基于关联特征的贝叶斯Android恶意程序检测技术

BAYESIAN ANDROID MALWARE DETECTION TECHNOLOGY BASED ON THE FEATURES OF ASSOCIATION

Android应用恶意性和它所申请的权限关系密切,针对目前恶意程序检测技术检出率不高,存在误报,缺乏对未知恶意程序检测等不足,为实现对Android平台恶意程序进行有效检测,提出了一种基于关联权限特征的静态检测方法。首先对获取的应用权限特征进行预处理,通过频繁模式挖掘算法构造关联特征集,然后采用冗余关联特征剔除算法对冗余关联特征进行精简,最后通过计算互信息来进行特征筛选,获得最具分类能力的独立特征空间,利用贝叶斯分类算法进行恶意程序的检测。实验结果证明,在贝叶斯分类之前对特征进行处理具有较强的有效性和可靠性,能够使Android恶意程序检出率稳定在92.1%,误报率为8.3%,检测准确率为93.7%。

There is a close relationship between the Android malware and the application＇s permissions,in view of the detection rate is not high of current detection technology,the existence of false positives,and lack of detection of unknown malicious. A static detection method based on the characteristics of associated permissions is proposed to realize the effective detection of Android malware. First of all, the characteristics of the application permissions are preprocessed,and the permissions association dataset is constructed by the frequent pattern mining algorithm,then the redundancy feature selection algorithm is designed to simplify the redundancy,finally the feature selection is carried out by Mutual information,independent feature spaces with the most ability to classify. The experimental results show that dealing with features has a better validity and reliability before Bayesian classification,the detection rate can be stable in92. 1%,the false positive rate is 8. 3%,the detection accuracy rate is 93. 7%.