期刊文献+

基于应用分类和系统调用的Android恶意程序检测 被引量:1

Android malware detection based on application classfication and system calls
下载PDF
导出
摘要 针对Android平台恶意程序泛滥的问题,提出一种基于应用分类和系统调用的恶意程序检测方法。以Google Play为依据进行应用程序分类,利用运行时产生的系统调用频数计算每个类别的系统调用使用阈值。当应用程序安装运行时,手机端收集应用程序权限信息和产生的系统调用信息发给远程服务器,远程服务器根据权限信息采用序列最小优化算法给应用程序进行分类,分类后利用系统调用频数计算出系统调用使用值,与该类别的阈值进行比较判断是否恶意程序,将分类结果及判定结果反馈给用户,由用户判断是否需要更改分类重新检测。实验结果表明了该方法的可行性和有效性,不仅减少了手机的资源消耗,又能对产生恶意行为的应用程序及时做出反应。 Considering the increasement of malware for Android,a malware detection based on application classficationand system calls of Android applications is proposed.The method depends on the categories in the Google Play as a referenceto count system calls usage threshold of each category.During the installation of the application to a Android mobilephone runtime,the infornation of system calls and the permission infornation is sent to the remote server by the mobilephone.Sequential minimal optimzation algorithm is used to classify the application,and system calls usage value ofthe this application is calculated after the information of system call frequency is analyzed.Comparing this value and systemcalls usage threshold of category,whether it is a procedure including hostile program can be ascertained.Users canget the result and change the category of the application to examine the application depending on the requirement.Finally,the effectiveness and feasibility of the method is verified,not only can reduce resource consumption of phones,but alsocan response the malware as quickly as possible.
作者 林擎宇 凌捷 LIN Qingyu;LING Jie(Faculty of Computer, Guangdong University of Technology , Guangzhou 510006, China)
出处 《计算机工程与应用》 CSCD 北大核心 2017年第19期109-113,163,共6页 Computer Engineering and Applications
基金 广东省重大科技专项(No.2015B010128014 No.2016B010107002) 广东省教育部产学研合作项目(No.2014B090908010 No.2014B090908011 No.2015B090906016)
关键词 ANDROID平台 应用分类 系统调用 恶意程序检测 Android application classfication system calls malware detection
  • 相关文献

参考文献4

二级参考文献174

  • 1杨欢,张玉清,胡予濮,刘奇旭.基于权限频繁模式挖掘算法的Android恶意应用检测方法[J].通信学报,2013,34(S1):106-115. 被引量:47
  • 2Chebyshev V, Unuchek R. Mobile malware evolution: 2013 [ EB/OL]. (2014-02-24) . http://www. securelist. co- m/en/analysis/204792326/Mobile_Malware_Evolution_2013.
  • 3Enck W, Ongtang M, Mcda-Niel P. On lightweight mobile phone ap-plication certification [ C ] //Proc of the 16th ACM Conference onComputer and Communications Security. New York: ACM Press,2009:235-245.
  • 4Nauman M, Khan S, Zhang Xinwen. Apex: extending Android per-mission model and enforcement with user-defined runtime constraints[C ] //Proc of the 5th ACM Symposium on Information, Computerand Communications Security. 2010:328-332.
  • 5Glodek W, Harang R. Rapid permissions-based detection and analy-sis of mobile malware using random decision forests [ C ]//Proc ofIEEE Military Communications Conference. [ S. 1. ] : IEEE Press,2013:980-985.
  • 6Aswini A M, Vinod P. Droid permission miner: mining prominentpermissions for Android malware analysis [ C ] //Proc of the 5 th Inter-national Conference on the Applications of Digital Information andWeb Technologies. 2014:81-86.
  • 7Moonsamy V, Rong Jia, Liu Shaowu. Mining permission patterns forcontrasting clean and malicious Android applications [ J ]. FutureGeneration Computer Systems ,2014,36 : 122-132.
  • 8Wu Dongjie, Mao C H, Wei T E, ef al. DroidMat: Android malwaredetection through manifest and API calls tracing [ C ] //Proc of the 7 thAsia Joint Conference on Information Security. 2012 : 62-69.
  • 9Su Mingyang, Chang Wenchuan. Permission-based malware detectionmechanisms for smart phones [ C ]//Proc of International Conferenceon Information Networking. 2014 :449-452.
  • 10Felt A P, Chin E, Hanna S, et al. Android permissions demystified[C]//Proc of the 18th ACM Conference on Computer and Communi-cations Security. 2011:627-638.

共引文献130

同被引文献10

引证文献1

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部