一种Android恶意行为检测算法

doi:10.3969/j.issn.1001-2400.2015.03.002

Abstract

Abstract:

The paper presents a novel Android malware behavioral detection algorithm. The algorithm characterizes Android applications’ behaviors by system call sequences and control flow sequences, trains a malware feature base and a threshold by analyzing known malware samples. Then, we calculate the similarities between the feature base and Android applications, and detect malware by comparing the similarities with the threshold. Finally, an Android malware detection system named SCADect is developed according to the algorithm. The detection accuracy of detecting 3000 samples is up to 96.8％, and the detection rate of classifying 8-cluster obfuscated malware including 237 samples can reach 89％, obviously better than the tool Androguard. The results show that the SCADect is able to resist obfuscated and cryptographic attacks, improves the detection accuracy and reduces the false negative rate.

Key words: smartphones, malware, classification, similarity

WANG Zhiqiang;ZHANG Yuqing;LIU Qixu;HUANG Tingpei. Algorithm to detect Android malicious behaviors[J].J4, 2015, 42(3): 8-14.

References

［1］曹莹, 刘家辰, 苗启广, 等. AdaBoost恶意程序行为检测新算法［J］. 西安电子科技大学学报, 2013, 40(6): 116-124.
Cao Ying, Liu Jiachen, Miao Qiguang, et al. Improved Behavior-based Malware Detection Algorithm with AdaBoost ［J］. Journal of Xidian University, 2013, 40(6): 116-124.
［2］ Natani P, Vidyarthi D. An Overview of Detection Techniques for Metamorphic Malware ［C］//Proceedings of the International Conference on Intelligent Computing, Networking, and Informatics. Raipur: Springer India, 2013: 637-643.
［3］ Santos I, Brezo F, Ugarte X, et al. Opcode Sequences as Representation of Executables for Data-mining-based Unknown Malware Detection ［J］. Information Sciences, 2013, 231(1): 64-82.
［4］ Zhao Z, Wang J, Bai J. Malware Detection Method Based on the Control-flow Construct Feature of Software ［J］. IET Information Security, 2014, 8(1): 18-24.
［5］ Bose A, Hu X, Shin K G, et al. Behavioral Detection of Malware on Mobile Handsets ［C］//Proceedings of the 6th International Conference on Mobile Systems, Applications and Services. New York: ACM, 2008: 225-238.
［6］ Schmidt D, Bye R, Schmidt G, et al. Static Analysis of Executables for Collaborative Malware Detection on Android ［C］//Proceedings of the IEEE International Conference on Communications. Piscataway: IEEE, 2009: 1-5.
［7］ Shabtai A, Fledel Y, Elovici Y. Automated Static Code Analysis for Classifying Android Applications Using Machine Learning ［C］//Proceedings of the IEEE International Conference on Computational Intelligence and Security. Los Alamitos: IEEE, 2010: 329-333.
［8］ Xie L, Zhang X W, Seifert P, et al. PBMDS: a Behavior-based Malware Detection System for Cellphone Devices ［C］//Proceedings of the Third ACM Conference on Wireless Network Security. New York: ACM, 2010: 37-48.
［9］ Burguera I, Zurutuza U, Nadjm-Tehrani S. Crowdroid: Behavior-based Malware Detection System for Android ［C］//Proceedings of the 1st ACM Workshop: Security and Privacy in Smartphones and Mobile Devices. New York: ACM, 2011: 15-25.
［10］ Google. Android Official Market ［DB/OL］. ［2014-02-27］. https://play.google.com/store.
［11］ Torvalds L. Linux System Call Table ［EB/OL］. ［2014-02-27］. http://osinside.net/syscall/system_call_table.htm.
［12］ Kranenburg P, Levin D. Strace ［CP/OL］. ［2014-02-27］. http://sourceforge.net/projects/strace.
［13］ Cesare S, Xiang Y. Classification of Malware Using Structured Control Flow ［C］//Proceedings of the 8th Australasian Symposium on Parallel and Distributed Computing. Brisbane: Australian Computer Society, 2010: 61-70.
［14］ Apel M, Bockermann C, Meier M. Measuring Similarity of Malware Behavior ［C］//Proceedings of the 34th Conference on Local Computer Networks. Los Alamitos: IEEE Computer Society, 2009:891-898.
［15］ Cilibrasi R, Vitanyi B. Clustering by Compression ［J］. IEEE Transactions on Information Theory, 2005, 51(4): 1523-1545.
［16］ Zhou Y, Jiang X. Android Malware Genome Project ［EB/OL］. ［2014-02-27］. http://www.malgenomeproject.org.
［17］ Desnos A. Androguard Malware Database ［DB/OL］. ［2014-02-27］. https://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares.
［18］ Parkour M. Contagiodump ［EB/OL］. ［2014-02-27］. http://contagiodump.blogspot.com.

