基于权限与行为的Android恶意软件检测研究

doi:10.11959/j.issn.2096-109x.2017.00159

Abstract

Abstract:

For the Android platform malicious application,a method of mapping behavior to privilege characteristics by combining static privilege feature analysis and dynamic behavior analysis was proposed,and association analysis algorithm was used to dig out the association rules between privilege features.Feature as a naive Bayesian classification algorithm input,a malicious application detection model was established.Finally,the experiment verify the effectiveness and accuracy of the method.

Key words: Android system, security mechanism, permissions feature, classifier

CLC Number:

TP309

Xiao-min ZHANG,Jing LUI,Jun-xi ZHUANG,Ying-xu LAI. Research on Android malware detection based on permission and behavior[J]. Chinese Journal of Network and Information Security, 2017, 3(3): 51-57.

Figures/Tables 11

References 14

[1]	Strategy analytics:Android captures record 88 percent share of global smartphone shipments in Q3 2016[EB/OL]. .
[2]	2016年第三季度中国互联网安全报告[EB/OL]. .
	The Chinese Internet security reportin the third quarter of 2016[EB/OL]. .
[3]	张怡婷, 张扬, 张涛 ,等. 基于朴素贝叶斯的 Android 软件恶意行为智能识别[J]. 东南大学学报, 2015,45(2): 224-230.
	ZHANG Y T , ZHANG Y , ZHANG T ,et al. Based on naive bayesian Android software malicious behavior intelligent identification[J]. Journal of Southeast University, 2015,45(2): 224-230.
[4]	陈宏伟 . 基于关联分析的 Android 权限滥用攻击检测系统研究[D]. 合肥：中国科学技术大学, 2016.
	CHEN H W . Research on Android rights abuse attack detection system based on correlation analysis[D]. Hefei:China University of Science and Technology, 2016.
[5]	张锐, 杨吉云 . 基于权限相关性的 Android 恶意软件检测[J]. 计算机应用, 2014,34(5): 1322-1325.
	ZHANG R , YANG J Y . Android malware detection based on permission relevance[J]. Journal of Computer Applications, 2014,34(5): 1322-1325.
[6]	黄梅根, 曾云科 . 基于权限组合的Android窃取隐私恶意应用检测方法[J]. 计算机应用与软件, 2016,33(9): 320-333.
	HUANG M G , ZENG Y K . Based on the combination of authority Android steal privacy application detection method[J]. Computer Applications and Software, 2016,33(9): 320-333.
[7]	ENCK W , GILBERT P , CHUN B G ,et al. TaintDroid:an information flow tracking system for real-time privacy monitoring on smartphones[C]// Usenix Symposium on Operating Systems Design and Implementation(OSDI 2010). 2010: 393-407.
[8]	ZHANG Y , YANG M , XU B ,et al. Vetting undesirable behaviors in Android apps with permission use analysis[C]// The 20th ACM Conference on Computer and Communications Security. 2013: 611-622.
[9]	The developer’s guide[EB/OL]. .
[10]	杨欢, 张玉清, 胡予濮 ,等. 基于权限频繁模式挖掘算法的Android恶意应用检测方法[J]. 通信学报, 2013,34(Z1): 106-115.
	YANG H , ZHANG Y Q , HU Y P ,et al. Android malicious application detection method based on privilege frequent pattern mining algorithm[J]. Journal on Communications, 2013,34(Z1): 106-115.
[11]	HUANG J J , ZHANG X Y TAN L . Detecting sensitive data disclosure via bi-directional text correlation analysis[C]// The 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. 2016: 169-180.
[12]	AKSHAY N , PRATEEK S . The curse of 140 characters:evaluating the efficacy of SMS spam detection on Android[C]// The 3rd ACM workshop on Security and Privacy in Smartphones ＆ Mobile Devices. 2013: 33-42.
[13]	蔡泽廷, 姜梅 . 基于权限的朴素贝叶斯Android恶意软件检测研究[J]. 电脑知识与技术, 2013,9(14): 3288-3291.
	CAI Z T , JIANG M . Research on naive bayesian Android malware detection based on permission[J]. Computer Knowledge and Technology, 2013,9(14): 3288-3291.
[14]	VirusShare.com.Beacause sharing is caring[EB/OL]. .

Metrics

Recommended 0

No Suggested Reading articles found!

