计算机科学

计算机科学 ›› 2017, Vol. 44 ›› Issue (Z11): 317-321.doi: 10.11896/j.issn.1002-137X.2017.11A.067

• 信息安全 • 上一篇    下一篇

基于签名与数据流模式挖掘的Android恶意软件检测系统

宁卓,邵达成,陈勇,孙知信   

  1. 南京邮电大学现代邮政院 南京210003,南京邮电大学物联网学院 南京210003,南京邮电大学物联网学院 南京210003,南京邮电大学现代邮政院 南京210003
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受国家自然科学基金(61373135,61672299),南京邮电大学校级教改基金(JG01616JX73)资助

Android Static Analysis System Based on Signature and Data Flow Pattern Mining

NING Zhuo, SHAO Da-cheng, CHEN Yong and SUN Zhi-xin   

  • Online:2018-12-01 Published:2018-12-01

PDF (PC)

693

摘要: 随着Android软件开发和维护的不断增多,以及恶意软件的抗检测能力逐渐增强,主流的静态检测方法开始面临一些问题:签名检测虽然检测速度快,但是对代码混淆、重打包类的恶意软件的检测能力不强;基于数据流的检测方法虽然精度高,但检测效率低。针对上述技术存在的缺点,提出了一种混合型静态检测系统。该系统改进了多级签名检测方法,通过对method与class签名进行多级匹配,提高了对代码混淆类恶意软件的检测能力。系统还改进了传统数据流分析技术,通过数据流模式挖掘,找出恶意软件频繁使用的数据流模式,省去了人工确认环节,提高了数据流分析的自动化程度与效率。两种技术的结合使得系统在检测精度与效率两方面达到一个合理的折中点。实验结果表明,该系统对于代码混淆和重打包的恶意软件具有较好的检测能力,对主流恶意软件的检测精确度达到88%。

关键词: 静态分析,Android恶意软件,签名检测,数据流模式挖掘

Abstract: With the improvement of Android malware’s resistance of being detected,traditional static analysis has faced some problems,for example,signature analysis has a high analysis speed,but it suffers repackaging and code confusion problems.Data flow analysis is preferred for its high accuracy,but it is criticized by high resources costs.To deal with the above problems,a new static analysis system was proposed by combining an improved multi-signature analysis and data flow mining method to find a balance point between the accuracy and the efficiency,in which not only the multi-signature analysis is improved by using the signatures of classes and the method,but also the frequent data flow patterns is mined in malware to avoid manual detection.The result shows the system has better capability in solving the repackaging or code confusion problem and the whole detection accuracy approaches 88%.

Key words: Static analysis,Android malware,Signature detection,Data flow pattern mining

[1] ANALYTICS S.Android shipped 1 billion smartphones worldwide in 2014.http://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=10539.
[2] ENCK W,ONGTANG M,MCDANIEL P.On lightweight mobile phone application certification[C]∥Proc.of the 16th ACM Conf.on Computer and Communications Security (CCS 2009).2009:235-245.
[3] LIU X,LIU J Q.A Two-layered Permission-based Android Malware Detection Scheme[C]∥2014 2nd IEEE International Conference on Mobile Cloud Computing,Services,and Engineering.2014:142-148.
[4] GUO C K,XU J,LIU L,et al.MalDetector-Using PermissionCombinations to Evaluate Malicious Features of Android App[C]∥Software Engineering and Service Science (ICSESS).2015:157-160
[5] ZHAO Z B,OSONO F C C.Trustdroid:Preventing the use ofsmartphones for information leaking in corporate networks through the used of static analysis taint tracking[C]∥7th International Conference on Malicious and Unwanted Software (MALWARE).2012:135-143
[6] FRITZ C,ARZT S,RASTHOFER S,et al.Highly Precise Taint Analysis for Android Applications[J].Cs.ucdavis.edu,2013,3(2):151-157.
[7] KLIEBER W,FLYNN L,BHOSALE A,et al.Android taintflow analysis for app sets [C]∥ACM Sigplan International Workshop on the State of the Art in Java Program Analysis.2014:1-6
[8] QIN Z Y,YANG Z Y,DI Y X,et al.Detecting repackaged android applications [J].Lecture Notes in Electrical Engineering,2014,277:1099-1107.
[9] ZHENG M,SUN M S,LIU C S.Droid Analytics:A SignatureBased Analytic System to Collect,Extract,Analyze and Associa-te Android Malware[C]∥ proceedings of the 12th IEEE International Conference on Trust,Security and Privacy in Computing and Communications.Melbourne,VIC,Australia,2013:163-171.
[10] ZHOU Y,JIANG X.Dissecting Android Malware:Characterization and Evolutionin [C]∥Proceedings of 33rd IEEE Sympo-sium on Security and Privacy.2012:95-109.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发