基于权限的安卓恶意软件检测方法

信息安全研究 ›› 2017, Vol. 3 ›› Issue (9): 817-822.

基于权限的安卓恶意软件检测方法

李剑

北京邮电大学计算机学院

收稿日期:2017-09-07 出版日期:2017-09-15 发布日期:2017-09-06
通讯作者: 李剑
作者简介:李剑（1977-），博士，副教授，博士生导师，主要研究方向为智能网络安全、量子密码学、信息内容安全；

Detection Method of Android Malware by Using Permission

Received:2017-09-07 Online:2017-09-15 Published:2017-09-06

摘要/Abstract

摘要： 为了提高安卓恶意软件检测效率，文章提出了一种基于权限的安卓恶意软件检测方法。通过构建自动化特征提取过程来提取安卓应用中的权限特征，使用信息增益来生成数据集。结合无监督(K-Means)以及有监督(随机森林、分类回归树、J48)机器学习算法，将安卓应用划分为正常软件、短信木马、间谍软件、RootExploit、僵尸网络。正常软件从官方市场手动下载，恶意软件从VirusTotal、Contagio下载。实验结果表明该检测方法准确率达到97%，误报率为0.6%。该方法可以有效地检测出不同类型的安卓恶意软件。

关键词: 安卓, 恶意软件, 机器学习, 无监督, 有监督

Abstract: In order to improve the efficiency of android malware detection, the method based on permission to detect android malware was proposed. To extract the feature of permission by building an automated feature extraction process. To generate datasets by using the information obtained from the feature extraction process. To detect android applications into different types of android applications (Normal, SMS Trojan, Spyware, RootExploit, Botnet) by combining unsupervised machine learning (K-Means clustering) and supervised machine (Random Forest(RF), Classification and Regression Tree(CART) and J48) algorithm. Normal applications have manually been downloaded from official markets and malware have been downloaded from Virustotal and Contagio. The experiment result showed that the proposed method can get a better accuracy about 97% and lower false positive rate about 0.6%. The proposed method can be effective to detect different types of android malware types.

Key words: android, malware, machine learning, unsupervised, supervised

李剑. 基于权限的安卓恶意软件检测方法[J]. 信息安全研究, 2017, 3(9): 817-822.

参考文献

[1] B. Sanz, I. Santos, C. Laorden, et al. PUMA: Permission Usage to Detect Malware in Android[C]//Proc of International Joint Conference CISIS’12-ICEUTE´12-SOCO´12 Special Sessions. Berlin: Springer, 2013: 289-298 [2] Y Aafer, W Du, H. Yin. DroidAPIMiner: Mining API-level features for robust malware detection in andoid[C]//Proc of International Conference on Security and Privacy in Communication Systems. Cham: Springer, 2013: 86-103 [3] S. Rosen, Z. Qian, Z. Morley Mao. Appprofler: a ﬂexible method of exposing privacy-related behavior in android applications to end users[C]//Proc of the 3th ACM conference on Data and application security and privacy. New York: ACM, 2013:221-232 [4] A.-D. Schmidt, R. Bye, H.-G. Schmidt, et al. Static analysis of executables for collaborative malware detection on android[C]//Proc of Communications ICC’09. Dresden: IEEE, 2009 [5] Wu, D.-J., et al. DroidMat: Android Malware Detection through Manifest and API Calls Tracing[C]//Proc of the 7th Asia Joint Conference in Information Security (Asia JCIS). Tokyo: IEEE, 2012 [6] T. Abou-Assaleh, N. Cercone, V. Keselj, et al. N-gram Based Detection of New Malicious Code[C]//Proc of the 28th Annual International Computer Software and Applications Conference. DC: IEEE, 2004 [7] J.Z. Kolter, M.A. Maloof. Learning to detect malicious executables in the wild[C]//Proc of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining. New York:ACM,2004:470-478 [8] Yajin Zhou, Zhi Wang, Wu Zhou, et al. Hey,you,get off of my market: Detecting malicious apps in official and alternative android markets[C]//Proc of the 19th Annual Network and Distributed System Security Symposium. San Diego: Internet Society, 2012 [9] D. Barrera, H. G. Kayacik, P. C. van Oorschot, et al. A methodology for empirical analysis of permission-based security models and its application to android[C]//Proc of the 17th ACM conference on Computer and communications security. New York: ACM, 2010 [10] 孙伟. 一种静态Android重打包恶意应用检测方法[J]. 信息安全研究, 2017, 3(8): 692-700. [11] I. Burguera, I. Burguera, U.Z., Nadijm-Tehrani, S.. Crowdroid: Behavior-Based Malware Detection System for Android[C]//Proc of the 1st ACM workshop on Security and privacy in smartphones and mobile devices. New York: ACM, 2011 [12] William Enck, Peter Gilbert, Byung-Gon Chun, et al. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones[C]//Proc of the 9th USENIX conference on Operating systems design and implementation. CA:USENIX Association Berkeley, 2010 [13] C. Bishop. Pattern Recognition and Machine Learning[M]. New York: Springer, 2006 [14] O. Chapelle, B. Scholkopf, and A. Zien. Semi-supervised Learning[M]. Cambridge: MIT press, 2006

