基于集成学习的Android恶意代码检测研究
发布时间:2018-08-24 10:02
【摘要】:近几年中,随着科技的飞速发展,以搭载Android操作系统为主的移动智能终端已经成为每个人生活中必不可少的组成部分。越来越多的个人因此被保存在智能终端中,这些数据一但发生泄漏,将会对用户的隐私安全和财产安全产生极大威胁。随着恶意应用的泛滥,各大安全厂商也将Android安全防护作为重点研究内容,并取得了一定的成效。但是,在灰色产业链巨大利益的诱惑之下,恶意代码的自我保护技术和抗检测、抗分析技术也在飞速发展,这为Android安全的研究带来了极大阻力。因此,研究对Android恶意应用进行识别的检测算法显得尤为重要,一种有效的检测Android恶意应用的机制能够为用户的隐私和财产安全带来有效的保障。本文通过对当前国内外Android恶意代码检测技术的分析和研究,在动态检测和静态检测的基础上提出了一种基于集成学习的Android恶意代码检测机制,本文主要内容叙述如下:1)对Android系统架构、APK结构以及应用运行机制进行研究;针对当前Android恶意应用识别方法进行了分析和整理;分别对比了当前Android恶意应用静态检测方案和动态检测方案;2)通过对传统的静态Android恶意代码检测算法进行分析和研究,提出了一种基于树突状细胞算法(DCA)的Android恶意代码检测算法。该算法以Android的应用安装包文件内Dalvik汇编代码以及危险API调用作为特征,实现了Android恶意代码静态特征检测;3)通过对传统的动态Android恶意代码检测算法的研究,提出了一种基于系统服务调用共生矩阵的Android恶意代码动态检测算法。该算法可以避开静态检测所遇到的多态变形、代码混淆等难题,通过检测系统运行时的系统服务调用序列,实现对恶意Android应用的动态检测;4)依据以上理论成果,提出了一种基于集成学习的Android恶意代码检测系统。该系统实现了动态检测方法与静态检测方法的优势互补,并通过基于旋转森林的集成学习算法提高了系统的稳定性和检测效率。此外,在进行算法理论研究的基础上,搭建了实验仿真环境对从Andro Mal Share获取的750例恶意Android应用以及从Google Play获取的1250例正常应用进行了测试,并在集成规模为L20的情况下获得了99.3%的检测率。
[Abstract]:In recent years, with the rapid development of science and technology, mobile intelligent terminal with Android operating system has become an indispensable part of everyone's life. As a result, more and more individuals are stored in smart terminals. Once the data is leaked, it will pose a great threat to the privacy and property security of users. With the spread of malicious applications, the major security manufacturers also focus on Android security protection, and achieved certain results. However, under the temptation of the huge benefit of grey industry chain, the self-protection technology, anti-detection and anti-analysis technology of malicious code are also developing rapidly, which brings great resistance to the research of Android security. Therefore, it is particularly important to study the detection algorithm for Android malicious applications. An effective mechanism for detecting Android malicious applications can provide effective protection for user privacy and property security. Based on the analysis and research of Android malicious code detection technology at home and abroad, this paper proposes a Android malicious code detection mechanism based on integrated learning based on dynamic detection and static detection. The main contents of this paper are as follows: (1) Research on Android system architecture and application running mechanism, analysis and arrangement of current Android malicious application identification methods; This paper compares the current Android malicious application static detection scheme with the dynamic detection scheme. By analyzing and researching the traditional static Android malicious code detection algorithm, a Android malicious code detection algorithm based on dendritic cell algorithm (DCA) is proposed. This algorithm takes Dalvik assembly code in Android application package file and dangerous API call as the feature, and realizes the static feature detection of Android malicious code by studying the traditional dynamic Android malicious code detection algorithm. A dynamic detection algorithm for Android malicious code based on system service call co-occurrence matrix is proposed. The algorithm can avoid the difficulties of static detection such as polymorphic deformation and code confusion. By detecting the system service call sequence while the system is running, the dynamic detection of malicious Android application can be realized. A Android malicious code detection system based on integrated learning is proposed. The system realizes the complementary advantages of the dynamic detection method and the static detection method, and improves the stability and detection efficiency of the system through the integrated learning algorithm based on rotating forest. In addition, on the basis of the theoretical study of the algorithm, a simulation environment is built to test 750 malicious Android applications obtained from Andro Mal Share and 1250 normal applications obtained from Google Play. A detection rate of 99.3% was obtained when the integrated scale was L 20.
