Journal on Communications ›› 2013, Vol. 34 ›› Issue (Z1): 106-115.doi: 10.3969/j.issn.1000-436x.2013.z1.014
• Academic paper • Previous Articles Next Articles
Huan YANG1,Yu-qing ZHANG1,2,Yu-pu HU1,Qi-xu LIU2
Online:
2013-08-25
Published:
2017-06-23
Supported by:
Huan YANG,Yu-qing ZHANG,Yu-pu HU,Qi-xu LIU. Android malware detection method based on permission sequential pattern mining algorithm[J]. Journal on Communications, 2013, 34(Z1): 106-115.
"
迭代次数 | 侯选权限项集 | 计数 | S/% | 选择 |
{ ACCESS_NETWORK_STATE } | 2 | 50 | 取 | |
{ READ_PHONE_STATE } | 3 | 75 | 取 | |
第一次 | { ACCESS_FINE_LOCATION } | 1 | 25 | 舍 |
{ INTERNET } | 3 | 75 | 取 | |
{ SEND_SMS } | 3 | 75 | 取 | |
{ ACCESS_NETWORK_STATE,INTERNET } | 1 | 25 | 舍 | |
{ ACCESS_NETWORK_STATE,READ_PHONE_STATE } | 2 | 50 | 取 | |
第二次 | { ACCESS_NETWORK_STATE,SEND_SMS } | 1 | 25 | 舍 |
{ INTERNET,READ_PHONE_STATE } | 2 | 50 | 取 | |
{ INTERNET,SEND_SMS } | 3 | 75 | 取 | |
{ READ_PHONE_STATE,SEND_SMS } | 2 | 50 | 取 | |
第三次 | { INTERNET,READ_PHONE_STATE,SEND_SMS } | 2 | 50 | 取 |
"
序号 | 权限规则 |
1 | SET_DEBUG_APP |
2 | READ_PHONE_STATE, RECORD_AUDIO, INTERNET |
3 | PROCESS_OUTGOING_CALL, RECORD_AUDIO, INTER-NET |
4 | ACCESS_FINE_LOCATION, INTERNET, RECEIVE_BOOT_COMPLETE |
5 | ACCESS_COARSE_LOCATION, INTERNET, RECEIVE_BOOT_COMPLETE |
6 | RECEIVE_SMS, WRITE_SMS |
7 | SEND_SMS, WRITE_SMS |
8 | INSTALL_SHORTCUT, UNINSTALL_SHORTCUT |
9 | SET_PREFERRED_APPLICATION |
"
恶意代码族 | DroidRanger得出的敏感权限 | 本文方法得出的极大频繁权限项集 |
ADRD | INTERNET, ACCESS_NETWORK_STATE, RECEIVE_BOOT_COMPLETED | INTERNET, ACCESS_NETWORK_STATE, MODIFY_PHONE_STATE, READ_PHONE_STATE, RECEIVE_BOOT_COMPLETED, WRITE_APN_SETTINGS, WRITE_EXTERNAL_STORAGE |
Bgserv | INTERNET, RECEIVE_SMS, SEND_SMS | INTERNET, RECEIVE_SMS, ACCESS_WIFI_STATE, WAKE_LOCK, ACCESS_NETWORK_STATE, SEND_SMS, RECEIVE_BOOT_COMPLETED, READ_ PHONE_STATE, BROADCAST_SMS, CHANGE_NETWORK_STATE, ACCESS_COARSE_LOCATION, ACCESS_FINE_LOCATION, WRITE_EXTERNAL_STORAGE, |
DroidDream | CHANGE_WIFI_STATE | INTERNET, CHANGE_WIFI_STATE, ACCESS_WIFI_STATE, READ_PHONE_STATE |
DroidDreamLight | INTERNET, READ_PHONE_STATE | INTERNET, READ_CONTACTS, ACCESS_NETWORK_STATE, RECEIVE_BOOT_COMPLETED, READ_PHONE_STATE , GET_ACCOUNTS, READ_SMS |
Geinimi | INTERNET, SEND_SMS | INTERNET, ACCESS_FINE_LOCATION, CALL_PHONE, MOUNT_UNMOUNT_FILESYSTEMS, READ_CONTACTS, READ_PHONE_STATE, SEND_SMS, SET_WALLPAPER, WRITE_CONTACTS, WRITE_EXTERNAL_STORAGE |
jSMSHider | INSTALL_PACKAGES | INTERNET, ACCESS_NETWORK_STATE, DELETE_PACKAGES, READ_PHONE_STATE , ACCESS_COARSE_LOCATION, INSTALL_PACKAGES, |
Pjapps | INTERNET, RECEIVE_SMS | INTERNET, RECEIVE_SMS, SEND_SMS, READ_PHONE_STATE, WRITE_ EX-TERNAL_ STORAGE |
Zsone | RECEIVE_SMS, SEND_SMS | INTERNET, RECEIVE_SMS, SEND_SMS, RESTART_PACKAGES, ACCESS_COARSE_LOCATION |
