计算机工程 ›› 2019, Vol. 45 ›› Issue (8): 309-314.doi: 10.19678/j.issn.1000-3428.0052437

• 开发研究与工程应用 • 上一篇    下一篇

基于特征占比差的恶意软件检测方法

严海升1, 李强1, 孙开伟2   

  1. 1. 重庆文理学院 软件工程学院, 重庆 402160;
    2. 重庆邮电大学 计算机科学与技术学院, 重庆 400065
  • 收稿日期:2018-08-20 修回日期:2018-10-12 出版日期:2019-08-15 发布日期:2019-08-08
  • 作者简介:严海升(1987-),男,助理实验师、硕士,主研方向为信息安全;李强,工程师;孙开伟,讲师、博士。
  • 基金项目:
    国家自然科学基金(61806033);重庆市技术创新与应用示范项目(cstc2018jscx-msybX0136);重庆文理学院校级科研项目(2017ZRJ24)。

Malicious Software Detection Method Based on Feature Ratio Difference

YAN Haisheng1, LI Qiang1, SUN Kaiwei2   

  1. 1. School of Software Engineering, Chongqing University of Arts and Sciences, Chongqing 402160, China;
    2. School of Computer Science and Technology, Chongqing University of Posts and Telecommunications, Chongqing 400056, China
  • Received:2018-08-20 Revised:2018-10-12 Online:2019-08-15 Published:2019-08-08

摘要: 基于机器学习的Android平台恶意软件检测方法提取的权限信息特征维度高且类别区分能力弱,导致检测精度低及复杂度高。为此,提出一种基于特征占比差与加权随机森林的恶意软件检测方法。通过获取Android软件的权限信息和硬件组件信息,分析各类特征的占比差,并将特征属性作为分类模型的输入。在此基础上,对随机森林中的树模型赋予不同的权值,验证树模型对最终分类结果的影响。实验结果表明,与神经网络方法相比,基于特征占比差的特征构建方法所提取的特征具有较好的类别区分能力,且改进后的随机森林能提高恶意软件检测的准确性。

关键词: Android安全, 恶意软件检测, 特征提取, 特征占比差, 随机森林

Abstract: The Android platform malicious software detection method based on machine information extracts the feature information with high feature dimension and weak class distinguishing ability,resulting in low detection accuracy and high complexity.Therefore,a malicious software detection method based on Feature Ratio Difference(FRD) and weighted Random Forest(RF) is proposed.By obtaining the permission information and hardware component information of the Android software,the ration difference of various features is analyzed,and the feature attribute is used as the input of the classification model.On this basis,different weights are assigned to the tree model in the Random Forest(RF),and the impact of the tree model on the final classification result is verified.Experimental results show that the features extracted by the feature construction method based on the feature difference ratio have better class distinguishing ability,and the improved random forest can improve the accuracy of malware detection.

Key words: Android security, malicious software detection, feature extraction, feature ratio difference, random forest

中图分类号: