检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:罗文塽 张小志[2] 李磊[2] LUO Wen-shuang;ZHANG Xiao-zhi;LI Lei(Xingtai Polytechnic College,Xingtai,Hebei 054035,China)
机构地区:[1]邢台职业技术学院信息工程系,河北邢台054035 [2]邢台职业技术学院,河北邢台054035
出 处:《邢台职业技术学院学报》2020年第1期92-95,共4页Journal of Xingtai Polytechnic College
基 金:河北省科技厅项目--“基于网络行为分析的移动终端恶意软件智能检测方法研究”,编号:18210705。
摘 要:在Android系统的飞速发展和恶意软件持续大幅增加的情况下,提出了一种基于权限威胁值的恶意软件动态行为分析方法。首先,通过分析权限在应用程序中的必要性计算每个权限在应用程序中的威胁值;然后,根据威胁值大小监控威胁值较大的权限相应的API接口的调用和流向,记录产生流量时的目标IP地址;进而,通过进一步训练,得到正常行为库和恶意行为库;最后,将目标IP地址与正常和恶意IP地址信息进行比较来识别恶意软件。实验结果表明,该检测方法有95.6%的召回率和94.1%的正确率。With the rapid development of Android system and the increasing of malwares,a malware dynamic behavior analytical method based on permission threat value was proposed.Firstly,the threat value of each privilege in the application was calculated by analyzing the need for permissions in the application;Secondly,according to the threat value,the call and flow direction of the corresponding API interface was monitored and the target IP address generated during network communication was recorded;then,the IP address generated during network communication was extracted and normal behavior library and malicious behavior library was obtained by training normal and malicious samples.Finally,malware was identified by comparing the target IP address with normal and malicious IP address information.The experimental results show that the proposed method could reach the recall rate of 95.6%and the accuracy rate of 94.1%.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.249