摘要
Android系统以其优异的特性快速抢占了手机市场.但由于Android的开源性,导致Android的安全问题频发.第三方市场上大量恶意APP给人们的隐私安全以及财产安全带来了很大的危害,其中重打包恶意应用所占比重最大达到了86%.在重打包应用检测方面,研究人员作了大量的实验研究并设计了检测引擎.但是以往的检测引擎存在复杂度高、准确率低等缺点,并对重打包应用的恶意性无法判断.所以结合当前多种恶意应用检测方法的优点,设计了一种基于质心处理和层次分析的抗混淆恶意应用检测方法,该方法对反编译之后的中间代码进行静态分析,使用质心算法对应用之间的相似性进行检测,通过相似应用之间的比较定位可疑代码段,结合层次分析法和加权FP-growth算法对可疑代码段进行恶意性判定.通过实验验证,该方法在Android重打包恶意应用的检测方面具有较好的效果.
Android system with its excellent characteristics quickly seize the mobile phone market.However,the open source of Android leads to Android frequent security problems.A large number of malicious applications on the third party market have brought great harm to people's privacy and property security.Among them,repackaged malicious applications accounted for the largest proportion which was86%.In the repackaging application detection,researchers have done a lot of experimental research and designed the detection engine.But in the past,the detection engine has the disadvantages of high complexity and low accuracy.In this paper,we design an anti-obfuscation method for detecting malware based on centroid processing and hierarchical analysis.This method carries on static analysis to the intermediate code after compilation.The centroid algorithm is used to detect the similarity between applications?locating suspicious code segments by comparison between similar applications.Combining the analytic hierarchy process(AHP)and weighted FP-growth algorithm,the suspicious malicious code segments are judged.The experiment results show that this method has good effect in the detection of Android repackaged malicious applications.
作者
孙伟
孙雅杰
夏孟友
Sun Wei;Sun Yajie;Xia Mengyou(School of Electronics and Information Technology, SunYet-sen University, Guangzhou 510006;School of Data Science and Computer, Sun Yet-sen University, Guangzhou 510006;Key Laboratory of Information Technology (Sun Yet-sen University) ,Ministry of Education,Guangzhou 510006)
出处
《信息安全研究》
2017年第8期692-700,共9页
Journal of Information Security Research
