安卓恶意软件检测方法综述

Android malware detection:a survey

在过去的十几年间,Android系统由于其开源性、丰富的硬件选择性以及拥有百万级别应用市场等优点,已经迅速成为了目前最流行的移动操作系统.与此同时,Android系统的开源性也使其成为了恶意软件的主要攻击目标.恶意软件的快速增长给移动智能手机用户带来了巨大的危害,包括资费消耗、隐私窃取以及远程控制等.因此,深入研究移动应用的安全问题对智能手机生态圈的健全发展具有重要意义.本文首先介绍了恶意软件检测所面临的问题与挑战,然后综述了近些年的恶意软件检测所使用的数据集信息以及相关方法,将现有方法分为了基于特征码、基于机器学习以及基于行为3大类,并针对各方法所使用的技术进行了归纳总结,全面比较和分析了不同技术的优缺点.最后,结合我们自身在恶意软件检测方面的研究基础对未来的研究方向和面临的挑战进行了探索与讨论.

Android has become the most popular mobile operating system in the past ten years due to its three main advantages,namely,the openness of source code,richness of hardware selection,and millions of applications(apps).It is of no surprise that Android has become the major target of malware.The rapid increase in the number of Android malware poses big threats to smart phone users such as financial charges,information collection,and remote control.Thus,the in-depth study of the security issues of mobile apps is of great importance to the sound development of the smart phone ecosystem.We first introduce the existing problems and challenges of malware analysis,and then summarize the widely-used benchmark datasets.After that,we divide the existing malware analysis methods into three categories,including signature-based methods,machine learning-based methods,and behavior-based methods.We further summarize the techniques used in each method,and compare and analyze the advantages and disadvantages of different techniques.Finally,combined with our own research foundation in malware analysis,we explore and discuss future research directions and challenges.