摘要
针对静态检测和动态检测方式存在的问题,提出了一种基于混合方式的恶意移动应用检测方法。该方法采用静态分析和动态分析相结合的方式,通过静态分析获取权限特征和函数调用特征,通过沙盒环境下的事件仿真获取系统调用序列并提取系统调用依赖关系特征。在此基础上,提出了一种基于集成学习的分类器构造方法,区分恶意应用和正常应用。在来自于第三方应用市场中的3 000个样本集上进行了实验验证,结果表明基于混合方式的恶意应用检测效果要优于基于静态分析的方式和基于动态分析的方式;考虑多种类型特征的样本上的检测精度要高于采用单一特征刻画的样本上的值;采用集成分类器具有较好的检测精度。
To deal with the issues of the existing static analysis based or dynamic analysis based detection approaches,this paper proposed a hybrid malware detection approach by combining the static analysis based approaches with the dynamic analysis based detection ones. The proposed approach first extracted the privilege feature and obtained the system call feature through static analysis and the system call dependency feature through dynamic analysis respectively,and then built an ensemble-based malware classifier to label malware or goodware. The experimental results on 3 000 Android applications from the third-part market show that the proposed approach is better than the static or dynamic analysis based approaches in terms of F1 score,and the detection accuracy of the proposed approach using the combined feature is also better than that using the single feature. The ensemble-based classifier has a good detection accuracy.
作者
姜海涛
郭雅娟
陈昊
徐建
Jiang Haitao;Guo Yajuan;Chen Hao;Xu Jian(Electric Power Research Institute of Jiangsu Electric Power Company,Nanjing 211103,China;School of Computer Science & Engineering,Nanjing University of Science & Technology,Nanjing 210094,China)
出处
《计算机应用研究》
CSCD
北大核心
2018年第6期1786-1788,1792,共4页
Application Research of Computers
基金
国网江苏省电力公司科技项目(J2016022)
关键词
静态分析
动态分析
特征抽取
恶意应用检测
static analysis
dynamic analysis
feature extraction
malware detection
