Computer Engineering and Applications ›› 2017, Vol. 53 ›› Issue (19): 109-113.DOI: 10.3778/j.issn.1002-8331.1604-0337

Previous Articles     Next Articles

Android malware detection based on application classfication and system calls

LIN Qingyu, LING Jie   

  1. Faculty of Computer, Guangdong University of Technology , Guangzhou 510006, China
  • Online:2017-10-01 Published:2017-10-13

基于应用分类和系统调用的Android恶意程序检测

林擎宇,凌  捷   

  1. 广东工业大学 计算机学院,广州 510006

Abstract: Considering the increasement of malware for Android, a malware detection based on application classfication and system calls of Android applications is proposed. The method depends on the categories in the Google Play as a reference to count system calls usage threshold of each category. During the installation of the application to a Android mobile phone runtime, the infornation of system calls and the permission infornation is sent to the remote server by the mobile phone. Sequential minimal optimzation algorithm is used to classify the application, and system calls usage value of the this application is calculated after the information of system call frequency is analyzed. Comparing this value and system calls usage threshold of category, whether it is a procedure including hostile program can be ascertained. Users can get the result and change the category of the application to examine the application depending on the requirement. Finally, the effectiveness and feasibility of the method is verified, not only can reduce resource consumption of phones, but also can response the malware as quickly as possible.

Key words: Android, application classfication, system calls, malware detection

摘要: 针对Android平台恶意程序泛滥的问题,提出一种基于应用分类和系统调用的恶意程序检测方法。以Google Play为依据进行应用程序分类,利用运行时产生的系统调用频数计算每个类别的系统调用使用阈值。当应用程序安装运行时,手机端收集应用程序权限信息和产生的系统调用信息发给远程服务器,远程服务器根据权限信息采用序列最小优化算法给应用程序进行分类,分类后利用系统调用频数计算出系统调用使用值,与该类别的阈值进行比较判断是否恶意程序,将分类结果及判定结果反馈给用户,由用户判断是否需要更改分类重新检测。实验结果表明了该方法的可行性和有效性,不仅减少了手机的资源消耗,又能对产生恶意行为的应用程序及时做出反应。

关键词: Android平台, 应用分类, 系统调用, 恶意程序检测