摘要
重打包类型的恶意应用是通过将恶意代码注入正常应用来生成的,在Android平台已发现的恶意应用中占了很大的比例。针对此类恶意应用,提出一种基于行为的恶意应用检测方案。方案采用云端协作的软件架构,在云端对正常应用进行基于系统短序列的行为模式分析,从而形成正常行为模式库;在终端,从云端下载系统已安装应用的正常行为模式库,监测已安装应用的系统调用序列,并计算其异常率。实验结果表明,该方法是有效的,可以准确地识别出重打包的恶意应用。
M a licio u s ap plication s o f repackaged types are generated by in je c tin g the m a licio us code in to norm al a p p lic a tio n s , w hichaccounts fo r a large percentage o f m a licio us ap plication s in A n d ro id platform s. To solve th is p ro b le m , we propose a behaviour-based detectionscheme fo r A n d ro id repackaged a p p lica tio n . The scheme uses the software architectu re w ith cloud c o lla b o ra tio n , analyses in the cloud thebehaviou r patterns on norm al ap plication s based on short sequences o f system calls so that form s a norm al behaviour pa ttern database. Inte rm in a l d e vice , it downloads fro m the cloud the norm al behaviour pattern databases w ith the application s in s ta lle d , m onitors the system ca llsequences w ith the ap plication s in s ta lle d , and calculates th e ir abnorm al rate. E xperim enta l re sult shows that the proposed m ethod is e ffe c tiv e ,and it can accurately id e n tify the m a licio us repackaged application s.
作者
桓自强
倪宏
胡琳琳
郭志川
Huan Ziqiang;Guo Zhichuan;Ni Hong;Hu Linlin(National Network New Media Engineering Research Center, Institute of Acoustics, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences ,Beijing 100049, China)
出处
《计算机应用与软件》
CSCD
2016年第8期298-301,307,共5页
Computer Applications and Software
基金
国家科技支撑计划课题(2012BAH73F01)
中国科学院先导专项课题(XDA06040501)