【学位授予单位】:天津理工大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP309;TP316
[Abstract]:In recent years, with the rapid development of science and technology, mobile intelligent terminal with Android operating system has become an indispensable part of everyone's life. As a result, more and more individuals are stored in smart terminals. Once the data is leaked, it will pose a great threat to the privacy and property security of users. With the spread of malicious applications, the major security manufacturers also focus on Android security protection, and achieved certain results. However, under the temptation of the huge benefit of grey industry chain, the self-protection technology, anti-detection and anti-analysis technology of malicious code are also developing rapidly, which brings great resistance to the research of Android security. Therefore, it is particularly important to study the detection algorithm for Android malicious applications. An effective mechanism for detecting Android malicious applications can provide effective protection for user privacy and property security. Based on the analysis and research of Android malicious code detection technology at home and abroad, this paper proposes a Android malicious code detection mechanism based on integrated learning based on dynamic detection and static detection. The main contents of this paper are as follows: (1) Research on Android system architecture and application running mechanism, analysis and arrangement of current Android malicious application identification methods; This paper compares the current Android malicious application static detection scheme with the dynamic detection scheme. By analyzing and researching the traditional static Android malicious code detection algorithm, a Android malicious code detection algorithm based on dendritic cell algorithm (DCA) is proposed. This algorithm takes Dalvik assembly code in Android application package file and dangerous API call as the feature, and realizes the static feature detection of Android malicious code by studying the traditional dynamic Android malicious code detection algorithm. A dynamic detection algorithm for Android malicious code based on system service call co-occurrence matrix is proposed. The algorithm can avoid the difficulties of static detection such as polymorphic deformation and code confusion. By detecting the system service call sequence while the system is running, the dynamic detection of malicious Android application can be realized. A Android malicious code detection system based on integrated learning is proposed. The system realizes the complementary advantages of the dynamic detection method and the static detection method, and improves the stability and detection efficiency of the system through the integrated learning algorithm based on rotating forest. In addition, on the basis of the theoretical study of the algorithm, a simulation environment is built to test 750 malicious Android applications obtained from Andro Mal Share and 1250 normal applications obtained from Google Play. A detection rate of 99.3% was obtained when the integrated scale was L 20.
【学位授予单位】:天津理工大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP309;TP316
【相似文献】
相关期刊论文 前10条
1 袁萌;;Android计划为什么要悬赏1000万[J];信息系统工程;2007年12期
2 林耕宇;;观摩50名Google Android程序开发竞赛作品[J];电子与电脑;2008年08期
3 树子;;Android中文版不完全体验[J];互联网天地;2009年04期
4 Jason Whitmire;;产业软件专家如何协助解决Android的分裂困境[J];电子与电脑;2010年02期
5 蒋彬;;10款Android手机必备应用——Android操作系下的软件评测[J];微电脑世界;2010年04期
6 ;PCWorld Windows Phone 7挑战Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微电脑世界;2010年08期
7 韩青;;Android平台发展的动力与挑战[J];中国电子商情(基础电子);2010年09期
8 方智勇;;Android手机这样用[J];电脑迷;2010年15期
9 缺少浪漫;;Android的另一面[J];电脑迷;2010年13期
10 ;ZTE and Three Release Android ,
本文编号:2200474
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2200474.html
