摘要
结合语法和语义特征的检测方法可有效识别Android恶意程序.对现有以污点传播路径为语义特征的方法进行扩展,将不同组件内的Source方法和Sink方法对定义为跨组件(ICC)污点传播路径,并进一步抽象为基于类的路径集合作为新的语义特征,按照它们在不同样本集中出现次数的比例关系进行特征值规范化,采用SVM进行分类和检测.针对295个样本的检测结果表明,准确率和虚警率均有一定改善.
The detection methods of combining syntax and semantic features can effectively identify Android malware.An improved static approach with two key-points is presented.Firstly,the new approach adds a new semantic feature called Inter-Component Communication Taint Propagation Path,which covers at least two components and is formally defined as a pair of methods,Source and Sink respectively.Moreover,the path is further abstracted as a pair of classes where the methods are defined.Then,every new feature is normalized according to the proportion of its total counts found in different sample sets.At last,a model based on SVM is created and used for classification and detection.The final experimental results show on 295 samples that the accuracy rate and the false positive rate are much better.
作者
郭帆
黄硕
王昌晶
涂风涛
GUO Fan;HUANG Shuo;WANG Changjing;TU Fengtao(College of Computer Information Engineering,Jiangxi Normal University,Nanchang Jiangxi 330022,China;Yuzhang Normal University,Nanchang Jiangxi 330103,China)
出处
《江西师范大学学报(自然科学版)》
CAS
北大核心
2019年第2期147-153,共7页
Journal of Jiangxi Normal University(Natural Science Edition)
基金
国家自然科学基金(61762049
61562040)
江西省自然科学基金(20171BAB202013)
江西省教育厅科技课题(GJJ161305
GJJ151330)资助项目
