摘要
Android广告应用对用户正常使用Android手机构成了威胁,传统的广告应用检测方法时间成本高且受限于动态特征,难以满足大规模、高精度的检测需求。为解决此问题,文章提出一种基于改进随机森林的Android广告应用静态检测方法。首先,基于广告应用的特点,文章在传统的应用程序编程接口、权限、意图的基础上,将第三方库纳入特征选择的范围;对数据集中的广告软件的APK提取静态信息进行统计学分析,筛选后确定基准特征集合,将APK特征向量化;然后基于集成思想,利用多种特征选择算法共同选择用于模型训练的特征并赋予特征权重;最后使用基于特征权重的改进随机森林算法提高分类器的性能。实验选取了5751个广告应用和3465个非广告应用进行分类检测,实验结果表明,该方法能在保证准确率的情况下,具有较快的检测速度。
Android adware shows advertisement in a disruptive way, and has the possibility to further transform into malware which posed a serious threat to user’s smartphone. The traditional adware detection method has high time costs and depends on dynamic feature of Android adware,making it difficult to respond to large-scale, high-precision detection requirements. To solve this problem, an Android adware static detection method based on improved random forest algorithm was proposed. Based on the characteristics of android adware, on the basis of traditional application programming interface, permission and intent, the third party library was included in the scope of feature selection. Statically decompile all the APK of adware collected in the dataset and extract the static information from them, and the static information was statistically analyzed to obtain the highfrequency information. After filtering this information, the base feature set was determined, and the static information in each APK was extracted and transforms into the feature vector, based on the idea of ensemble, used a variety of feature selection algorithms to joinly select features for model training and gave feature weights. Finally, the improved random forest algorithm based feature weights was used to improve the accuracy of the classifier, 5751 adware and 3465 non-adware application were selected for classification detection. The experimental results prove that the method has a faster speed while ensuring the accuracy.
作者
胡智杰
陈兴蜀
袁道华
郑涛
HU Zhijie;CHEN Xingshu;YUAN Daohua;ZHENG Tao(School of Computer Science,Sichuan University,Chengdu 610065,China;School of Cyber Science andEngineering,Sichuan University,Chengdu 610207,China)
出处
《信息网络安全》
CSCD
北大核心
2023年第2期85-95,共11页
Netinfo Security
基金
国家自然科学基金[U19A2081,61802270,61802271]
教育部-中国移动科研基金[CM20200409]
四川大学工科特色团队项目[2020SCUNG129]。