摘要
随着移动互联网的迅猛发展和智能设备的普及,Android平台的安全问题日益严峻,不断增多的恶意软件对终端用户造成了许多困扰,严重威胁着用户的隐私安全和财产安全;因此对恶意软件的分析与研究也成为安全领域的热点之一;提出了一种基于函数调用图的Android程序特征提取及检测方法;该方法通过对Android程序进行反汇编得到函数调用图,在图谱理论基础上,结合函数调用图变换后提取出的图结构和提取算法,获取出具有一定抗干扰能力的程序行为特征;由于Android函数调用图能够较好地体现Android程序的功能模块、结构特征和语义;在此基础上,实现检测原型系统,通过对多个恶意Android程序分析和检测,完成了对该系统的实验验证;实验结果表明,利用该方法提取的特征能够有效对抗各类Android程序中的混淆变形技术,具有抗干扰能力强等特点,基于此特征的检测对恶意代码具有较好地识别能力。
With the popularity of the rapid development of mobile Internet and smart devices,Android platform security issues become more and more serious,more malware caused a lot of trouble to the end user,a serious threat to the safety of the user's privacy and property safety.Therefore,the analysis and research of malware has become one of the hot topics in security field.An innovative practical feature extraction and detection of Android program scheme based on function call graph is proposed in this paper.On Android program disassembling function call graph is obtained by the method,which based on the spectral graph theory,combined with the function call graph transformation after extraction of graph structure and extraction algorithm to obtain a certain anti-interference ability of program behavior characteristics.On this basis,the prototype system is realized,and the system is verified by the analysis and detection of a number of malicious Android programs.The experimental results show that the features extracted by this method can effective against all kinds of Android application confusion deformation technology,has the characteristics of strong anti-jamming ability.Based on this feature detection of malicious code has better recognition ability..
出处
《计算机测量与控制》
2017年第10期198-201,205,共5页
Computer Measurement &Control
基金
教育部"春晖计划"合作科研项目(S2015037)
关键词
函数调用图
恶意代码
检测方法
研究
machine learning
Android program
function call graph
spectral graph theory
feature extraction
