摘要
针对目前Android外挂恶意软件检测率低的问题,提出基于结构相似度的Android恶意软件检测算法.该算法首先使用逆向工程将App还原成源码,再利用源码中的class,method,API和系统命令构建结构图,利用互信息MI选出恶意App常用的API,再化简结构图,最后通过比对结构图包含敏感API的部分判断是否为恶意软件.该算法通过静态分析降低资源消耗、结构对比增加检测效率,从而达到提高外挂恶意软件检测率的目的.实验表明,该算法可行可靠.
The article raises malicious Android detecting algorithm based on structural similarity aiming at current problem of low detection rate of external Android malware.It firstly reverts the APP to source code by reverse engineering,then builds structure chart with the class,method,API,and system command line in source code,and picks frequently used API in malicious APP with mutual information MI,then modifies the structure diagram,and finally determines whether it is malicious software by checking the structure diagram the inclusion of sensitive API part.The proposed algorithm achieves the goal of enhancing the detection rate of external malware by decreasing resource consumption with static analysis,and increasing detection efficiency by structural comparison.The experiment shows that the algorithm is reliable and feasibility.
作者
李蓉
周维柏
Li Rong;Zhou Weibai(School of Information Technology & Engineering, Guangzhou college of Commerce, Guangzhou 511363, China)
出处
《宁夏大学学报(自然科学版)》
CAS
2020年第1期63-68,共6页
Journal of Ningxia University(Natural Science Edition)
基金
广东省广东教育成果奖(高等教育)培育基金资助项目(1182)。