[1]	QIN Ningning,WU Yisong,YANG Le. Algorithm for multivariate similarity localization based on dynamic fuzzy matching [J]. Journal of Xidian University, 2021, 48(4): 27-35.
[2]	DUAN Chongdi,HAN Chaolei,YANG Zhiwei,ZHANG Qingjun. Inshore ambiguity clutter suppression method aided by clutter classification [J]. Journal of Xidian University, 2021, 48(2): 64-71.
[3]	LI Shan,ZHNAG Kun,SHUI Penglang. Ship length distribution modeling on China offshore and ability evaluation of radar ship classification [J]. Journal of Xidian University, 2021, 48(2): 84-91.
[4]	ZHOU Jianyu,WEI Yinsheng,XU Rongqing. Improved ionospheric clutter classification method based on fuzzy C-means clustering [J]. Journal of Xidian University, 2021, 48(2): 35-41.
[5]	LI Hai,SHANG Jinlei,SUN Tingyi,FENG Qing,ZHUANG Zibo. Method for hydrometeor classification based on MC-DTSVMs [J]. Journal of Xidian University, 2020, 47(4): 132-140.
[6]	LIU Daohua,WANG Shasha,YANG Zhipeng,CUI Yushuang. Improved face image classification method based on the local embedding network [J]. Journal of Xidian University, 2020, 47(4): 18-23.
[7]	LI Jiang,FENG Cunqian,WANG Yizhe,XU Xuguang. Deep learning model for micro-motion classification of cone targets [J]. Journal of Xidian University, 2020, 47(3): 105-112.
[8]	YAN Lin,LIU Kai,DUAN Meiyu. Lightweight deep neural network for point cloud classification [J]. Journal of Xidian University, 2020, 47(2): 46-53.
[9]	ZHANG Zhichang,ZHANG Zhiman,ZHANG Zhenwen. Classifying health questions with local semantic and global structural information [J]. Journal of Xidian University, 2020, 47(2): 9-15.
[10]	SONG Jianfeng,WEI Yue,MIAO Qiguang,QUAN Yining,CHEN Yusheng. Urine cell image classification algorithm based on the squeeze and excitation mechanism [J]. Journal of Xidian University, 2020, 47(2): 39-45.
[11]	CAO Yi,HUANG Zilong,ZHANG Wei,LIU Chen,LI Wei. Urban sound event classification with the N-order dense convolutional network [J]. Journal of Xidian University, 2019, 46(6): 9-16.
[12]	XIAO Lijun,GUO Jichang,GU Xiangyuan. Algorithm for selection of features based on dynamic weights using redundancy [J]. Journal of Xidian University, 2019, 46(5): 155-161.
[13]	XIE Lixia,WEI Ruixin. IoT Node trust comprehensive evaluation model [J]. Journal of Xidian University, 2019, 46(4): 58-65.
[14]	YANG Hongyu,NA Yuzhuo. Android malware detection model [J]. Journal of Xidian University, 2019, 46(3): 45-51.
[15]	SUN Chen, CHENG Liye. Spatial sensing matrix learning for PolSAR image classification [J]. Journal of Xidian University, 2018, 45(6): 92-98.

Algorithm to detect Android malicious behaviors

PDF (PC)

Like

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Metrics

Comments

Recommended 0