南京理工大学学报(自然科学版)2017,Vol.41Issue(6):720-724,729,6.DOI:10.14177/j.cnki.32-1397n.2017.41.06.009
基于系统调用的安卓恶意应用检测方法
Android malware detection method based on system calls
摘要
Abstract
A dynamic Android malware detection approach is proposed aiming at the low accuracy of static malware detection approaches by researching the system calls of Android applies. The system calls achieved by stimulated events of Android applies from the sandbox are characterized,and two feature representation methods are designed based on system call frequency and system call dependency respectively. Malware and goodware are distinguished by a classifier constructed by ensemble method. The two methods are tested on 3000 Android applications from the third-part market. The experimental results show that,the feature representation method based on system call dependency is better than that based on system call frequency,and the ensemble-based classifier has a good detection accuracy of 95 . 84%.关键词
安卓/恶意应用检测/静态检测/动态检测/特征化/系统调用次数/系统调用依赖图Key words
Android/malware detection/static detection/dynamic detection/characterization/system call frequency/system call dependency分类
信息技术与安全科学引用本文复制引用
陈昊,姜海涛,郭静,周超,姚楠,徐建..基于系统调用的安卓恶意应用检测方法[J].南京理工大学学报(自然科学版),2017,41(6):720-724,729,6.基金项目
国网江苏省电力公司科技项目(J2016022) (J2016022)
