The domination of the Android operating system in the market share of smart terminals has engendered increasing threats of malicious applications (apps). Research on Android malware detection has received considerable...The domination of the Android operating system in the market share of smart terminals has engendered increasing threats of malicious applications (apps). Research on Android malware detection has received considerable attention in academia and the industry. In particular, studies on malware families have been beneficial to malware detection and behavior analysis. However, identifying the characteristics of malware families and the features that can describe a particular family have been less frequently discussed in existing work. In this paper, we are motivated to explore the key features that can classify and describe the behaviors of Android malware families to enable fingerprinting the malware families with these features. We present a framework for signature-based key feature construction. In addition, we propose a frequency-based feature elimination algorithm to select the key features. Finally, we construct the fingerprints of ten malware families, including twenty key features in three categories. Results of extensive experiments using Support Vector Machine demonstrate that the malware family classification achieves an accuracy of 92% to 99%. The typical behaviors of malware families are analyzed based on the selected key features. The results demonstrate the feasibility and efFectiveness of the presented algorithm and fingerprinting method.展开更多
With the widespread application of Android smartphones,privacy protection plays a crucial role.Android vault application provides content hiding on personal terminals to protect user privacy.However,some vault applica...With the widespread application of Android smartphones,privacy protection plays a crucial role.Android vault application provides content hiding on personal terminals to protect user privacy.However,some vault applications do not achieve real privacy protection,and its camouflage ability can be maliciously used to hide illegal information to avoid forensics.In order to solve these two issues,behavior analysis is conducted to compare three aspects of typical vaults in the third-party market.The conclusions and recommendations were given.Support Vector Machine(SVM)was used to distinguish vault from normal applications.Extensive experiments show that SVM can achieve 93.33%classification accuracy rate.展开更多
基金the Scientific Research Foundation through the Returned Overseas Chinese Scholars, Ministry of Education of China (K14C300020)in part by Shanghai Key Laboratory of Integrated Administration Technologies for Information Security (AGK2015002)in part by ZTE Corporation Foundation, and in part by the National Natural Science Foundation of China (Grant No. 61672092).
文摘The domination of the Android operating system in the market share of smart terminals has engendered increasing threats of malicious applications (apps). Research on Android malware detection has received considerable attention in academia and the industry. In particular, studies on malware families have been beneficial to malware detection and behavior analysis. However, identifying the characteristics of malware families and the features that can describe a particular family have been less frequently discussed in existing work. In this paper, we are motivated to explore the key features that can classify and describe the behaviors of Android malware families to enable fingerprinting the malware families with these features. We present a framework for signature-based key feature construction. In addition, we propose a frequency-based feature elimination algorithm to select the key features. Finally, we construct the fingerprints of ten malware families, including twenty key features in three categories. Results of extensive experiments using Support Vector Machine demonstrate that the malware family classification achieves an accuracy of 92% to 99%. The typical behaviors of malware families are analyzed based on the selected key features. The results demonstrate the feasibility and efFectiveness of the presented algorithm and fingerprinting method.
基金the 13th Five-Year Science and Technology Research Project of the Education Department of Jilin Province under Grant No.JJKH20200794KJthe Innovation Fund of Changchun University of Science and Technology under Grant No.XJJLG-2018-09the fund of Key Laboratory of Symbolic Computation and Knowledge Engineering of Ministry of Education(Jilin University)under Grant No.93K172018K05.
文摘With the widespread application of Android smartphones,privacy protection plays a crucial role.Android vault application provides content hiding on personal terminals to protect user privacy.However,some vault applications do not achieve real privacy protection,and its camouflage ability can be maliciously used to hide illegal information to avoid forensics.In order to solve these two issues,behavior analysis is conducted to compare three aspects of typical vaults in the third-party market.The conclusions and recommendations were given.Support Vector Machine(SVM)was used to distinguish vault from normal applications.Extensive experiments show that SVM can achieve 93.33%classification accuracy rate.