基于组合式算法的Android恶意软件检测方法

doi:10.11959/j.issn.1000-0801.2016253

Abstract

Abstract:

In order to solve the problems in applicability and usability of today's static malware detection method, a detection system was implemented by using the optimal classifier selected by a combined algorithm as the core. Firstly, the reverse engineering was used to extract the software feature, then the preliminary results of the classifier was got by multi-stage screening. A classifier evaluation was presented based on minimum risk Bayes. Using the new one as the core, the optimal classifier results was got by assignment. Finally, an Android malware detection system prototype was realized using the optimal results as the core. Experimental results show that the analysis accuracy of the proposed detection system was 86.4%, and does not depend on characteristics of the malicious code.

Key words: malware detection, feature selection, combined algorithm, minimum risk Bayes evaluation, dangerous permission combination

Hao CHEN,Sihan QING. Android malware detection method based on combined algorithm[J]. Telecommunications Science, 2016, 32(10): 15-21.

Figures/Tables 7

References 20

[1]	Alcatel-Lucent Motive security labs malware reports-H1 2015[R/OL]. (2015-0920) [2016-07-30]..
[2]	SHABTAI A . Malware detection on mobile devices[C]// The 11th International Conference on Mobile Data Management, May 23-26,2010, Kansas City, Missouri, USA. New Jersey:IEEE Press, 2010: 289-290.
[3]	王志国，侯银涛，石荣刚 . Android 智能手机系统的文件实时监控技术[J]. 计算机安全， 2009,12(12):42-44. WANG Z G , HOU Y T , SHI R G . The file real-time monitoring technology based on the android smart phone system[J]. Computer Security, 2009,12(12):42-44.
[4]	ENCK W , GILBERT P , CHUN B . TaintDroid: an information-flow tracking system for real-time privacy monitoring on smartphones[C]// 9th USENIX Symposium on Operating Systems Design and Implementation, October 4-6,2010, Vancouver, BC, Canada. New Jersey:IEEE Press, 2010.
[5]	冯博，戴航，慕德俊 . Android 恶意软件检测方法研究[J]. 计算机技术与发展， 2014,24(2):149-152. FENG B , DAI H , MU D J . A research of malware detection for android[J]. Computer Technology and Development, 2014,24(2):149-152.
[6]	卿斯汉 . Android 安全研究进展[J]. 软件学报， 2016,27(1):45-71. QING S H . Research progress on Android security[J]. Journal of Software, 2016,27(1):45-71.
[7]	DAVIES S , RUSSELL S . Np-completeness of searches for smallest possible feature sets[C]// AAAI Fall 94 Symposium on Relevance, July 31-August 4,1994, Seattle, Washington, USA. New Jersey:IEEE Press, 1994:37-39.
[8]	刘华文 . 基于信息熵的特征选择算法研究[D]．长春：吉林大学， 2010:21-28. LIU H W . A study on feature selection algorithms using information entropy[J]. Changchun:Jilin University, 2010:21-28.
[9]	SCHMIDT A , BYE R , SCHMIDT H , et al. Static analysis of executables for collaborative malware detection on android[C]// The 9th IEEE International Conference on Communications, June 14-18,2009, Dresden, Germany. New Jersey:IEEE Press, 2009: 1-5.
[10]	童振飞，杨庚 . Android平台恶意软件的静态行为检测[J]. 江苏通信：技术与实践， 2011:39-47. TONG Z F , YANG G . Static behavior detection of malware on android platform[J]. Jiangsu Communication: Technology Practice, 2011:39-47.
[11]	欧阳博宇，刘新，徐婵，等. 基于支持向量机的恶意软件行为评估系统[J]. 计算机应用， 2015,35(4):972-976,980 OUYANG B Y , LIU X , XU C , et al. Malware behavior assessment system based on support vector machine[J]. Journal of Computer Applications, 2015,35(4):972-976,980
[12]	计智伟，胡珉，尹建新 . 特征选择算法综述[J]. 电子设计工程， 2011,19(9):46-51. JI Z W , HU M , YIN J X . A survey of feature selection algorithm[J]. Electronic Design Engineering, 2011,19(9):46-51.
[13]	HUANG C , YANG D , CHUANG Y . Application of wrapper approach and composite classifier to the stock trend prediction[J]. Expert Systems with Application, 2008,4(34):2870-2878.
[14]	GALAR M , FERNANDEZ A , BARRENECHEA E , et al. A review on ensembles for the class imbalance problem: bagging-, boosting-, and hybrid-based approaches[J]. IEEE Transactions on Systems Man ＆ Cybernetics Part C, 2012,42(4):463-484.
[15]	中国互联网协会. 恶意软件定义细则[EB/OL]. (2007-06-15)[2006-07-01] .InternetSocietyofChina. Thedefinitionofmalicioussoftware[EB/OL]. (2007-06-15)[2006-07-01] .
[16]	CLAUD X . 移动安全这五年[EB/OL]. (2014-10-01) [2016-07-10] . XIAO C . Mobile security in 5 years[EB/OL]. (2014-10-01) [2016-07-10] .
[17]	UNUCHEK R . The most sophisticated android trojan[EB/OL]. (2013-06-06) [2016-07-10] .
[18]	GUYON I , ELISSEEFF A . An introduction to variable and feature selection[J]. Journal of Machine Learning Research, 2003(3): 1157-1182.
[19]	ZHANG R . ROC curve-threshold evaluation criteria[EB/OL]. (2012-03-16) [2016-07-30]. .
[20]	王科欣，徐辉 . 基于最小错误率与最小风险的贝叶斯分类比较与研究[J]. 科技信息， 2009(23):236-245. WANG K X , XU H . Comparative study on minimum error rate bayes and minimum risk bayes[J]. Science ＆ Technology Information, 2009(23):236-245.

