|
|
- 2017
基于SVM的安卓恶意软件检测
|
Abstract:
摘要: 为了有效检测恶意软件,减少恶意软件对安卓平台的安全造成的威胁,在对现有数据集分析研究的基础上,提出概率统计和特征抽取两种策略,分别用这两种策略对提取的特征进行降维处理,减少不确定性数据,再用线性支持向量机(support vector Machine, SVM)分类,模型训练时间缩短为原来的16.7%,并且检测未知恶意软件的准确率明显提高。将该降维策略在其他常用算法上进行试验,结果表明改进后的数据有助于提高这些算法的分类准确率。
Abstract: In order to detect malware effectively and reduce the threat of malicious software on Android platform security, two strategies that were probability statistics embedding and feature extraction were proposed based on the analysis of existing data sets.These strategies were used to transform high-dimensional data into low-dimensional data so as to reduce the dimension and the uncertainty of the extracted features. Support vector machine were used to classify these data. With these strategies, the time complexity of training process was reduced to 16.7 percent of the original time, and the ability of detecting unknown malware families was improved obviously. Moreover, these strategies were used with some popular classification algorithms, and the experimental results revealed that these strategies could achieve a better detection rate
| [1] | STRATEGY Analytics. Android captures record 88 percent share of globalsmartphone shipments in Q3 2016[EB/OL]. [2016-11-17]. https://www.strategyanalytics.com/strategy-analytics. |
| [2] | LI Jun. 360发布手机安全报告恶意程序去年增4倍[J]. 计算机与网络, 2015, 41(3):89-89. LIU J. 360 delivered Mobile Security Report: Malicious programs increased four times last year[J].Computer & Network, 2015, 41(3):89-89. |
| [3] | 丰生强. Android 软件安全与逆向分析[M]. 北京:人民邮电出版社, 2013. |
| [4] | BURGUERA I, ZURUTUZA U, NADJM-TEHRANI S. Crowdroid: behavior-based malware detection system for Android[C] //ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. Chicago, Illinois, USA: ACM, 2011: 15-26. |
| [5] | SHEEN S A, NITHA R, NATARAJAN V. Android based malware detection using a multifeature collaborative decision fusion approach[J]. Neurocomputing, 2015, 151:905-912. |
| [6] | BLOOM B H. Space/time tradeoffs in hash coding with allowable errors[J]. Communication of the ACM, 1970, 13(7):422-426. |
| [7] | TAM K, KHAN S J, FATTORI A, et al. CopperDroid: Automatic reconstruction of Android malware behaviors[C] //Proceedings of the Symposium on Network and Distributed System Security. San Diego, CA, USA: NDSS, 2015. |
| [8] | YUAN Z, LU Y, WANG Z, et al. Droid-Sec: deep learning in android malware detection[C] //Proceedings of the 2014 ACM conference on SIGCOMM. New York, USA: ACM, 2014: 371-372. |
| [9] | ARP D, PREITZENBARTH M S, HüBNER M, et al. Drebin: effective and explainable detection of android malware in your pocket[C] //Proceedings of the Annual Symposium on Network and Distributed System Security. San Diego, CA, USA: NDSS, 2014. |
| [10] | CORMEN T H. Introductionto Algorithms[M]. Massachusetts: MIT Press, 2009. |
| [11] | ENCK W, GILBERT P, HAN S, et al. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smart phones[J]. ACM Transactions on Computer Systems, 2014, 32(2):393-407. |
| [12] | ENCK W, ONGTANG M, MCDANIEL P. On lightweight mobile phone application certification[C] //Proceedings of the 16th ACM Conference on Computer and Communications Security. New York, USA: ACM, 2009: 235-245. |
| [13] | FELT A P, CHIN E, HANNA S, et al. Android permissions demystified[C] //Proceedings of the 18th ACM Conference on Computer and Communications Security. New York, USA: ACM, 2011: 627-638. |
| [14] | GRACE M, ZHOU Y, ZHANG Q, et al. RiskRanker: scalable and accurate zero-day Android malware detection[C] //Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. New York, USA: ACM, 2012: 281-294. |
| [15] | MOBILE Security. 2014 Mobile Threat Report[EB/OL]. [2016-11-17]. https://www.lookout.com/resources/reports/mobile-threat-report. |
| [16] | ZHOU Y, JIANG X. Dissecting Android malware: characterization and evolution[C] //IEEE Symposium on Security & Privacy. San Francisco, CA, USA: IEEE, 2012: 95-109. |
| [17] | FAN R E, CHANG K W, HSIEH C J, et al. LIBLINEAR: A library for large linear classification[J]. Journal of Machine Learning research(JMLR), 2008, 9:1871-1874. |
| [18] | 吴倩,赵晨啸,郭莹.Android安全机制解析与应用实践[M].北京:机械工业出版社,2013. |
| [19] | AVDIIENKO V, KUZNETSOV K, GORLA A, et al. Mining apps for abnormal usage of sensitive data[C] //2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. Florence, Italy: IEEE, 2015,1: 426-436. |
| [20] | CHANG C C, LIN C J. LIBSVM: a library for support vector machines[J]. ACM Transactions on Intelligent Systems and Technology, 2011, 2(3):1-27. |
| [21] | CORTES C, VAPNIK V. Support-vector networks[J]. Machine Learning, 1995, 20(3):273-297. |
