摘要: 基于机器学习的Android平台恶意软件检测方法提取的权限信息特征维度高且类别区分能力弱,导致检测精度低及复杂度高。为此,提出一种基于特征占比差与加权随机森林的恶意软件检测方法。通过获取Android软件的权限信息和硬件组件信息,分析各类特征的占比差,并将特征属性作为分类模型的输入。在此基础上,对随机森林中的树模型赋予不同的权值,验证树模型对最终分类结果的影响。实验结果表明,与神经网络方法相比,基于特征占比差的特征构建方法所提取的特征具有较好的类别区分能力,且改进后的随机森林能提高恶意软件检测的准确性。
关键词:
Android安全,
恶意软件检测,
特征提取,
特征占比差,
随机森林
Abstract: The Android platform malicious software detection method based on machine information extracts the feature information with high feature dimension and weak class distinguishing ability,resulting in low detection accuracy and high complexity.Therefore,a malicious software detection method based on Feature Ratio Difference(FRD) and weighted Random Forest(RF) is proposed.By obtaining the permission information and hardware component information of the Android software,the ration difference of various features is analyzed,and the feature attribute is used as the input of the classification model.On this basis,different weights are assigned to the tree model in the Random Forest(RF),and the impact of the tree model on the final classification result is verified.Experimental results show that the features extracted by the feature construction method based on the feature difference ratio have better class distinguishing ability,and the improved random forest can improve the accuracy of malware detection.
Key words:
Android security,
malicious software detection,
feature extraction,
feature ratio difference,
random forest
中图分类号:
严海升, 李强, 孙开伟. 基于特征占比差的恶意软件检测方法[J]. 计算机工程, 2019, 45(8): 309-314.
YAN Haisheng, LI Qiang, SUN Kaiwei. Malicious Software Detection Method Based on Feature Ratio Difference[J]. Computer Engineering, 2019, 45(8): 309-314.