计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (18): 133-138.DOI: 10.3778/j.issn.1002-8331.1706-0064

• 网络、通信与安全 • 上一篇    下一篇

一种基于模糊哈希的Android变种恶意软件检测方法

王文冲,凌  捷   

  1. 广东工业大学 计算机学院,广州 510006
  • 出版日期:2018-09-15 发布日期:2018-10-16

Android malware detection approach based on fuzzy Hash

WANG Wenchong, LING Jie   

  1. School of Computer Science and Technology, Guangdong University of Technology, Guangzhou 510006, China
  • Online:2018-09-15 Published:2018-10-16

摘要: Android移动平台中恶意软件变种数量与日俱增,为了能够高效快速地检测出变种样本,提出一种能够根据Apk中字符串以及函数长度分布特征,来生成模糊哈希值的方法,使得同类变种的恶意软件间的哈希值相似。在对变种恶意软件进行检测时,首先利用k-means方法对已知病毒库所产生的模糊哈希值进行聚类,从而简化病毒库。再利用哈密顿距离来计算其与病毒库中各模糊哈希间哈密顿距离。当距离小于阈值,则表示检测到变种。实验结果表明,提出的方法具有检测速度快,抗干扰能力强等特点。

关键词: Android变种, 恶意软件检测, 模糊哈希值

Abstract: Malware variants in the Android mobile platform are increasing rapidly. In order to detect the malware variants efficiently, this paper proposes a method to generate the fuzzy Hash number, which is based on the strings and function in the Apks. The malicious software in the same kind of variants has the similar Hash value. Through detecting malware variants, the k-means algorithm is used to simplify the size of malware database. And then the Hamilton distance is used to measure the distance between them. When the distance is less than a threshold, it means a malware variant has been detected. Experimental results demonstrat that the method has a high capability of speed and resistance.

Key words: Android variant, malware detection, fuzzy Hash