|国家科技期刊平台
| 注册
首页|期刊导航|电子学报|基于敏感组件函数调用图的安卓重打包恶意软件检测方法

基于敏感组件函数调用图的安卓重打包恶意软件检测方法

杜瑞颖 陈晶 吴聪 闫晰渝

电子学报2025,Vol.53Issue(7):2372-2388,17.
电子学报2025,Vol.53Issue(7):2372-2388,17.DOI:10.12263/DZXB.20250075

基于敏感组件函数调用图的安卓重打包恶意软件检测方法

A Detection Method for Android Repackaged Malware Based on Sensitive Component Function Call Graph

杜瑞颖 1陈晶 2吴聪 3闫晰渝4

作者信息

  • 1. 河南师范大学计算机与信息工程学院,河南 新乡 453007
  • 2. 武汉大学国家网络安全学院,湖北 武汉 430072||武汉大学空天信息安全与可信计算教育部重点实验室,湖北 武汉 430072||武汉大学日照信息技术研究院,山东 日照 276800
  • 3. 香港大学工学院,电机电子工程学系,中国香港 999077
  • 4. 武汉大学国家网络安全学院,湖北 武汉 430072||武汉大学空天信息安全与可信计算教育部重点实验室,湖北 武汉 430072
  • 折叠

摘要

Abstract

The Android system occupies over 70%of the market share of mobile operating systems,making it a key platform for malicious actors to distribute malware.Repackaged malware embeds a small amount of malicious code into le-gitimate software,masking malicious activities with a majority of benign behaviors to evade traditional malware detection methods.However,academic research on repackaged malware remains relatively limited.Existing detection methods based on partitioning function call graphs often lack generalizability and fail to fully capture the semantic features of malicious be-havior associated with sensitive API(Application Programming Interface)centrality.To solve these problems,we propose Partdroid,a detection method for Android repackaged malware.The method analyzes manifest files and smali code to ex-tract application component information and generate component function call graphs.It combines graphs of components with sensitive APIs and uses taint analysis to uncover inter-component relationships,forming a sensitive component func-tion call graph to overcome partitioning limitations.Additionally,Partdroid highlights malicious behavior by exploring the relationships between sensitive APIs,entry functions,and interaction functions.It also integrates centrality algorithms to cal-culate the importance of sensitive APIs comprehensively,addressing the limitations of directly using centrality algorithms for feature extraction.Experimental results demonstrate that Partdroid outperforms other tools in detecting Android repack-aged malware,achieving an F1 score of 91.34%and accuracy of 91.93%with a random forest classifier,and 91.63%and 92.15%with a voting algorithm.Moreover,Partdroid performs outstandingly in detecting new malware,identifying 3 suspi-cious software among 2 000 randomly selected applications from the Google Play Store.

关键词

安卓重打包恶意软件/函数调用图/敏感API/恶意行为/机器学习

Key words

android repackaged malware/function call graph/sensitive API/malicious behavior/machine learning

分类

信息技术与安全科学

引用本文复制引用

杜瑞颖,陈晶,吴聪,闫晰渝..基于敏感组件函数调用图的安卓重打包恶意软件检测方法[J].电子学报,2025,53(7):2372-2388,17.

基金项目

国家重点研发计划(No.2021YFB2700200,No.2022YFB3103300) (No.2021YFB2700200,No.2022YFB3103300)

国家自然科学基金(No.62206203,No.62076187) (No.62206203,No.62076187)

湖北省重点研发计划(No.2022BAA039,No.2021BAA190) (No.2022BAA039,No.2021BAA190)

山东省重点研发计划(No.2022CXPT055) National Key Research and Development Program of China(No.2021YFB2700200,No.2022YFB3103300) (No.2022CXPT055)

National Natural Science Foundation of China(No.62206203,No.62076187) (No.62206203,No.62076187)

The Key Research and Development Program of Hubei Province(No.2022BAA039,No.2021BAA190) (No.2022BAA039,No.2021BAA190)

The Key Research and Development Program of Shandong Province(No.2022CXPT055) (No.2022CXPT055)

电子学报

OA北大核心

0372-2112

访问量0
|
下载量0
段落导航相关论文