目前移动恶意软件数量呈爆炸式增长，变种层出不穷，日益庞大的特征库增加了安全厂商在恶意软件样本处理方面的难度，传统的检测方式已经不能及时有效地处理软件行为样本大数据。基于机器学习的移动恶意软件检测方法存在特征数量多、检测准确率低和不平衡数据的问题。针对现存的问题，文章提出了基于均值和方差的特征选择方法，以减少对分类无效的特征；实现了基于不同特征提取技术的集合分类方法，包括主成分分析、Kaehunen-Loeve 变换和独立成分分析，以提高检测的准确性。针对软件样本的不平衡数据，文章提出了基于决策树的多级分类集成模型。实验结果表明，文章提出的三种检测方法都可以有效地检测 Android 平台中的恶意软件样本，准确率分别提高了6.41%、3.96% 和 3.36%。
Currently, the number of mobile malware programs is explosively growing, and the increasingly large feature library poses challenges to security solution providers. Traditional detection methods cannot deal with the huge amount of data promptly and effectively. Mobile malware detection methods based on machine learning have problems of excessive numbers of features, low detection accuracy and unbalanced data. In this paper, a feature selection method based on the mean and variance of samples was proposed to reduce the features without affecting classification. Different feature extraction algorithms were implemented to construct an ensemble learning model for high detection accuracy, including Principal Component Analysis, Kaehunen-Loeve Transformation and Independent Component Analysis. To solve the problem of unbalanced data of Android App samples, a multi-level classification model based on the decision tree was also developed. Experimental results show that the proposed methods can detect Android malware effectively, and the accuracy is increased by 6.41%, 3.96% and 3.36%, respectively.
张 巍,任 环,张 凯,李成明,姜青山.基于移动软件行为大数据挖掘的恶意软件检测技术 [J].集成技术,2016,5(2):29-40
ZHANG Wei, REN Huan, ZHANG Kai, LI Chengming, JIANG Qingshan. Malware Detection Techniques by Mining Massive Behavioral Data of Mobile Apps[J]. Journal of Integration Technology,2016,5(2):29-40