摘要
针对Android平台恶意程序泛滥的问题,提出一种基于应用分类和系统调用的恶意程序检测方法。以Google Play为依据进行应用程序分类,利用运行时产生的系统调用频数计算每个类别的系统调用使用阈值。当应用程序安装运行时,手机端收集应用程序权限信息和产生的系统调用信息发给远程服务器,远程服务器根据权限信息采用序列最小优化算法给应用程序进行分类,分类后利用系统调用频数计算出系统调用使用值,与该类别的阈值进行比较判断是否恶意程序,将分类结果及判定结果反馈给用户,由用户判断是否需要更改分类重新检测。实验结果表明了该方法的可行性和有效性,不仅减少了手机的资源消耗,又能对产生恶意行为的应用程序及时做出反应。
Considering the increasement of malware for Android,a malware detection based on application classficationand system calls of Android applications is proposed.The method depends on the categories in the Google Play as a referenceto count system calls usage threshold of each category.During the installation of the application to a Android mobilephone runtime,the infornation of system calls and the permission infornation is sent to the remote server by the mobilephone.Sequential minimal optimzation algorithm is used to classify the application,and system calls usage value ofthe this application is calculated after the information of system call frequency is analyzed.Comparing this value and systemcalls usage threshold of category,whether it is a procedure including hostile program can be ascertained.Users canget the result and change the category of the application to examine the application depending on the requirement.Finally,the effectiveness and feasibility of the method is verified,not only can reduce resource consumption of phones,but alsocan response the malware as quickly as possible.
作者
林擎宇
凌捷
LIN Qingyu;LING Jie(Faculty of Computer, Guangdong University of Technology , Guangzhou 510006, China)
出处
《计算机工程与应用》
CSCD
北大核心
2017年第19期109-113,163,共6页
Computer Engineering and Applications
基金
广东省重大科技专项(No.2015B010128014
No.2016B010107002)
广东省教育部产学研合作项目(No.2014B090908010
No.2014B090908011
No.2015B090906016)