摘要
针对Android系统提供的基于应用权限授权的安全管理机制粒度较粗,并且一旦用户对应用软件授权即无法更改或追踪权限使用的问题,提出了一种基于朴素贝叶斯的Android软件恶意行为识别方法.该方法综合考虑软件运行时的用户操作场景和用户行为习惯以及软件权限等特性,抽取软件是否为系统应用、权限使用时是否有用户操作、软件是否申请了过多的权限、是否存在敏感权限组合、权限的使用是否存在突发性等作为分类属性,并通过对Android安全框架的扩展,实现了对恶意行为的实时分析和处理.实验结果表明,所设计和实现的Android软件恶意行为智能识别技术具有较高的识别率和较低的误报率,并且对系统性能的影响较小,可以有效增强Android系统的安全性.
As Android only provides coarse security management mechanism based on per-application permission authorization,and the granted permissions cannot be tuned and tracked during runtime,a malicious softw are behavior identification method using Naive Bayes classifier is proposed.When analyzing softw are behavior,not only softw are property such as permissions,but also user operation and behavior and some other characteristics are all taken into accounts. Accordingly,different classification features are extracted,such as whether the softw are is a system application,whether permission use is caused by user operations,whether the application is overprivileged whether there exists certain permission combination,whether there exist permission use bursts,and etc. By extending the Android security framework,malicious behavior can be detected and processed in real time. Experimental results show that the proposed method can detect malicious behavior with high detection rate,low er false positive rate and little system performance loss,which proves itself to be effective in enhancement of the security of Android system efficiently and effectively.
出处
《东南大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2015年第2期224-230,共7页
Journal of Southeast University:Natural Science Edition
基金
国家自然科学基金资助项目(61272054
61320106007)
国家高技术研究计划(863计划)资助项目(2013AA013503)
国家电网公司科技资助项目(EPRIXXKJ[2014]2244)
江苏省网络与信息安全重点实验室资助项目(BM2003-201)
网络与信息集成教育部重点实验室(东南大学)资助项目(93K-9)
