基于敏感权限及其函数调用图的Android恶意代码检测

Detecting Android malware based on sensitive permissions and function-call graphs

作者：祝小兰(四川大学计算机学院)；王俊峰(四川大学计算机学院)；杜垚(四川大学计算机学院)；白金荣(四川大学计算机学院)

Author：ZHU Xiao-Lan(College of Computer Science, Sichuan University)；WANG Jun-Feng(College of Computer Science, Sichuan University)；DU Yao(College of Computer Science, Sichuan University)；BAI Jin-Rong(College of Computer Science, Sichuan University)

收稿日期：2015-07-20 年卷（期）页码：2016,53(3):526-533

期刊名称：四川大学学报: 自然科学版

Journal Name：Journal of Sichuan University (Natural Science Edition)

关键字：Android恶意代码检测；逆向工程；敏感权限；函数调用图；图编辑距离；

Key words：Android malware detection; reverse engineering; sensitive permissions;function-call graphs; graph edit distance

基金项目：国家自然科学基金,国家基础研究重大项目基金,高等学校博士学科点专项科研基金

中文摘要

为了有效地检测Android平台上的恶意软件，提出了一种基于敏感权限及其函数调用流程图的静态综合检测方法。通过对恶意软件进行逆向工程分析，构建了包含恶意代码敏感权限与函数调用图的特征库。并采用Munkres匈牙利算法计算待测样本与特征库在相同敏感权限下两个函数调用图之间的编辑距离，得到两个函数调用图之间的相似性，进而得到两个应用程序之间的相似性，据此对恶意软件进行检测识别。实验结果表明了该检测方法具有较高的准确性与有效性，检测效果明显优于工具Androguard。

英文摘要

In order to detect malwares on the Android platform more effectively, we put forward a static comprehensive detection method which combines sensitive permissions with function-call graphs. Firstly, through reverse engineering, we constructed a malware graph database, including sensitive permissions and function-call graphs of numbers of malwares. Then, we used the Munkres algorithm to calculate the graph edit distance between the function-call graphs of the test sample and database at the same sensitive permissions to get the similarity of two function-call graphs, the similarity between two apps and detect malware further. The result shows that our method is highly effective in terms of a high accuracy and a low false positive rate, and it can detect more malwares when compared to the detection rate of Androguard.

【关闭】

论文摘要

基于敏感权限及其函数调用图的Android恶意代码检测

Detecting Android malware based on sensitive permissions and function-call graphs