摘要
Android系统由于开源性和可移植性等优点,成为市场占有率最高的移动操作系统。针对Android的各种攻击也层出不穷,面向Android的恶意软件检测已成为近些年移动安全领域非常重要的一个环节。面临的问题包括恶意软件收集困难,异常样本和正常样本比例不平衡。为了有效应对上述问题,提出了Droid-Saf框架,框架中提出了一种挖掘数据隐含特征的数据处理方案;把样本特征包含的隐藏信息当作新的特征;建模时将样本特征融入算法当中,建立动态的松弛变量。应用静态分析方法反编译apk,用改进的svdd单分类器分类,克服了恶意软件检测系统中非正常软件收集困难的不足,降低了异常检测的漏报率和误判率。实验结果验证了该算法的有效性和适用性。
Due to the advantages of open source and portability,Android has become a mobile OS with the largest market share.Various attacks toward Android also emerge in endlessly,the Android-oriented detection for malwares has become a quite important link recently in the field of mobile safety.The problems to be faced include difficult collection of malicious software,imbalanced proportion of the abnormal samples and normal samples.In order to effectively overcome the above difficulties,Droid-Saf framework was proposed,a data processing scheme revealing the implicit characteristics of data was proposed in the framework;the hidden information contained in the sample was treated as a new feature;in modeling,the sample features were integrated into the algorithm and dynamic slack variables were established.Static analytic method was applied to decompile apk,the improved svdd single classifier was used for classification,the deficiency of difficult collection of abnormal software in the system for detecting malicious software was overcome,the rate of missing report and the misjudgment rate of abnormal detection were lowered.The Experimental results verified the effectiveness and applicability of the algorithm.
作者
张玉玲
尹传环
ZHANG Yuling;YIN Chuanhuan(School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China)
出处
《智能系统学报》
CSCD
北大核心
2018年第2期168-173,共6页
CAAI Transactions on Intelligent Systems
基金
国家自然科学基金项目(61105056)
关键词
安卓系统
恶意软件
数据挖掘
异常检测
SVDD
隐含特征
单分类器
特征频率
Android system
malware
data mining
abnormal detection
svdd
implicit characteristics
single classifier
feature frequency