zHash | CHANGE_WIFI_STATE | INTERNET, READ_CONTACTS, ADD_SYSTEM_SERVICE, CHANGE_WIFI_STATE, RECEIVE_SMS, MODIFY_PHONE_STATE, ACCESS_WIFI_STATE, ACCESS_NETWORK_STATE, MODIFY_AUDIO_SETTINGS, PROCESS_ OUTGOING_CALLS, SEND_SMS, WRITE_SMS, CALL_PHONE, READ_PHONE_STATE, CHANGE_NETWORK_STATE, READ_SMS |
"
恶意代码族 | 样本个数 | Androguard | Kirin | 本文方法 | 恶意代码族 | 样本个数 | Androguard | Kirin | 本文方法 | |||
ADRD | 22 | 19 | 8 | 1 | 19 | AnserverBot | 187 | 0 | 2 | 2 | 187 | |
Asroot* | 8 | 0 | 5 | 0 | 0 | BaseBridge | 122 | 100 | 7 | 3 | 82 | |
BeanBot | 8 | 0 | 0 | 0 | 7 | Bgserv | 9 | 0 | 0 | 0 | 8 | |
CoinPirate | 1 | 0 | 0 | 0 | 1 | CruseWin | 2 | 0 | 0 | 0 | 2 | |
DogWars | 1 | 0 | 1 | 0 | 1 | DroidCoupon* | 1 | 0 | 0 | 0 | 0 | |
DroidDeluxe* | 1 | 1 | 0 | 0 | 0 | DroidDream* | 16 | 16 | 6 | 0 | 0 | |
DroidDreamLight | 46 | 0 | 18 | 0 | 31 | DroidKungFu1 | 34 | 33 | 8 | 1 | 22 | |
DroidKungFu2 | 30 | 30 | 9 | 0 | 13 | DroidKungFu3 | 309 | 285 | 21 | 14 | 228 | |
DroidKungFu4 | 96 | 96 | 18 | 0 | 89 | DroidKungFuSapp | 3 | 0 | 0 | 3 | 3 | |
DroidKungFuUpdate* | 1 | 0 | 0 | 0 | 0 | Endofday | 1 | 0 | 0 | 0 | 1 | |
FakeNetflix | 1 | 0 | 0 | 0 | 1 | FakePlayer* | 6 | 0 | 5 | 0 | 0 | |
GamblerSMS | 1 | 0 | 0 | 1 | 1 | Geinimi | 69 | 67 | 11 | 3 | 53 | |
GGTracker | 1 | 0 | 1 | 0 | 1 | GingerMaster | 4 | 4 | 2 | 0 | 4 | |
GoldDream | 47 | 32 | 6 | 0 | 46 | Gone60 | 9 | 0 | 0 | 0 | 9 | |
GPSSMSSpy | 6 | 0 | 1 | 0 | 6 | HippoSMS | 4 | 3 | 1 | 0 | 4 | |
Jifake | 1 | 0 | 0 | 0 | 1 | jSMSHider | 16 | 16 | 4 | 0 | 9 | |
KMin | 52 | 52 | 39 | 0 | 52 | LoveTrap | 1 | 1 | 0 | 0 | 1 | |
NickyBot | 1 | 0 | 0 | 1 | 1 | NickySpy | 2 | 2 | 0 | 2 | 2 | |
Pjapps | 58 | 40 | 8 | 3 | 55 | Plankton* | 11 | 11 | 2 | 1 | 0 | |
RogueLemon | 2 | 0 | 0 | 0 | 2 | RogueSPPush | 9 | 9 | 0 | 0 | 3 | |
SMSReplicator | 1 | 0 | 0 | 0 | 1 | SndApps | 10 | 10 | 0 | 0 | 10 | |
Spitmo | 1 | 0 | 0 | 0 | 1 | Tapsnake* | 2 | 1 | 1 | 0 | 0 | |
Walkinwat | 1 | 1 | 1 | 0 | 1 | YZHC | 22 | 22 | 3 | 1 | 22 | |
zHash | 11 | 0 | 1 | 0 | 11 | Zitmo | 1 | 0 | 0 | 0 | 1 | |
Zsone | 12 | 12 | 4 | 0 | 11 | |||||||
总共 | 1 260 | 863 | 193 | 36 | 1 003 | |||||||
注:标注*的是本文方法忽略的恶意应用家族,检测率为0。 |
[1] | Gartner says worldwide sales of mobile phones declined 3 percent in third quarter of 2012; smartphone sales increased 47 percent[EB/OL]. , 2013. |
[2] | 中国互联网络信息中心[EB/OL]. , 2013.China internet network information center[EB/OL]. , 2013. |
[3] | 下载APP安装信息被盗主因:盲目授权致信息泄露[EB/OL]. , 2013.Information stolen during download and installation APP, main reason:information disclosure due to blind authorization[EB/OL]. , 2013. |
[4] | WITTEN I H . Data Mining: Practical Machine Learning Tools and Techniques[M]. Beijing: China Machine Press, 2012. |
[5] | 李海峰, 章宁, 朱建明 等. 时间敏感数据流上的频繁项集挖掘算法[J]. 计算机学报, 2012,35(11):2283-2293. LI H F , ZHANG N , ZHU J M , et al. Frequent itemset mining over time-sensitive streams[J]. Chinese Journal of Computers, 2012,35(11):2283-2293. |