行为	权限特征
crypto	GET_ACCOUNTS
net_write	WRITE_CONTACTS
net_read	READ_PHONE_STATE、READ_CONTACTS
net_open	INTERNET、ACCESS_COARSE_LOCATION
file_write	WRITE_EXTERNAL_STORAGE、WRITE_CALENDAR
file_read	READ_EXTERNAL_STORAGE、READ_CALENDAR
leak	ACCESS_FINE_LOCATION、CAMERA
sms	READ_SMS、RECEIVE_SMS、SEND_SMS、RECEIVE_WAP_PUSH、RECEIVE_MMS
call	CALL_PHONE、READ_CALL_LOG、WRITE_CALL_LOG、ADD_VOICEMAIL、PROCESS_OUTGOING_CALLS
service	RECORD_AUDIO、USE_SIP
dexload	BODY_SENSORS

应用类型	训练集数目	测试集数目	来源
恶意应用	2 770	2 771	VirusShare^[14]
正常应用	2 718	2 719	Google Play

衡量指标			组号			平均值
衡量指标	1	2	3	4	5	平均值
TPR	79.42%	84.66%	78.52%	81.23%	81.44%	81.05%
FPR	11.05%	10.29%	14.15%	12.87%	11.40%	11.95%
ACC	84.14%	87.16%	82.15%	84.15%	84.99%	84.52%

衡量指标			组号			平均值
衡量指标	1	2	3	4	5	平均值
TPR	86.64%	85.74%	87.55%	82.12%	83.94%	85.10%
FPR	9.21%	8.27%	11.03%	11.95%	7.17%	9.53%
ACC	88.70%	88.71%	88.25%	85.06%	88.26%	87.80%

权限组合	支持度	置信度
READ_PHONE_STATE+INTERNET+SEND_SMS	0.21	0.86
INTERNET+WRITE_EXTERNAL_STORAGE+WRITE_CALENDAR	0.29	0.85
INTERNET+READ_EXTERNAL_STORAGE	0.25	0.85
ACCESS_FINE_LOCATION+INTERNET+GET_ACCOUNTS	0.40	0.82
INTERNET+READ_PHONE_STATE+RECORD_AUDIO	0.33	0.81

Research on Android malware detection based on permission and behavior

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 14

Related Articles 4

Metrics

Recommended 0

[1]	Yu ZHANG, Hailiang LI. RSA-based image recognizable adversarial attack method [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 40-48.
[2]	Bin ZHANG,Zihao LIU,Shuqin DONG,Lixun LI. App-DDoS detection method using partial binary tree based SVM algorithm [J]. Chinese Journal of Network and Information Security, 2018, 4(3): 24-34.
[3]	Hui ZHANG,Cheng LIU. Anomaly intrusion detection based on modified SVM [J]. Chinese Journal of Network and Information Security, 2016, 2(8): 68-73.
[4]	Jing-qiang LIU,Bin LI,Li-zhang CHEN,Bin CHEN. Research based on the method of Android system active defense without Root permission [J]. Chinese Journal of Network and Information Security, 2016, 2(1): 65-73.

权限组合	支持度	置信度
INTERNET+FLASHLIGHT+CHANGE_CONFIGURATION	0.23	0.88
RECEIVE_SMS+INTERNET+VIBRATE	0.30	0.86
INTERNET+SET_WALLPAPER+ACCESS_COARSE_LOCATION	0.21	0.84
INTERNET+ACCESS_WIFI_STATE+RESTART_PACKAGES	0.34	0.83
INTERNET+GET_TASKS+WRITE_SETTINGS	0.28	0.80

衡量指标			组号			平均值
衡量指标	1	2	3	4	5	平均值
TPR	87.73%	87.36%	88.23%	85.74%	86.13%	87.04%
FPR	8.66%	7.72%	10.48%	10.85%	7.00%	8.94%
ACC	89.52%	89.80%	88.89%	87.43%	89.54%	89.03%

衡量指标			组号			平均值
衡量指标	1	2	3	4	5	平均值
TPR	90.25%	90.61%	91.16%	89.35%	89.78%	90.22%
FPR	6.62%	6.43%	6.99%	7.35%	6.45%	6.78%
ACC	91.70%	92.17%	92.08%	90.98%	91.63%	91.71%