Android恶意应用的静态检测方法综述  被引量：4

作　　者：潘建文 崔展齐 林高毅 陈翔[2] 郑丽伟[1] Pan Jianwen;Cui Zhanqi;Lin Gaoyi;Chen Xiang;Zheng Liwei(Computer School,Beijing Information Science and Technology University,Beijing 100101;School of Information Science and Technology,Nantong University,Nantong,Jiangsu 226019)

机构地区：[1]北京信息科技大学计算机学院,北京100101 [2]南通大学信息科学技术学院,江苏南通226019

出　　处：《计算机研究与发展》2023年第8期1875-1894,共20页Journal of Computer Research and Development

基　　金：江苏省前沿引领技术基础研究专项(BK202002001);国家自然科学基金项目(61702041);北京信息科技大学“勤信人才”培育计划项目(QXTCP C201906)。

摘　　要：Android系统的开放性和第三方应用市场的多样性,使其在取得高市场占有率的同时也带来了巨大的风险,导致Android恶意应用层出不穷并广泛传播,严重威胁了用户的隐私和经济安全.如何有效检测Android恶意应用受到了研究人员的广泛关注.根据是否运行应用程序,将现有的恶意应用检测方法分为静态检测和动态检测.其中,静态检测的效率和代码覆盖率均优于动态检测,Drebin等静态检测工具取得了广泛应用.为此,系统调研了Android恶意应用静态检测领域的研究进展,并进行了分析和总结.首先,介绍了Android应用静态特征;然后,根据静态特征的不同,分别对基于权限、应用程序编程接口(application programming interface,API)和操作码等不同静态特征的Android恶意应用检测方法进行了分析,并总结了常用的Android应用数据集和评价Android恶意应用检测性能的常用指标;最后,对Android恶意应用静态检测技术的发展进行了总结和展望,以期为该领域的研究人员提供参考.Due to the openness of the Android system and the diversity of the third-party application markets,Android system has achieved a high market share while brought huge risks.As a result,Android malware emerge endlessly and spread widely,which seriously threaten users’privacy and economic security.How to effectively detect Android malware has been widely concerned by researchers.According to whether the application is executed or not,the existing malware detection methods are divided into static detection and dynamic detection.Between the two,the static detection methods outperform the dynamic detection methods in terms of efficiency and code coverage,Drebin and other static detection tools have been widely used.We systematically review the research progress in the field of static Android malware detection.First,the static features of Android applications are introduced.Then,according to different static features used for detecting Android malware,the static Android malware detection methods are classified into three categories:permissions,application programming interface(API),and opcode based approaches,and the Android application data sets and indicators commonly used to evaluate the detection performance of Android malware are summarized.Finally,potential research directions of static Android malware detection techniques in the future are discussed,which provides references for researchers in related directions.

关 键 词：Android恶意应用 静态检测 权限 应用编程接口 操作码 

分 类 号：TP311.5[自动化与计算机技术—计算机软件与理论]