• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
高级检索

Maldetect:基于Dalvik指令抽象的Android恶意代码检测系统

陈铁明, 杨益敏, 陈波

陈铁明, 杨益敏, 陈波. Maldetect:基于Dalvik指令抽象的Android恶意代码检测系统[J]. 计算机研究与发展, 2016, 53(10): 2299-2306. DOI: 10.7544/issn1000-1239.2016.20160348
引用本文: 陈铁明, 杨益敏, 陈波. Maldetect:基于Dalvik指令抽象的Android恶意代码检测系统[J]. 计算机研究与发展, 2016, 53(10): 2299-2306. DOI: 10.7544/issn1000-1239.2016.20160348
shu
Chen Tieming, Yang Yimin, Chen Bo. Maldetect: An Android Malware Detection System Based on Abstraction of Dalvik Instructions[J]. Journal of Computer Research and Development, 2016, 53(10): 2299-2306. DOI: 10.7544/issn1000-1239.2016.20160348
Citation: Chen Tieming, Yang Yimin, Chen Bo. Maldetect: An Android Malware Detection System Based on Abstraction of Dalvik Instructions[J]. Journal of Computer Research and Development, 2016, 53(10): 2299-2306. DOI: 10.7544/issn1000-1239.2016.20160348
shu
陈铁明, 杨益敏, 陈波. Maldetect:基于Dalvik指令抽象的Android恶意代码检测系统[J]. 计算机研究与发展, 2016, 53(10): 2299-2306. CSTR: 32373.14.issn1000-1239.2016.20160348
引用本文: 陈铁明, 杨益敏, 陈波. Maldetect:基于Dalvik指令抽象的Android恶意代码检测系统[J]. 计算机研究与发展, 2016, 53(10): 2299-2306. CSTR: 32373.14.issn1000-1239.2016.20160348
shu
Chen Tieming, Yang Yimin, Chen Bo. Maldetect: An Android Malware Detection System Based on Abstraction of Dalvik Instructions[J]. Journal of Computer Research and Development, 2016, 53(10): 2299-2306. CSTR: 32373.14.issn1000-1239.2016.20160348
Citation: Chen Tieming, Yang Yimin, Chen Bo. Maldetect: An Android Malware Detection System Based on Abstraction of Dalvik Instructions[J]. Journal of Computer Research and Development, 2016, 53(10): 2299-2306. CSTR: 32373.14.issn1000-1239.2016.20160348
shu

Maldetect:基于Dalvik指令抽象的Android恶意代码检测系统

  • (浙江工业大学计算机科学与技术学院 杭州 310023) (tmchen@zjut.edu.cn)

基金项目: 国家自然科学基金项目(U1509214);浙江省自然科学基金项目(LY16F020035) This work was supported by the National Natural Science Foundation of China (U1509214) and the Natural Science Foundation of Zhejiang Province of China (LY16F020035).
详细信息

  • 中图分类号: TP309

Maldetect: An Android Malware Detection System Based on Abstraction of Dalvik Instructions

  • (College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, 310023)

摘要

    摘要
  • 摘要: 提出了一个Android恶意代码的静态检测系统Maldetect,首先采用逆向工程将DEX文件转化为Dalvik指令并对其进行简化抽象,再将抽象后的指令序列进行N-Gram编码作为样本训练,最后利用机器学习算法创建分类检测模型,并通过对分类算法与N-Gram序列的组合分析,提出了基于3-Gram和随机森林的优选检测方法.通过4000个Android恶意应用样本与专业反毒软件进行的检测对比实验,表明Maldetect可更有效地进行Android恶意代码检测与分类,且获得较高的检测率.
    Abstract: A novel static Android malware detection system Maldetect is proposed in this paper. At first, the Dalvik instructions decompiled from Android DEX files are simplified and abstracted into simpler symbolic sequences. N-Gram is then employed to extract the features from the simplified Dalvik instruction sequences, and the detection and classification model is finally built using machine learning algorithms. By comparing different classification algorithms and N-Gram sequences, 3-Gram sequences with the random forest algorithm is identified as an optimal solution for the malware detection and classification. The performance of our method is compared against the professional anti-virus tools using 4000 malware samples, and the results show that Maldetect is more effective for Android malware detection with high detection accuracy.
    • HTML全文
    • 参考文献(0)
    • 相关文章
    • 施引文献
    • 资源附件(0)
计量
  • 文章访问数:  1532
  • HTML全文浏览量:  5
  • PDF下载量:  717
  • 被引次数: 0
出版历程
  • 发布日期:  2016-09-30

目录

摘要
HTML全文
    参考文献(0)
    相关文章
    施引文献
    资源附件(0)

    /

    返回文章
    返回
    邮件订阅 RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    版权所有 © 《计算机研究与发展》编辑部

    本系统由北京仁和汇智信息技术有限公司开发  百度统计