摘要
目前, Android应用市场大多数应用程序均采取加壳的方法保护自身被反编译,使得恶意应用的检测特征只能基于权限等来源于AndroidManifest.xml配置文件.基于权限等特征的机器学习分类算法因为恶意应用与良性应用差异性变小导致检测效果不理想.如果将更加细粒度的应用程序调用接口(Application Program Interface,API)作为特征,会因为应用程序加壳的原因造成正负样本数量的严重失衡.针对上述问题,本文将大量的恶意应用作为训练样本,将良性应用样本作为新颖点,采用单分类SVM算法建立恶意应用的检测模型.相比于二分类监督学习,该方法能有效地检测出恶意应用和良性应用,具有现实意义.
At present,most benign applications in the Android market adopt a shelling method to protect themselves from being decompiled so that the detection of malicious applications can only rely on the permissions from AndroidMnifest.xml.However,the machine-learning-based classification algorithm based on permission features has a poor detection effect because of a small difference between malicious applications and benign applications.If a more fine-grained Application Program Interface(API)is taken as a feature,a serious imbalance in the number of positive and negative samples will be caused due to application shelling.In response to the above problems,with a large number of malicious applications as training samples and some benign applications as the point of novelty,we use the one-class SVM algorithm to establish a detection model for malicious applications.Compared with two-class supervised learning,this method can effectively distinguish malicious applications from benign applications,which has practical significance.
作者
管峻
毛保磊
刘慧英
GUAN Jun;MAO Bao-Lei;LIU Hui-Ying(School of Automation,Northwestern Polytechnical University,Xi’an 710072,China;Zhengzhou University,Zhengzhou 450001,China)
出处
《计算机系统应用》
2021年第6期148-153,共6页
Computer Systems & Applications
基金
河南省高等学校重点科研项目(21A520041)。
关键词
安卓
单分类算法
支持向量机
恶意应用检测
Android
one class learning
Support Vector Machine(SVM)
malware detection