[6] | Androguard[EB/OL]. , 2013. |
[7] | JIANG X X . An evaluation of the application (″app″) verification service in Android 4.2[EB/OL]. , 2013. |
[8] | ZHOU Y J , WANG Z , ZHOU W , et al. 2012 Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets[A]. Proceedings of the 19th Annual Network & Distributed System Security Symposium[C]. 2012.1-13. |
[9] | ENCK W , ONGTANG M , MCDANIEL P . On lightweight mobile phone application certification[A]. Proceedings of the 16th ACM Con-ference on Computer and Communications Security CCS '09[C]. Chi-cago, IL, USA, 2009.235-245. |
[10] | BARRER D , KAYACIK H G , VAN OORSCHOT P C , et al. A meth-odology for empirical analysis of permission-based security models and its application to Android[A]. Proceedings of the 17th ACM Con-ference on Computer and Communications Security CCS '10[C]. Chi-cago, IL, USA, 2010.73-84. |
[11] | FELT A P , CHIN E , HANNA S , et al. Android permissions demysti-fied[A]. Proceedings of the 18th ACM Conference on Computer and Communications Security CCS '11[C]. Chicago, IL, USA, 2011.627-638. |
[12] | WEI X T , GOMEZ L , NEAMTIU I , et al. Permission evolution in the Android ecosystem[A]. Proceedings of the 28th Annual Computer Se-curity Applications Conference ACSAC '12[C]. Orlando, Florida, USA, 2012.31-40. |
[13] | WU D J , MAO C H , WEI T E , et al. DroidMat: Android malware detection through manifest and API calls tracing[A]. Proceedings of the Seventh Asia Joint Conference on Information Security Asia JCIS 2012[C]. Tokyo, Japan, 2012.62-69. |
[14] | SHABTAI A , KANONOY U , ELOVICI Y , et al. Andromaly: a behav-ioral malware detection framework for Android devices[J]. Journal of Intelligent Information Systems, 2012,38 (1):161-190. |
[15] | IKER B , URKO Z , SIMIN N T . Crowdroid: behavior-based malware detection system for Android[A]. Proceedings of the ACM CCS workshop on Security and Privacy in Smartphones and Mobile De-vices SPSM'11[C]. Chicago, Illinois, USA, 2011.15-26. |
[16] | AGRAWAL R , IMIELINSKI T , SWAMI A N . Ming association rules between sets of items in large databases[A]. Proceedings of the 1993 ACM SIGMOD the International Conference on Management of Data[C]. Washington DC, USA, 1993.207-216. |
[17] | WANG L N , TAN X B , PAN J F , et al. Application of prefixspan*algorithm in malware detection expert system[A]. Proceedings of the First International Workshop on Education Technology and Computer Science[C]. 2009.448-452. |
[18] | HAN J W , KAMBER M . Data Mining Concepts and Techniques[M]. Elsevier Inc San Francisco, 2007. |
[19] | KANTARDZIC M . Data mining: concepts, models, methods, and algorithms[A]. IEEE Computer Society, A John Wiley & Sons[C]. Hoboken, NJ, 2003.143-151. |
