Android Malicious Behavior Detection Method Based on Context Information

doi:10.19678/j.issn.1000-3428.0048008

Abstract

Abstract:

In view of the shortcomings of existing Android malware detection methods and the characteristics of common Android malware,a Android malicious behavior detection method based on context information is proposed.The sensitive Application Programming Interface (API) is extracted from the method call graph,the activate events and the conditional factor of its behavior are analyzed,and then the contextual features that can effectively describe the malware behavior are generated.On this basis,the malicious behavior is judged by comparing the normal application and the malware features.Experimental results on 266 Android malicious application samples show that the accuracy rate of the detection method is 92.86%and the recall rate is 95.21%.

Key words: malicious behavior, permission, activate events, context information, static detection

摘要：

针对现有Android恶意软件检测方法存在的局限性和常见Android恶意软件的特点,提出一种基于上下文信息的Android恶意行为检测方法。从方法调用图中提取敏感应用程序编程接口,分析其行为的激活事件和条件因子,生成能够有效描述恶意软件行为的语境特征。在此基础上,通过对比正常应用程序和恶意软件的特征来判断其是否为恶意行为。对266个Android恶意应用样本进行实验,结果表明,该检测方法的精确率为92.86%,召回率为95.21%。

关键词: 恶意行为, 权限, 激活事件, 上下文信息, 静态检测

CLC Number:

TP391

LU Zhengjun,FANG Yong,LIU Liang,ZHANG Wenjie,ZUO Zheng. Android Malicious Behavior Detection Method Based on Context Information[J]. Computer Engineering, 2018, 44(7): 150-155.

卢正军,方勇,刘亮,张文杰,左政. 基于上下文信息的Android恶意行为检测方法[J]. 计算机工程, 2018, 44(7): 150-155.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0048008

http://www.ecice06.com/EN/Y2018/V44/I7/150

References

［1］GRACE M,ZHOU Y,ZHANG Q,et al.RiskRanker:scalable and accurate zero-day Android malware detection［C］//Proceedings of International Conference on Mobile Systems,Applications,and Services.New York,USA:ACM Press,2012:281-294.
［2］FELT A P,CHIN E,HANNA S,et al.Android permissions demystified［C］//Proceedings of the 18th ACM Conference on Computer and Communications Security.New York,USA:ACM Press,2011:627-638.
［3］ENCK W,ONGTANG M,MCDANIEL P.On light-weight mobile phone application certification［C］//Proceedings of the 16th ACM Conference on Computer and Communications Security.New York,USA:ACM Press,2009:235-245.
［4］刘华煜.基于支持向量机的机器学习研究［D］.黑龙江:大庆石油学院,2005.
［5］GASCON H,YAMAGUCHI F,ARP D,et al.Structural detection of Android malware using embedded call graphs［C］//Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security.New York,USA:ACM Press,2013:45-54.
［6］SANZ B,SANTOS I,UGARTE-PEDRERO X,et al.Anomaly detection using string analysis for Android malware detection［C］//Proceedings of SOCO’13.Berlin,Germany:Springer,2013:469-478.
［7］ENCK W,GILBERT P,CHUN B G,et al.TaintDroid:an information flow tracking system for real-time privacy monitoring on smartphones［J］.Acm Transactions on Computer Systems,2010,32(2):1-29.
［8］BURGUERA I,ZURUTUZA U,NADJM-TEHRANI S.Crowdroid:behavior-based malware detection system for Android［C］//Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices.New York,USA:ACM Press,2011:15-26.
［9］SHABTAI A,KANONOV U,ELOVICI Y,et al.“Andromaly”:a behavioral malware detection frame-work for Android devices［J］.Journal of Intelligent Information Systems,2012,38(1):161-190.
［10］陈鸿,金培权,岳丽华,等.基于上下文特征分类的评论长句切分方法［J］.计算机工程,2015,41(9):233-237,244.
［11］胡彬,王春东,胡思琦,等.基于机器学习的移动终端高级持续性威胁检测技术研究［J］.计算机工程,2017,43(1):241-246.
［12］AU K W Y,ZHOU Y F,HUANG Z,et al.PScout:analyzing the Android permission specification［C］//Proceedings of ACM Conference on Computer and Communications Security.New York,USA:ACM Press,2012:217-228.
［13］STEVEN A.Soot-infoflow-Android［EB/OL］.［2017-06-30］.https://github.com/secure-software-engineering/soot-infoflow-android/blob/develop/SourcesAndSinks.txt.
［14］VALLERAI R,CO P,GAGNON E,et al.Soot:a Java bytecode optimization framework［J］.Masters Abstracts International,2010,41(1):214-224.
［15］MILTENBERGER M.Soot:a Java optimization frame-work［EB/OL］.［2017-06-30］.https://github.com/Sable/soot.
［16］STEVEN A.Android-specific components of FlowDroid［EB/OL］.［2017-06-30］.https://github.com/secure-software-engineering/soot-infoflow-android.
［17］范永东.模型选择中的交叉验证方法综述［D］.太原:山西大学,2013.

