摘要
针对当前基于机器学习的Android恶意软件检测方法特征构建维度单一,难以全方位表征Android恶意软件行为特点的问题,文章提出一种融合软件行为特征、Android Manifest.xml文件结构特征和Android恶意软件分析经验特征的恶意软件检测方法。该方法提取Android应用的Dalvik操作码N-gram语义信息、系统敏感API、系统Intent、系统Category、敏感权限和相关经验特征,多方位表征Android恶意软件的行为并构建特征向量,采用基于XGBoost的集成学习算法构建分类模型,实现对恶意软件的准确分类。在公开数据集DREBIN和AMD上进行实验,实验结果表明,该方法能够达到高于97%的检测准确率,有效提升了Android恶意软件的检测效果。
Aiming at the current problem that the feature construction of Android malware detection method based on machine learning has a single dimension and it is difficult to comprehensively characterize the behavior characteristics of Android malware,this paper proposes a malicious software detection method that integrates the behavior characteristics of software,the structural characteristics of AndroidManifest.xml file and the characteristics of Android malware analysis experience.This method extracts the N-gram semantic information,system sensitive API,system Intent,system Category,sensitive authority and relevant experience characteristics of the Dalvik operand code of Android application,characterizes the behavior of Android malware in multiple directions,and constructs the feature vector.Then,the integrated learning algorithm based on XGBoost is used to construct the classification model,so as to realize the accurate classification of malware.Experiments were conducted on DREBIN and AMD in the open data set,and the experimental results showed that this method could achieve a detection accuracy of over 97%,which effectively improved the detection effect of Android malware.
作者
侯留洋
罗森林
潘丽敏
张笈
HOU Liuyang;LUO Senlin;PAN Limin;ZHANG Ji(School of Information and Electronics,Beijing Institute of Technology,Beijing 100081,China)
出处
《信息网络安全》
CSCD
北大核心
2020年第1期67-74,共8页
Netinfo Security
基金
国家242信息安全专项[2019A021]。
