SIGCOMM’14,2014,44(4):371-372.
[8]Tam K,Khan S J,Fattori A,et al.CopperDroid:Automatic reconstruction of Android malware behaviors[C]//Network and Distributed System Security Symposium.London,UK:Internet Society,2015:1-15.
[9]Fredrikson M,Jha S,Christodorescu M,et al.Synthesizing near-optimal malware specifications from suspicious behaviors[C]//2010 IEEE Symposium on Security and Privacy(SP).Fajardo,USA:IEEE Computer Society,2010:41-50.
[10]Farid D M,Zhang L,Hossain A,et al.An adaptive ensemble classifier for mining concept drifting data streams[J].Expert Systems with Applications,2013,40(15):5895-5906.

相似文献/References:

[1]黄 伟,陈 昊,郭雅娟,等.基于集成分类的恶意应用检测方法[J].南京理工大学学报(自然科学版),2016,40(01):35.
 Huang Wei,Chen Hao,Guo Yajuan,et al.Mobile malware detection approach using ensemble classification[J].Journal of Nanjing University of Science and Technology,2016,40(06):35.

备注/Memo

备注/Memo:
收稿日期:2017-03-27 修回日期:2017-06-07
基金项目:国网江苏省电力公司科技项目(J2016022)
作者简介:陈昊(1980-),女,高级工程师,主要研究方向:移动安全、数据挖掘,E-mail:ch_jsepri@163.com。
引文格式:陈昊,姜海涛,郭静,等.基于系统调用的安卓恶意应用检测方法[J].南京理工大学学报,2017,41(6):720-724.
投稿网址:http://zrxuebao.njust.edu.cn
更新日期/Last Update: 2017-12-31