摘要
大数据背景下Android软件窃取用户个人信息的问题愈发严峻。针对现有隐私泄露检测方法中静态分析误报率较高和动态分析容易出现漏检的问题,提出了一种基于静态和动态特征相结合的隐私泄露检测方法。融合应用程序中提取的多维度静态特征和动态特征,使用梯度下降算法为SVM,RF,XGBoost,LightGBM和CatBoost分配最优权重,通过集成学习加权投票来检测隐私泄露风险。对2951个应用进行实验分析,结果表明该方法的精确率达到了95.14%,明显优于仅使用单一特征和单一分类器,可以有效检测Android应用的隐私泄露风险。
Under the background of big data,the problem of Android software stealing users’personal information is becoming more and more serious.Aiming at the problems of high false positive rate in static analysis and easy missing in dynamic analysis,a privacy disclosure detection method based on the combination of static and dynamic features is proposed.The multi-dimensional static features and dynamic features extracted from the application are fused,and the gradient descent algorithm is used to allocate optimal weights for SVM,RF,XGBoost,LightGBM and CatBoost,and the risk of privacy disclosure is detected by integrated learning weighted voting.Through the experimental analysis of 2951 applications,the accuracy rate of this method reaches 95.14%,which is obviously better than a single feature and a single classifier,and can effectively detect the privacy disclosure risk of Android applications.
作者
丁旭辉
张琳琳
赵楷
王旭升
DING Xuhui;ZHANG Linlin;ZHAO Kai;WANG Xusheng(College of Information Science and Engineering,Xinjiang University,Urumqi 830046,China;College of Software,Xinjiang University,Urumqi 830046,China)
出处
《计算机科学》
CSCD
北大核心
2023年第10期327-335,共9页
Computer Science
基金
新疆维吾尔自治区自然科学基金(2022D01C429,2022D01C427)
国家自然科学基金(12061071)
新疆维吾尔自治区重点研发项目(2022B03023)。
