In order to solve the problem that me traditional signature-based detection technology cannot effectively detect unknown malware, we propose in this study a smartphone malware detection model (SP-MDM) based on artif...In order to solve the problem that me traditional signature-based detection technology cannot effectively detect unknown malware, we propose in this study a smartphone malware detection model (SP-MDM) based on artificial immune system, in which static malware analysis and dynamic malware analysis techniques are combined, and antigens are generated by encoding the characteristics extracted from the malware. Based on negative selection algorithm, the mature detectors are generated. By introducing clonal selection algorithm, the detectors with higher affinity are selected to undergo a proliferation and somatic hyper-mutation process, so that more excellent detector offspring can be generated. Experimental result shows that the detection model has a higher detection rate for unknown smartphone malware, and better detection performance can be achieved by increasing the clone generation.展开更多
Mobile malware is rapidly increasing and its detection has become a critical issue. In this study, we summarize the common characteristics of this inalicious software on Android platform. We design a detection engine ...Mobile malware is rapidly increasing and its detection has become a critical issue. In this study, we summarize the common characteristics of this inalicious software on Android platform. We design a detection engine consisting of six parts: decompile, grammar parsing, control flow and data flow analysis, safety analysis, and comprehensive evaluation. In the comprehensive evaluation, we obtain a weight vector of 29 evaluation indexes using the analytic hierarchy process. During this process, the detection engine exports a list of suspicious API. On the basis of this list, the evaluation part of the engine performs a compre- hensive evaluation of the hazard assessment of software sample. Finally, hazard classification is given for the software. The false positive rate of our approach for detecting rnalware samples is 4. 7% and normal samples is 7.6%. The experimental results show that the accuracy rate of our approach is almost similar to the method based on virus signatures. Compared with the method based on virus signatures, our approach performs well in detecting unknown malware. This approach is promising for the application of malware detection.展开更多
基金This work was supported in part by National Natural Science Foundation of China under Grants No.61101108,National S&T Major Program under Grants No.2011ZX03002-005-01
文摘In order to solve the problem that me traditional signature-based detection technology cannot effectively detect unknown malware, we propose in this study a smartphone malware detection model (SP-MDM) based on artificial immune system, in which static malware analysis and dynamic malware analysis techniques are combined, and antigens are generated by encoding the characteristics extracted from the malware. Based on negative selection algorithm, the mature detectors are generated. By introducing clonal selection algorithm, the detectors with higher affinity are selected to undergo a proliferation and somatic hyper-mutation process, so that more excellent detector offspring can be generated. Experimental result shows that the detection model has a higher detection rate for unknown smartphone malware, and better detection performance can be achieved by increasing the clone generation.
基金supported by Major National Science and Technology Projects(No.3) under Grant No. 2012ZX03002012
文摘Mobile malware is rapidly increasing and its detection has become a critical issue. In this study, we summarize the common characteristics of this inalicious software on Android platform. We design a detection engine consisting of six parts: decompile, grammar parsing, control flow and data flow analysis, safety analysis, and comprehensive evaluation. In the comprehensive evaluation, we obtain a weight vector of 29 evaluation indexes using the analytic hierarchy process. During this process, the detection engine exports a list of suspicious API. On the basis of this list, the evaluation part of the engine performs a compre- hensive evaluation of the hazard assessment of software sample. Finally, hazard classification is given for the software. The false positive rate of our approach for detecting rnalware samples is 4. 7% and normal samples is 7.6%. The experimental results show that the accuracy rate of our approach is almost similar to the method based on virus signatures. Compared with the method based on virus signatures, our approach performs well in detecting unknown malware. This approach is promising for the application of malware detection.