[1]	钟越付迪阳. Android应用程序隐私权限安全研究[J]. 信息安全研究, 2021, 7(3): 287-292.
[2]	刘林刘亮张磊吴润浦. Android应用威胁等级评估技术的设计与实现 [J]. 信息安全研究, 2021, 7(1): 27-36.
[3]	李仁杰华驰鲁志萍. 基于FP-growth优化SVM分类器的XSS攻击检测研究[J]. 信息安全研究, 2020, 6(9): 0-0.
[4]	张慧王钰成舸向银杉郑方. 基于“声纹＋”的无监督可信身份认证[J]. 信息安全研究, 2020, 6(7): 615-621.
[5]	蹇诗婕卢志刚姜波刘玉岭刘宝旭. 基于层次聚类方法的流量异常检测[J]. 信息安全研究, 2020, 6(6): 0-0.
[6]	肖喜生彭凯飞龙春魏金侠赵静. 基于人工智能的安全态势预测技术研究综述[J]. 信息安全研究, 2020, 6(6): 0-0.
[7]	戴纯兴刘刚韩春超王传国. KVM环境下基于异常行为的恶意软件检测技术研究[J]. 信息安全研究, 2020, 6(6): 0-0.
[8]	杨频潘岳镭贾鹏刘亮. 基于汇编指令词向量特征的恶意软件检测研究[J]. 信息安全研究, 2020, 6(2): 113-121.
[9]	黄莉峥刘嘉勇郑荣锋李孟铭. 一种基于暗网的威胁情报主动获取框架[J]. 信息安全研究, 2020, 6(2): 131-138.
[10]	李创丰李云龙孙伟. 基于CNN和朴素贝叶斯方法的安卓恶意应用检测算法[J]. 信息安全研究, 2019, 5(6): 470-476.
[11]	马泽辉. 基于逻辑回归算法的Webshell检测方法研究[J]. 信息安全研究, 2019, 5(4): 298-302.
[12]	唐其彪杨勃潘利民. 基于机器学习的防扫描技术研究[J]. 信息安全研究, 2019, 5(4): 303-308.
[13]	朱雪冰周安民左政. 基于家族行为频繁子图挖掘的恶意代码检测[J]. 信息安全研究, 2019, 5(2): 105-113.
[14]	刘正宵段丁阳唐志浩符天枢. 基于稳定风险特征选择的支付风险识别模型[J]. 信息安全研究, 2019, 5(10): 858-864.
[15]	何平胡勇. 一种基于本地代码特征的Android恶意代码检测方法[J]. 信息安全研究, 2018, 4(6): 511-517.