[1]	WEN Jing, YANG Jie. Depth Estimation Based on Scene Object Attention and Depth Map Fusion [J]. Computer Engineering, 2023, 49(2): 222-230.
[2]	ZHANG Hongsheng, ZOU Ning. Unlicensed Access Scheme for LTE Based on Stochastic Multi-Subframe Aided Scheduling [J]. Computer Engineering, 2020, 46(6): 149-154.
[3]	DU Yuanzhi,DU Xuehui,YANG Zhi. Attribute-based Encryption Information Flow Control and Implementation in Cloud Computing Environment [J]. Computer Engineering, 2018, 44(3): 27-36.
[4]	WANG Zheng,XU Dewu,HAN Jianmin,LU Jianfeng. Safety and Consistency Verification for a High-level Permission Assignment Constraint [J]. Computer Engineering, 2018, 44(1): 171-175,181.
[5]	ZHANG Jing,CHEN Yao,FAN Hongbo,SUN Jun. Control Strategy of Task Scheduling Permission in Cyber-physical System [J]. Computer Engineering, 2017, 43(4): 60-66.
[6]	HU Bin,WANG Chundong,HU Siqi,ZHOU Jingchun. Research on Advanced Persistent Threat Detection Technology for Mobile Terminal Based on Machine Learning [J]. Computer Engineering, 2017, 43(1): 241-246.
[7]	JIN Ge,XUE Zhi,QI Kaiyue. Main Boot Record Rootkit Modeling and Its Static Detection Method [J]. Computer Engineering, 2015, 41(7): 184-189.
[8]	JIN Ge,XUE Zhi,QI Kaiyue. Bootkit Detection Method Based on Disk Hidden PE File Searching [J]. Computer Engineering, 2015, 41(6): 116-120.
[9]	HAN Zhigeng,CHEN Geng,WANG Liangmin,JIANG Jian. A General Model for Reputation Revaluation Based on Time-lag Weakening Strategy [J]. Computer Engineering, 2015, 41(5): 163-168.
[10]	LI Chunmei,YANG Xiaodong,ZHOU Sian,LI Yan,WANG Caifen. A Fined-grained Cryptograph Access Control Scheme for Social Network [J]. Computer Engineering, 2015, 41(2): 117-121,128.
[11]	XU Peijuan,ZHENG Jing,XU Maojing. Multi-level Security Database Model Based on Roles [J]. Computer Engineering, 2015, 41(1): 135-138.
[12]	SUN Wei,SU Hui,LI Yanling. Optimization Method of Role Mining Based on Mutually Exclusive Permissions Constraints [J]. Computer Engineering, 2014, 40(11): 205-210.
[13]	ZHU Jing-hua,WANG Xiao-ling. XML Keyword Search Based on Extended Query Expression [J]. Computer Engineering, 2014, 40(10): 25-31.
[14]	TUN Da-Yong, ZHENG Zi-Wei. Optimization Scheme of Access Permission Mechanism Based on Android Platform [J]. Computer Engineering, 2013, 39(5): 144-147.
[15]	ZHONG Meng-Quan, LI Huan-Zhou, TANG Zhang-Guo, ZHANG Jian. Trojan Detection System Based on Weighting of Dynamic and Static Characteristics [J]. Computer Engineering, 2012, 38(2): 153-155.

Please choose a citation manager

Content to export