计算机技术与发展2017,Vol.27Issue(3):126-130,5.DOI:10.3969/j.issn.1673-629X.2017.03.026
通过AndroidManifest和API调用追踪的恶意检测
Android Malware Detection of Calls Tracing with AndroidManifest and API
摘要
Abstract
A static feature-based mechanism is studied to provide a static analysis method for detection of the Android malware. In order to identify the intention of different Android malware,all kinds of clustering algorithms are applied to enhance the malware modeling ca-pability to any Android procedure. Besides,a system,called XDroidMat,is developed. The XDroidMat extracts the information from each application' s manifest file and regards components as entry points drilling down for tracing API Calls related to permissions. Then it uses k-means algorithm to strengthen the malware modeling capability. The number of clusters is decided by Singular Value Decomposition ( SVD) method on the low rank approximation. Finally,it uses kNN algorithm to classify the application as benign or malicious. The ex-perimental results show XDroidMat can get 98. 12% accuracy and do well in detecting the Android malware.关键词
Android恶意应用/静态分析/基于特征/组件间通信Key words
Android malware/static analysis/feature-based/ICC分类
信息技术与安全科学引用本文复制引用
郑尧,王轶骏,薛质..通过AndroidManifest和API调用追踪的恶意检测[J].计算机技术与发展,2017,27(3):126-130,5.基金项目
国家自然科学基金资助项目(61332010) (61332010)