[20] | ZHOU Y J , JIANG X X . Dissecting Android malware: characteriza-tion and evolution[A]. Proceedings of the 33rd IEEE Symposium on Security and Privacy[C]. Oakland, USA, 2012.95-109. |
[21] | Google-play-crawler[EB/OL]. , 2012. |
[22] | The Android manifest.xml file[EB/OL]. , 2013. |
[1] | Zhongping ZHANG, Sen LI, Weixiong LIU, Shuxia LIU. Outlier detection algorithm based on fast density peak clustering outlier factor [J]. Journal on Communications, 2022, 43(10): 186-195. |
[2] | Zhongping ZHANG, Weixiong LIU, Yuting ZHANG, Yu DENG, Mianxin WEI. ERDOF: outlier detection algorithm based on entropy weight distance and relative density outlier factor [J]. Journal on Communications, 2021, 42(9): 133-143. |
[3] | Sheng GAO, Kang XIANG, Youliang TIAN, Weijie TAN, Tao FENG, Xiaoxue WU. BCP-based joint delegation learning model and protocol [J]. Journal on Communications, 2021, 42(5): 137-148. |
[4] | Fengli XU,Yong LI. Survey on user’s mobility behavior modelling in urban environment [J]. Journal on Communications, 2020, 41(7): 18-28. |
[5] | Yingzhuo XIANG,Zhengguo XU,Ling YOU. Instruction flow mining algorithm based on the temporal sequence of node communication actions [J]. Journal on Communications, 2019, 40(9): 51-60. |
[6] | Ying WANG,Zhuang SU. Survey of mobility prediction in wireless network [J]. Journal on Communications, 2019, 40(8): 157-168. |
[7] | Zheng HU,Hao YUAN,Xinning ZHU,Wanli NI. Research on crowd flows prediction model for 5G demand [J]. Journal on Communications, 2019, 40(2): 1-10. |
[8] | Jian PENG,Tuntun WANG,Yu CHEN,Tang LIU,Wenzheng XU. User recommendation based on cross-platform online social networks [J]. Journal on Communications, 2018, 39(3): 147-158. |
[9] | Bo CHEN,Yong-tao PAN,Tie-ming CHEN. Android malware detection method based on SimHash [J]. Journal on Communications, 2017, 38(Z2): 30-36. |
[10] | Zhi-qiang GAO,Yu-tao WANG. Survey on differential privacy and its progress [J]. Journal on Communications, 2017, 38(Z1): 151-155. |
[11] | Ming HE,Wei-shi LIU,Jiang ZHANG. Association rules recommendation algorithm supporting recommendation nonempty [J]. Journal on Communications, 2017, 38(10): 18-25. |
[12] | Hai-rong MU,Li-ping DING,Yu-ning SONG,Guo-qing LU. DiffPRFs:random forest under differential privacy [J]. Journal on Communications, 2016, 37(9): 175-182. |
[13] | Hong-cheng LI,Xiao-ping WU,Yan CHEN. k-means clustering method preserving differential privacy in MapReduce framework [J]. Journal on Communications, 2016, 37(2): 125-131. |
[14] | . Survey of differential privacy in frequent pattern mining [J]. Journal on Communications, 2014, 35(10): 23-209. |
[15] | Li-ping DING,Guo-qing LU. Survey of differential privacy in frequent pattern mining [J]. Journal on Communications, 2014, 35(10): 200-209. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|