摘要
针对安卓操作系统(Android)恶意软件检测问题,在总结现有检测方法的基础上,提出一种基于马尔可夫(Markov)链及支持向量机SVM的检测方法。该方法把应用程序(App)对安卓操作系统功能的调用序列当作离散时间Markov链,通过统计相邻系统调用对的出现频率来计算状态转移概率矩阵。把转移概率矩阵转化为特征向量,作为SVM的输入进行训练和检测,从而判定App的性质。因Markov链考虑了系统调用之间的关联关系,因此较传统检测方案,该方案利用系统调用序列能更好地刻画了App的动态行为。实验结果表明,与现有的检测方法相比,该方法显著提高了检测准确度。
In order to solve the issue of malware detection for Android, we summarized existing detection methods and then proposed a novel detection approach based on Markov chain and SVM in this paper. We treated the call sequence of application to Android as a discrete-time Markov chain. The the occurrence frequencies of the adjacent system call pairs state transition probability matrix was calculated by counting Then the matrix was transformed into the feature vector,which was trained and detected as the input of SVM, correlations between the system calls into account, our so as to detemfine the natureof App. As Markov chains took the proposal could describe the dynamic behaviors of application more accurately than the traditional detection methods by using the system call sequence. Experimental results prove that this method significantly improves the detection accuracy compared with the existing detection methods.
作者
张超钦
胡光武
王振龙
刘新宇
Zhang Chaoqin;Hu.Guangwu;Wang Zhenlong;Liu Xinyu(National Digital Switches System Engineering and Technological Researeher Center,Zhengzhou 450002,Henan,Chin;School of Computer and Communication Engineering,Zhengzhou University of Light Industry,Zhengzhou 450002,Henan,China;School of Computer Science,Shenzhen Institute of Information Technology,Shenzhen 518172,Guangdong,China;Graduate School at Shenzhen,Tsinghua University,Shenzhen 518055,Guangdong,China;Shenzhen Jinzhou Seiko Technology Co.,Ltd.,Shenzhen 518055,Guangdong,China)
出处
《计算机应用与软件》
北大核心
2018年第10期292-298,共7页
Computer Applications and Software
基金
国家自然科学基金项目(61202358)
广东省自然科学基金项目(2015A030310492)
深圳市基础研究项目(JCYJ20160301152145171)
