【摘要】：近年來,隨著移動互聯(lián)網(wǎng)的發(fā)展與壯大,智能手機也得到迅速的發(fā)展。目前Android系統(tǒng)占據(jù)了全球手機操作系統(tǒng)市場份額的一大部分且仍有不斷上升的趨勢,與此同時,Android也成為了惡意軟件泛濫的主要平臺。Android惡意軟件的惡意行為多種多樣,給用戶甚至整個社會都帶來了巨大的危害和經(jīng)濟損失。因此,如何將Android惡意軟件快速高效的分析并檢測出來已經(jīng)成為目前的研究熱點。首先對Android平臺進行歸納總結(jié),分析了Android的系統(tǒng)架構(gòu)和應(yīng)用程序組件,然后對使用到的機器學習算法以及Spark并行環(huán)境框架進行分析,為后續(xù)研究打下基礎(chǔ)。然后,針對隨機森林算法的投票原則無法區(qū)分強分類器與弱分類器差異的缺陷進行改進,提出一種加權(quán)投票改進方法,并在此基礎(chǔ)上提出了一種用于檢測Android惡意軟件的改進隨機森林分類模型(Improved Random Forest Classification Model,IRFCM)。IRFCM選取AndroidManifest.xml文件中的Permission信息和Intent信息作為特征屬性,并通過特征選擇算法進行優(yōu)化生成特征向量集合,最后應(yīng)用該模型對最終生成的特征向量集合進行分類檢測,實驗結(jié)果表明IRFCM具有較好的分類精度和分類效率。最后,針對大數(shù)據(jù)環(huán)境下應(yīng)用程序安裝包反編譯過程耗時長和特征提取慢的問題,將IRFCM與Spark框架相結(jié)合,設(shè)計實現(xiàn)并行環(huán)境下的Android惡意軟件檢測。將樣本數(shù)據(jù)轉(zhuǎn)換為Spark框架下的彈性分布式數(shù)據(jù)集(Resilient Distributed Dataset,RDD),并在虛擬機集群環(huán)境中并行地對RDD進行特征提取和分類檢測,并行環(huán)境下的實驗結(jié)果與單機環(huán)境相比,有效提高了Android惡意軟件的檢測效率。
[Abstract]:In recent years, with the development and expansion of the mobile Internet, smart phones have also been rapidly developed. At present, Android system accounts for a large part of the global mobile operating system market and still has a rising trend. At the same time, Android has become the main platform for malware proliferation. Android malware has a variety of malware. To the users and even the whole society has brought huge harm and economic losses. Therefore, how to analyze and detect Android malware quickly and efficiently has become a hotspot. Firstly, the Android platform is summarized, and the system architecture and application program components of Android are analyzed. Then, the machine learning algorithm and the Spark parallel environment framework are analyzed, which lays the foundation for further research. Then, aiming at the defect that the voting principle of stochastic forest algorithm can not distinguish the difference between strong classifier and weak classifier, a weighted voting improvement method is proposed. On this basis, an improved stochastic forest classification model, (Improved Random Forest Classification Model,IRFCM). IRFCM, which is used to detect Android malware, is proposed to select Permission information and Intent information in AndroidManifest.xml files as feature attributes. The feature selection algorithm is used to optimize the set of feature vectors. Finally, the model is used to detect the final set of feature vectors. The experimental results show that IRFCM has better classification accuracy and efficiency. Finally, aiming at the problems of time-consuming and slow feature extraction in the decompilation process of application installation package under big data environment, combining IRFCM with Spark framework, Android malware detection in parallel environment is designed and implemented. The sample data is converted to the elastic distributed data set (Resilient Distributed Dataset,RDD) under the framework of Spark, and the feature extraction and classification detection of RDD are carried out in parallel in the virtual machine cluster environment. The experimental results in the parallel environment are compared with those in the single machine environment. The detection efficiency of Android malware is improved effectively.
【學位授予單位】：中國民航大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP316;TP309

【參考文獻】

相關(guān)期刊論文 前10條

1 許艷萍;伍淳華;侯美佳;鄭康鋒;姚珊;;基于改進樸素貝葉斯的Android惡意應(yīng)用檢測技術(shù)[J];北京郵電大學學報;2016年02期

2 孫潤康;彭國軍;李晶雯;沈詩琦;;基于行為的Android惡意軟件判定方法及其有效性[J];計算機應(yīng)用;2016年04期

3 Zhenlong Yuan;Yongqiang Lu;Yibo Xue;;Droid Detector:Android Malware Characterization and Detection Using Deep Learning[J];Tsinghua Science and Technology;2016年01期

4 王琪;張洪偉;;基于Spark計算模型的隨機森林的電話量預測研究[J];成都信息工程學院學報;2015年05期

5 張樂峰;肖茹s，

本文編號：2415213