Metrics

Recommended 0

No Suggested Reading articles found!

算法/样本	全部样本	样本1:1	样本5:1	样本10:1
IG	0.637 7	0.650 2	0.667 4	0.617 5
CE	0.514 3	0.630 9	0.466 2	0.535 5
Relief	0.590 6	0.529 9	0.608 8	0.550 1
ReliefF（5）	0.561 8	0.557 0	0.583 4	0.564 6
ReliefF（10）	0.585 3	0.530 8	0.598 0	0.584 1

算法/样本	全部样本	样本1:1	样本5:1	样本10:1
IG	0.689 1	0.701 5	0.707 8	0.654 0
CE	0.522 8	0.630 9	0.468 5	0.545 6
Relief	0.651 3	0.576 7	0.664 9	0.597 8
ReliefF（5）	0.610 8	0.594 9	0.638 2	0.611 8
ReliefF（10）	0.647 6	0.557 4	0.649 3	0.638 3

样本比例	算法	AUC	SUF	精度
全部样本	IG	0.637 7	5.984 8	0.865 1
	CE	0.514 3	5.997 4	0.861 3
	Relief	0.590 6	6.104 9	0.815 6
	ReliefF（5）	0.561 8	6.038 1	0.844 6
	eliefF（10）	0.585 3	5.944 3	0.846 9
样本1:1	IG	0.650 2	1.753 2	0.722 0
	CE	0.630 9	1.683 7	0.814 6
	Relief	0.529 9	1.772 7	0.659 7
	ReliefF（5）	0.557 0	1.713 6	0.712 4
	eliefF（10）	0.530 8	1.755 7	0.714 0
样本5:1	IG	0.667 4	5.618 6	0.893 3
	CE	0.466 2	5.609 6	0.901 6
	Relief	0.608 8	5.659 5	0.860 0
	ReliefF（5）	0.583 4	5.614 3	0.867 5
	eliefF（10）	0.598 0	5.625 2	0.877 5
样本10:1	IG	0.617 5	4.979 2	0.940 0
	CE	0.535 5	4.983 2	0.941 8
	Relief	0.550 1	5.156 1	0.918 1
	ReliefF（5）	0.564 6	4.983 0	0.934 5
	eliefF（10）	0.584 1	4.993 0	0.931 8

