当前位置:
X-MOL 学术
›
IEEE Trans. Reliab.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
LSCDroid: Malware Detection Based on Local Sensitive API Invocation Sequences
IEEE Transactions on Reliability ( IF 5.9 ) Pub Date : 2020-03-01 , DOI: 10.1109/tr.2019.2927285 Weiping Wang , Jianjian Wei , Shigeng Zhang , Xi Luo
IEEE Transactions on Reliability ( IF 5.9 ) Pub Date : 2020-03-01 , DOI: 10.1109/tr.2019.2927285 Weiping Wang , Jianjian Wei , Shigeng Zhang , Xi Luo
Malware detection is an important and challenging issue in the Android ecosystem. Many approaches have been proposed to distinguish malicious applications from benign ones, but few of them can represent the behavior patterns of malicious applications and help understand their intention. In this paper, we propose LSCDroid, a malware detecting approach that cannot only detect malware but also help understand the malware's intention by analyzing its behavior patterns. LSCDroid uses local sensitive application programming interface (API) invocation (LSAI) sequences as features to detect malware and represent different malicious behavior patterns. We first extract LSAI sequences of malicious applications based on their function-call graphs. After removing redundant sequences and merging fragmented ones, we obtain a set of LSAI sequences that can be used to effectively detect malicious applications. We further manually analyze the semantic of the obtained sequences and find that a large fraction of them can be used to characterize different behavior patterns of malware and help understand their intention, e.g., sending SMS message stealthily, obtaining geographical information, remote control, and root privilege. We design a machine learning based malware detection and classification algorithm by taking the obtained sequences as input features. Experimental results show that the accuracy and recall of LSCDroid on multiple datasets are both higher than 0.98. Meanwhile, LSCDroid can classify malware families with an accuracy higher than 0.96. Moreover, LSCDroid can represent the behavior patterns and help understand intention of malware by mapping their LSAI sequences to some typical malicious behaviors.
中文翻译:
LSCDroid:基于本地敏感 API 调用序列的恶意软件检测
恶意软件检测是 Android 生态系统中一个重要且具有挑战性的问题。已经提出了许多方法来区分恶意应用程序和良性应用程序,但很少有人能够表示恶意应用程序的行为模式并帮助理解其意图。在本文中,我们提出了 LSCDroid,这是一种恶意软件检测方法,它不仅可以检测恶意软件,还可以通过分析其行为模式来帮助了解恶意软件的意图。LSCDroid 使用本地敏感应用程序编程接口 (API) 调用 (LSAI) 序列作为特征来检测恶意软件并表示不同的恶意行为模式。我们首先根据恶意应用程序的函数调用图提取恶意应用程序的 LSAI 序列。在去除冗余序列并合并碎片序列后,我们获得了一组可用于有效检测恶意应用程序的 LSAI 序列。我们进一步手动分析了获得的序列的语义,发现其中很大一部分可以用来表征恶意软件的不同行为模式并帮助理解它们的意图,例如,秘密发送短信、获取地理信息、远程控制和根特权。我们通过将获得的序列作为输入特征,设计了一种基于机器学习的恶意软件检测和分类算法。实验结果表明,LSCDroid在多个数据集上的准确率和召回率均高于0.98。同时,LSCDroid 可以对恶意软件家族进行分类,准确率高于 0.96。而且,
更新日期:2020-03-01
中文翻译:
LSCDroid:基于本地敏感 API 调用序列的恶意软件检测
恶意软件检测是 Android 生态系统中一个重要且具有挑战性的问题。已经提出了许多方法来区分恶意应用程序和良性应用程序,但很少有人能够表示恶意应用程序的行为模式并帮助理解其意图。在本文中,我们提出了 LSCDroid,这是一种恶意软件检测方法,它不仅可以检测恶意软件,还可以通过分析其行为模式来帮助了解恶意软件的意图。LSCDroid 使用本地敏感应用程序编程接口 (API) 调用 (LSAI) 序列作为特征来检测恶意软件并表示不同的恶意行为模式。我们首先根据恶意应用程序的函数调用图提取恶意应用程序的 LSAI 序列。在去除冗余序列并合并碎片序列后,我们获得了一组可用于有效检测恶意应用程序的 LSAI 序列。我们进一步手动分析了获得的序列的语义,发现其中很大一部分可以用来表征恶意软件的不同行为模式并帮助理解它们的意图,例如,秘密发送短信、获取地理信息、远程控制和根特权。我们通过将获得的序列作为输入特征,设计了一种基于机器学习的恶意软件检测和分类算法。实验结果表明,LSCDroid在多个数据集上的准确率和召回率均高于0.98。同时,LSCDroid 可以对恶意软件家族进行分类,准确率高于 0.96。而且,
京公网安备 11010802027423号