• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学

• 计算机网络与信息安全 • 上一篇    下一篇

面向Android恶意应用静态检测的特征频数差异增强算法

李向军1,2,孔珂2,魏智翔1,王科选1,肖聚鑫1   

  1. (1.南昌大学软件学院,江西 南昌 330047;2.南昌大学计算机科学与技术系,江西 南昌 330031)
  • 收稿日期:2019-12-31 修回日期:2020-02-27 出版日期:2020-06-25 发布日期:2020-06-25
  • 基金资助:

    国家自然科学基金(61862042,61762062);江西省科技创新平台项目(20181BCD40005);江西省主要学科学术和技术带头人项目(20172BCB22030);江西省自然科学基金(20192BAB207019,20192BAB207020);江西省重点研发计划项目(20192BBE50075,20181ACE50033);江西省研究生创新基金(YC2019-S100,YC2019-S048);江西省高等学校大学生实践创新训练计划(201910403041)

A feature frequency differential enhancement algorithm
for static detection of Android malicious applications
 

LI Xiang-jun1,2 ,KONG Ke2 ,WEI Zhi-xiang1,WANG Ke-xuan1,XIAO Ju-xin1   

  1. (1.School of Software,Nanchang University,Nanchang 330047;
    2.Department of Computer Science and Technology,Nanchang University,Nanchang 330031,China)
     
     
  • Received:2019-12-31 Revised:2020-02-27 Online:2020-06-25 Published:2020-06-25

摘要:

随着Android应用程序数量的快速增长,面向Android应用程序的安全性检测已成为网络安全领域的热点研究问题之一。针对恶意应用静态检测的特征选择,给出了良性特征、恶意特征、良性典型特征、恶意典型特征、非典型特征等概念,设计提出了特征频数差异增强算法FDE。FDE算法通过计算特征出现在良性与恶意应用中的频数,去除静态特征中的非典型特征。为合理验证算法的目标效果和性能优劣,分别设计了基于平衡数据与非平衡数据的实验,对于非平衡数据,引入了权重损失函数。实验结果表明,FDE算法可有效去除静态特征中的非典型特征,筛选出有效特征,权重损失函数可有效提高非平衡数据中的恶意数据识别率。

关键词: 特征频数差异增强算法, 权重损失函数, 特征选择, 非典型特征, 恶意应用

Abstract:

With the rapid growth of the number of Android applications, security detection of Android applications has become one of the hot issues in the field of network security. Aiming at the feature selection of static detection for malicious applications, this paper gives the concepts of benign feature, malicious feature, benign typical feature, malicious typical feature and atypical feature, and designs the feature Frequency Differential Enhancement (FDE) algorithm. The FDE algorithm eliminates the atypical features in static features by calculating the frequency of features in benign and malicious applications. In order to verify the target effect and performance of the FDE algorithm, experiments based on equilibrium data and non-equilibrium data are designed, and a weight loss function is introduced for non-equilibrium data experiments. Experimental results show that the FDE algorithm can effectively remove atypical features from static features and screen out valid features, and weight loss function can effectively improve the recognition rate of malicious data in non-equilibrium data.
 

Key words: feature frequency differential enhancement algorithm;weight loss function;feature selection, atypical feature;malicious application