算法/样本	全部样本	样本1:1	样本5:1	样本10:1
IG	5.896 6	1.725 2	5.482 8	0.992 9
CE	5.935 4	1.683 7	5.595 9	4.876 0
Relief	6.008 9	1.757 3	5.480 1	5.037 3
ReliefF（5）	6.003 6	1.680 2	5.460 9	4.859 8
ReliefF（10）	5.825 0	1.753 2	5.464 5	4.867 1

样本	全部样本	样本1:1	样本5:1	样本10:1
样本	AUC精度SUF精度	AUC精度SUF精度	AUC精度SUF精度	AUC精度SUF精度
IG	0.864 40.864 4	0.722 70.706 0	0.844 60.849 2	0.790 50.859 8
CE	0.795 80.794 3	0.830 10.830 1	0.858 30.859 1	0.858 30.792 8
Relief	0.761 60.849 9	0.745 60.767 7	0.775 30.779 8	0.776 00.779 1
ReliefF（5）	0.785 90.787 5	0.788 20.853 0	0.782 90.848 4	0.788 20.789 0
ReliefF（10）	0.779 10.789 0	0.787 50.855 2	0.780 60.785 2	0.784 40.853 7

Android malware detection method based on combined algorithm

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 20

Related Articles 11

Metrics

Recommended 0

[1]	Guoqing LIU, Xingqi WANG, Dan WEI, Jinglong FANG, Yanli SHAO. Feature selection method for software defect number prediction based on maximum information coefficient [J]. Telecommunications Science, 2021, 37(5): 133-147.
[2]	Feng LIN,Liujing XU,Xiaohua CHEN,Weiqiang QI,Ke CHEN,Tiantian ZHU. Method of Webshell detection based on multi-view feature fusion [J]. Telecommunications Science, 2020, 36(6): 125-132.
[3]	Tieming CHEN, Binbin XIANG, Mingqi LV, Bo CHEN, Xie JIANG. Android malware detection method based on byte-code image and deep learning [J]. Telecommunications Science, 2019, 35(1): 9-17.
[4]	Jianwu ZHANG,Jiajia YANG,Zhendong WU. Method of fingerprint and voiceprint based decision level fusion recognition [J]. Telecommunications Science, 2018, 34(3): 32-40.
[5]	Mingxin LIU,Jing CHEN,Qiyuan WANG. Research on text sentiment classification based on improved feature selection method [J]. Telecommunications Science, 2018, 34(10): 85-95.
[6]	Chunqin ZANG,Lichun XIE. Network intrusion detection method based on improved FCM and rule parameter optimization in cloud environment [J]. Telecommunications Science, 2018, 34(1): 72-79.
[7]	Xiaoyuan XU,Li HUANG. A feature selection method based on instance learning and cooperative subset search [J]. Telecommunications Science, 2017, 33(6): 105-113.
[8]	Lingyan Bian,Renlong He,Xiaohui Yao. Research on URL Classification with DPI Data Mining and Related Technology [J]. Telecommunications Science, 2013, 29(11): 6-11.
[9]	Huijuan Lu,Jinwei Zhang,Jinwei Zhang,Jinwei Zhang,Xiaoping Ma,Xiaobing Yang. Study of Over-Sampling Method Based on Feature Selection [J]. Telecommunications Science, 2012, 28(1): 91-95.
[10]	Lu Huijuan,Zhang Jinwei,Ma Xiaoping and Yang Xiaobing. Study of Over-Sampling Method Based on Feature Selection [J]. Telecommunications Science, 2012, 28(1): 87-91.
[11]	Haining Wang,Shouqian Sun,Jianfeng Wu. Research on Emotion Recognition with Physiological Signals Based on Hybrid Intelligent Optimization Algorithm [J]. Telecommunications Science, 2010, 26(9): 129-135.