计算机工程与应用 ›› 2021, Vol. 57 ›› Issue (8): 84-90.DOI: 10.3778/j.issn.1002-8331.2003-0248

• 网络、通信与安全 • 上一篇    下一篇

结合局部优化匹配的Android恶意家族检测算法

杜垚   

  1. 西南民族大学 计算机科学与技术学院,成都 610000
  • 出版日期:2021-04-15 发布日期:2021-04-23

Android Malicious Family Detection Algorithm Based on Local Optimization Matching

DU Yao   

  1. College of Computer Science and Technology, Southwest Minzu University, Chengdu 610000, China
  • Online:2021-04-15 Published:2021-04-23

摘要:

近年来,飞速增长的Android恶意代码给移动安全研究带来了沉重的负担。为海量的恶意样本进行准确的家族分类对移动恶意代码的识别与演变过程研究具有极为重要的作用。基于此目的提出了一种新的基于局部结构优化分析的恶意软件家族识别与分类方法。从应用程序的反编译文件中提取函数调用图,采用基于节点相似度的迭代匹配算法来构建恶意家族特征,通过对待检测应用程序函数调用图与恶意家族特征的匹配来进行应用程序的恶意性检测与家族识别。实验结果表明,该方法较三项已有研究和Androguard工具具有更好的性能。

关键词: 恶意代码, 局部结构优化, 家族识别

Abstract:

In recent years, the rapid growth of Android malicious code has brought a heavy burden to mobile security research. It makes the research of malware identification and family evolution of large number of mobile applications an important work. Thus, a new malware identification and family classification method based on local structure optimization analysis is proposed. This method first extracts the function call graphs from the decompiled files of the applications. Then, an iterative matching algorithm based on node similarity is applied to construct malicious family features. Finally, the structural similarity between the applications and family features is calculated to detect malware and classify them into their families. Experimental results show that this method has better performance than the three previous studies and the Androguard tool.

Key words: malicious code, local structure optimization, family identification