作　　者： (李剑）; (朱月俊）;

机构地区： 北京邮电大学计算机学院,北京100086

出　　处： 《信息安全研究》 2017年第9期817-822,共6页

摘　　要： 为了提高安卓恶意软件检测效率,提出了一种基于权限的安卓恶意软件检测方法.通过构建自动化特征提取过程来提取安卓应用中的权限特征,使用信息增益来生成数据集.结合无监督(KMeans)以及有监督(随机森林、分类回归树、J48)机器学习算法,将安卓应用划分为正常软件、短信木马、间谍软件、RootExploit、僵尸网络.正常软件从官方市场手动下载,恶意软件从VirusTotal,Contagio下载.实验结果表明该检测方法准确率达到97%,误报率为0.6%.该方法可以有效地检测出不同类型的安卓恶意软件. In order to improve the efficiency of Android malware detection, a method based on permission to detect Android malware is proposed. This paper extracts the feature of permission by building an automated feature extraction process, and generates datasets by using the information obtained from the feature extraction process. Combined with unsupervised machine learning algorithm （K-Means clustering） and supervised machine learning algorithm （Random Forest, Classification and Regression Tree,J48） , Android applications can be divided into normal application, SMS Trojan, spyware, RootExploit and Botnet Normal applications are downloaded from official markets and malware is downloaded from VirusTotal and Contagio. The experiment result shows that the proposed method can get higher accuracy rate （97%） and lower false positive rate （0. 6%）. The proposed method can be effective to detect different types of Android malware.

关 键 词： 安卓 恶意软件 机器学习 无监督 有监督