基于谷歌距离的安卓恶意软件特征提取方法

EXTRACTION METHOD OF ANDRIOD MALWARE CHARACTERISTICS BASED ON GOOGLE DISTANCE

针对传统特征码基于程序二进制文本的提取方法,提出一种对于安卓应用程序Java源码进行特征提取的方法。该方法通过使用谷歌距离计算源码中关键词如API调用、安卓权限和常用参数之间的相关度,挖掘安卓恶意软件源码中常用的关键词,将其按照相似度分类。然后与正常软件中的关键词进行对比实验,得到安卓恶意软件的特征。该方法打破了以往依靠文本上下文环境记录病毒特征的常规方法,结合整个病毒软件操作环境形成特征库,记录下病毒的行为作为特征。实验证明,该方法是行之有效的。

In view of the traditional feature extraction method based on binary program, a method for feature extraction of Java source code is put forward. The method uses the Google distance to compute the correlation between key codes such as API calls, Android permissions and the common parameters, and mines the common key words in Android malware source code. Then the feature of Android malware is learned by classifying them according to their similarity and comparing the experimental results with the normal software. This method breaks the conven- tional method, which is based on the context of the text, and combines the characteristics of the whole virus software operating environment to record the behavior of the virus. Experiments show that the method is effective.