[1]张怡婷,张扬,张涛,等.基于朴素贝叶斯的Android软件恶意行为智能识别[J].东南大学学报(自然科学版),2015,45(2):224-230.[doi:10.3969/j.issn.1001-0505.2015.02.005]
 Zhang Yiting,Zhang Yang,Zhang Tao,et al.Intelligent identification of malicious behavior in Android applications based on Naive Bayes[J].Journal of Southeast University (Natural Science Edition),2015,45(2):224-230.[doi:10.3969/j.issn.1001-0505.2015.02.005]
点击复制

基于朴素贝叶斯的Android软件恶意行为智能识别()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
45
期数:
2015年第2期
页码:
224-230
栏目:
计算机科学与工程
出版日期:
2015-03-20

文章信息/Info

Title:
Intelligent identification of malicious behavior in Android applications based on Naive Bayes
作者:
张怡婷12张扬2张涛3杨明2罗军舟2
1南京邮电大学计算机学院, 南京 210023; 2东南大学计算机科学与工程学院, 南京 210096; 3国网智能电网研究院信息通信研究所, 南京 210009
Author(s):
Zhang Yiting12 Zhang Yang2 Zhang Tao3 Yang Ming2 Luo Junzhou2
1College of Computer, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
2School of Computer Science and Engineering, Southeast University, Nanjing 210096, China
3Information and Communication Department, State Grid Smart Grid Research Institute, Nanjing 210009, China
关键词:
Android安全 隐私泄露 权限使用 恶意行为识别
Keywords:
Android security privacy leakage permission use malicious behavior identification
分类号:
TP393
DOI:
10.3969/j.issn.1001-0505.2015.02.005
摘要:
针对Android系统提供的基于应用权限授权的安全管理机制粒度较粗,并且一旦用户对应用软件授权即无法更改或追踪权限使用的问题,提出了一种基于朴素贝叶斯的Android软件恶意行为识别方法.该方法综合考虑软件运行时的用户操作场景和用户行为习惯以及软件权限等特性,抽取软件是否为系统应用、权限使用时是否有用户操作、软件是否申请了过多的权限、是否存在敏感权限组合、权限的使用是否存在突发性等作为分类属性,并通过对Android安全框架的扩展,实现了对恶意行为的实时分析和处理.实验结果表明,所设计和实现的Android软件恶意行为智能识别技术具有较高的识别率和较低的误报率,并且对系统性能的影响较小,可以有效增强Android系统的安全性.
Abstract:
As Android only provides coarse security management mechanism based on per-application permission authorization, and the granted permissions cannot be tuned and tracked during runtime, a malicious software behavior identification method using Naive Bayes classifier is proposed. When analyzing software behavior, not only software property such as permissions, but also user operation and behavior and some other characteristics are all taken into accounts. Accordingly, different classification features are extracted, such as whether the software is a system application, whether permission use is caused by user operations, whether the application is overprivileged whether there exists certain permission combination, whether there exist permission use bursts, and etc. By extending the Android security framework, malicious behavior can be detected and processed in real time. Experimental results show that the proposed method can detect malicious behavior with high detection rate, lower false positive rate and little system performance loss, which proves itself to be effective in enhancement of the security of Android system efficiently and effectively.

参考文献/References:

[1] IDC Press. Smartphone OS market share 2014, 2013, 2012, and 2011[EB/OL].(2004-07-01)[2014-08-07].http://www.idc.com/prodserv/smartphone-os-market-share.jsp.
[2] NQMobile网秦. 2014年第一季度全球手机安全报告[EB/OL].(2004-06-10)[2014-08-07]. http://cn.nq.com/news/360.
[3] Enck W, Ongtang W, McDaniel P. On lightweight mobile phone application certification[C]//Proceedings of 16th ACM Conference on Computer and Communications Security.Chicago, Illinois, USA, 2009: 235-245.
[4] Barrera D, Kayacik H, Paul C, et al. A methodology for empirical analysis of permission-based security models and its application to Android[C]//Proceedings of the 17th ACM Conference on Computer and Communications Security. Chicago, Illinois, USA,2010: 73-84.
[5] Enck W, Gilbert P, Chun B G. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones[C]//Proceedings of USENIX Symposium on Operating Systems Design and Implementation.Berkeley, California, USA, 2010: 24-38.
[6] Zhang Y, Yang M, Xu B, et al. Vetting undesirable behaviors in Android apps with permission use analysis[C]//Proceedings of the 20th ACM Conference on Computer and Communications Security. Berlin, Germany, 2013: 611-622.
[7] Miettinen M, Halonen P, Hatonen K. Host-based intrusion detection for advanced mobile devices[C]//Proceedings of Advanced Information Networking and Applications. Vienna, Austria, 2006: 72-76.
[8] Schmidt A, Schmidt H, Clausen J, et al. Enhancing security of Linux-based Android devices[C]//Proceedings of the 15th International Linux System Technology Conference. Hamburg, Germany, 2008: 174-189.
[9] Rieck K, Holz T, Willems C, et al. Learning and classification of malware behavior[C]//Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Paris, France, 2008: 108-125.
[10] Bose A, Shin K. Proactive security for mobile messaging networks[C]//Proceedings of the 5th ACM Workshop on Wireless Security. Los Angeles, California, USA, 2006: 95-104.
[11] Xie L, Zhang X, Seifert J, et al. pBMDS: a behavior-based malware detection system for cellphone devices[C]//Proceedings of the Third ACM Conference on Wireless Network Security. Hoboken, New Jersey, USA, 2010: 37-48.
[12] Shabtai A, Kanonov U, Elovici Y, et al. "Andromaly": a behavioral malware detection framework for Android devices[J]. Journal of Intelligent Information Systems, 2012, 38(1): 161-190.
[13] Zhou Y, Jiang X. Dissecting Android malware: characterization and evolution[C]//Proceedings of IEEE Symposium on Security and Privacy. San Francisco, California, USA, 2012: 95-109.

备注/Memo

备注/Memo:
收稿日期: 2014-12-07.
作者简介: 张怡婷(1978—),女,讲师,zyt@njupt.edu.cn.
基金项目: 国家自然科学基金资助项目(61272054, 61320106007)、国家高技术研究计划(863计划)资助项目(2013AA013503)、国家电网公司科技资助项目(EPRIXXKJ[2014]2244)、江苏省网络与信息安全重点实验室资助项目(BM2003-201)、网络与信息集成教育部重点实验室(东南大学)资助项目(93K-9).
引用本文: 张怡婷,张扬,张涛,等.基于朴素贝叶斯的Android软件恶意行为智能识别[J].东南大学学报:自然科学版,2015,45(2):224-230. [doi:10.3969/j.issn.1001-0505.2015.02.005]
更新日期/Last Update: 2015-03-20