[1]郭 帆,黄 硕,王昌晶,等.基于ICC的Android恶意程序检测方法[J].江西师范大学学报(自然科学版),2019,(02):147-153.[doi:10.16357/j.cnki.issn1000-5862.2019.02.06]
 GUO Fan,HUANG Shuo,WANG Changjing,et al.The ICC-Based Detection Method on Android Malware[J].Journal of Jiangxi Normal University:Natural Science Edition,2019,(02):147-153.[doi:10.16357/j.cnki.issn1000-5862.2019.02.06]
点击复制

基于ICC的Android恶意程序检测方法()
分享到:

《江西师范大学学报》(自然科学版)[ISSN:1006-6977/CN:61-1281/TN]

卷:
期数:
2019年02期
页码:
147-153
栏目:
信息科学与技术
出版日期:
2019-04-10

文章信息/Info

Title:
The ICC-Based Detection Method on Android Malware
文章编号:
1000-5862(2019)02-0147-07
作者:
郭 帆1黄 硕1王昌晶1涂风涛2
1.江西师范大学计算机信息工程学院,江西 南昌 330022; 2.豫章师范学院,江西 南昌 330103
Author(s):
GUO Fan1HUANG Shuo1WANG Changjing1TU Fengtao2
1.College of Computer Information Engineering,Jiangxi Normal University,Nanchang Jiangxi 330022,China; 2.Yuzhang Normal University,Nanchang Jiangxi 330103,China
关键词:
程序检测 跨组件通信 污点传播 语义特征
Keywords:
malware detection ICC taint propagation semantic features
分类号:
TP 311
DOI:
10.16357/j.cnki.issn1000-5862.2019.02.06
文献标志码:
A
摘要:
结合语法和语义特征的检测方法可有效识别Android恶意程序.对现有以污点传播路径为语义特征的方法进行扩展,将不同组件内的Source方法和Sink方法对定义为跨组件(ICC)污点传播路径,并进一步抽象为基于类的路径集合作为新的语义特征,按照它们在不同样本集中出现次数的比例关系进行特征值规范化,采用SVM进行分类和检测.针对295个样本的检测结果表明,准确率和虚警率均有一定改善.
Abstract:
The detection methods of combining syntax and semantic features can effectively identify Android malware.An improved static approach with two key-points is presented.Firstly,the new approach adds a new semantic feature called Inter-Component Communication Taint Propagation Path,which covers at least two components and is formally defined as a pair of methods,Source and Sink respectively.Moreover,the path is further abstracted as a pair of classes where the methods are defined.Then,every new feature is normalized according to the proportion of its total counts found in different sample sets.At last,a model based on SVM is created and used for classification and detection.The final experimental results show on 295 samples that the accuracy rate and the false positive rate are much better.

参考文献/References:

[1] Burguera I,Zurutuza U,Nadjm-Tehrani S.Crowdroid:behavior-based malware detection system for Android[EB/OL].[2018-03-11].10.1145/2046614.2046619.
[2] Sun Lichao,Li Zhiqiang,Yan Qiben,et al.SigPID:significant permission identify-cation for android malware detection[EB/OL].[2018-03-09].http://doi.ieeecomputersociety.org/10.1109/MALWARE.2016.7888730.
[3] Arp D,Spreitzenbarth M,Hübner M,et al.DREBIN:Effective and explainable detection of android malware in your pocket[EB/OL].[2018-03-09].10.14722/ndss.2014.23247.
[4] GitHub,Inc.Androguard[EB/OL].[2018-03-09].https://github.com/androguard/androguard.
[5] Avdiienko V,Kuznetsov K,Gorla A,et al.Mining apps for abnormal usage of sensitive data[C].IEEE/ACM IEEE International Conference on Software Engineering,2015:426-436.
[6] 徐林溪,郭帆.基于混合特征的恶意安卓程序检测方法[J].计算机工程与科学,2017,39(10):1837-1846.
[7] Zhou Wu,Zhou Yajin,Grace Michael,et al.Fast,scalable detection of "Piggybacked" mobile applications[EB/OL].[2018-04-11〗.10.1145/2435349.2435377.
[8] Arzt S,Rasthofer S,Fritz C,et al.FlowDroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps[J].Acm Sigplan Notices,2014,49(6):259-269.
[9] Octeau D,Luchaup D,Dering M,et al.Composite constant propagation:application to Android inter-component communication analysis[C].IEEE/ACM IEEE International Conference on Software Engineering,2015:77-88.
[10] Google inc.Android官方权限说明[EB/OL].[2018-04-11].https://developer.android.google.cn/guide/topics/permissions/overview#viewing.
[11] Zhou Yajin,Jiang Xuxian.Dissecting Android Malware:characterization and Evolution[C].Security and Privacy(SP),2012 IEEE Symposium on,2012:95-109.
[12] Rasthofer S,Arzt S,Bodden E.A Machine-learning approach for classifying and categorizing Android sources and sinks[C].Network and Distributed System Security Symposium,2014.
[13] Google inc.Android应用基础知识[EB/OL].https://developer.android.google.cn/guide/components/fundamentals#Components.
[14] Google inc.Intent和Intent过滤器匹配规则[EB/OL].https://developer.android.google.cn/guide/components/intents-filters.
[15] Octeau D,Jha S,Mcdaniel P.Retargeting Android applications to Java bytecode[C].ACM Sigsoft International Symposiumon the Foundations of Software Engineering,2012:1-11.
[16] Waikato inc.WEKA[EB/OL].[2018-03-27].https://www.cs.waikato.ac.nz/ml/weka/.
[17] VirusShare.Because sharing is caring[EB/OL].[2018-05-11].https://virusshare.com/.

备注/Memo

备注/Memo:
收稿日期:2018-06-17 基金项目:国家自然科学基金(61762049,61562040),江西省自然科学基金(20171BAB202013)和江西省教育厅科技课题(GJJ161305,GJJ151330)资助项目. 作者简介:郭 帆(1977-),男,江西南昌人,副教授,博士,主要从事网络与信息安全的研究.E-mail:121171528@qq.com
更新日期/Last Update: 2019-04-10