【摘要】：隨著互聯(lián)網(wǎng)時(shí)代的到來(lái),智能手機(jī)在世界上的普及率也越來(lái)越高,而Android智能手機(jī)操作系統(tǒng)則憑借其優(yōu)良的性能,獲得了巨大的市場(chǎng)份額。可隨著智能手機(jī)的發(fā)展,越來(lái)越多的手機(jī)惡意軟件也出現(xiàn)在了市場(chǎng)當(dāng)中,危害用戶(hù)的信息安全。各大安全實(shí)驗(yàn)室也漸漸把手機(jī)安全保護(hù)作為重點(diǎn)研究,但如何有效的查殺新型惡意軟件及惡意軟件的變種一直是個(gè)難題。由于傳統(tǒng)惡意軟件特征碼提取方法基于程序二進(jìn)制文本,無(wú)法偵測(cè)新型惡意軟件和變異惡意軟件,本文提出一種基于相似度的安卓惡意軟件特征提取方法。該方法通過(guò)使用谷歌距離計(jì)算源碼中特有的信息,如API調(diào)用,安卓權(quán)限和常用參數(shù)之間的相似度,然后挖掘安卓軟件中常用的關(guān)鍵詞,再將其按照相似度分類(lèi)。然后和正常軟件中的關(guān)鍵詞作對(duì)比實(shí)驗(yàn),得到安卓惡意軟件的特征。再通過(guò)SVM向量機(jī)對(duì)特征集合進(jìn)行機(jī)器學(xué)習(xí),使該方法獲得可以不斷容納新型軟件病毒樣本的功能。使用該系統(tǒng)檢測(cè)時(shí),會(huì)對(duì)目標(biāo)軟件提取源碼,對(duì)其中的敏感詞集合與系統(tǒng)庫(kù)中已有樣本集合比對(duì),從而可以偵測(cè)新的惡意軟件以及舊型惡意軟件變異體。相較于傳統(tǒng)特征碼提取法,本文的研究創(chuàng)新之處在于打破了以往依靠二進(jìn)制上下文環(huán)境記錄病毒特征的常規(guī)方法,結(jié)合整個(gè)病毒軟件操作環(huán)境形成特征庫(kù),記錄下病毒的行為作為特征。同時(shí)引進(jìn)了當(dāng)下較為先進(jìn)的機(jī)器學(xué)習(xí)方法來(lái)對(duì)特征集合進(jìn)行訓(xùn)練和分類(lèi)。實(shí)驗(yàn)表明,該方法是行之有效的。
[Abstract]:With the advent of the Internet era, the popularity of smart phones in the world is also increasing, and the Android smartphone operating system has gained a huge market share by virtue of its excellent performance. But with the development of smart phone, more and more mobile phone malware appears in the market, endangering users' information security. The major security laboratories also gradually focus on mobile phone security, but how to effectively kill new malware and malware variants has been a difficult problem. Because the traditional malware signature extraction method is based on the binary text of the program, it can not detect the new malware and the variant malware, so this paper proposes a similarity based feature extraction method for Android malware. This method uses Google distance to calculate the specific information in the source code, such as API call, the similarity between Android permissions and common parameters, then excavates the common keywords in Android software, and classifies them according to similarity. Then compare with the keywords in normal software to get the features of Android malware. Then the feature set is learned by SVM vector machine, so that the method can continuously accommodate the new software virus samples. When the system is used, the source code will be extracted from the target software, and the sensitive word set will be compared with the existing sample set in the system library, so that new malware and old malware variants can be detected. Compared with the traditional signature extraction method, the research innovation of this paper is to break with the conventional method of recording virus features based on binary context environment, and combine the whole operating environment of virus software to form a signature library. Record the behavior of the virus as a feature. At the same time, advanced machine learning methods are introduced to train and classify feature sets. Experiments show that the method is effective.
【學(xué)位授予單位】：杭州師范大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類(lèi)號(hào)】：TP316;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 卿斯?jié)h;;Android安全研究進(jìn)展[J];軟件學(xué)報(bào);2016年01期

，

本文編號(hào)：2292263