基于函数调用图的Android恶意代码检测方法研究  被引量:2

Android Malicious Code Detection Method Based on Function Call Graph

在线阅读下载全文

作  者:李自清[1] 

机构地区:[1]青海民族大学物理与电子信息工程学院,西宁810007

出  处:《计算机测量与控制》2017年第10期198-201,205,共5页Computer Measurement &Control

基  金:教育部"春晖计划"合作科研项目(S2015037)

摘  要:随着移动互联网的迅猛发展和智能设备的普及,Android平台的安全问题日益严峻,不断增多的恶意软件对终端用户造成了许多困扰,严重威胁着用户的隐私安全和财产安全;因此对恶意软件的分析与研究也成为安全领域的热点之一;提出了一种基于函数调用图的Android程序特征提取及检测方法;该方法通过对Android程序进行反汇编得到函数调用图,在图谱理论基础上,结合函数调用图变换后提取出的图结构和提取算法,获取出具有一定抗干扰能力的程序行为特征;由于Android函数调用图能够较好地体现Android程序的功能模块、结构特征和语义;在此基础上,实现检测原型系统,通过对多个恶意Android程序分析和检测,完成了对该系统的实验验证;实验结果表明,利用该方法提取的特征能够有效对抗各类Android程序中的混淆变形技术,具有抗干扰能力强等特点,基于此特征的检测对恶意代码具有较好地识别能力。With the popularity of the rapid development of mobile Internet and smart devices,Android platform security issues become more and more serious,more malware caused a lot of trouble to the end user,a serious threat to the safety of the user's privacy and property safety.Therefore,the analysis and research of malware has become one of the hot topics in security field.An innovative practical feature extraction and detection of Android program scheme based on function call graph is proposed in this paper.On Android program disassembling function call graph is obtained by the method,which based on the spectral graph theory,combined with the function call graph transformation after extraction of graph structure and extraction algorithm to obtain a certain anti-interference ability of program behavior characteristics.On this basis,the prototype system is realized,and the system is verified by the analysis and detection of a number of malicious Android programs.The experimental results show that the features extracted by this method can effective against all kinds of Android application confusion deformation technology,has the characteristics of strong anti-jamming ability.Based on this feature detection of malicious code has better recognition ability..

关 键 词:函数调用图 恶意代码 检测方法 研究 

分 类 号:TP311.1[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象