信息网络安全 ›› 2019, Vol. 19 ›› Issue (9): 1-5.doi: 10.3969/j.issn.1671-1122.2019.09.001

• • 上一篇    下一篇

基于随机森林的Android恶意软件检测方法研究

宋鑫1, 赵楷2,3, 张琳琳2,3, 方文波4   

  1. 1.国防科技大学计算机学院,湖南长沙 410073
    2.新疆大学网络空间安全学院,新疆乌鲁木齐 830046
    3.新疆大学信息科学与工程学院,新疆乌鲁木齐 830046
    4.新疆大学软件学院,新疆乌鲁木齐 830008
  • 收稿日期:2019-07-15 出版日期:2019-09-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:宋鑫(1996—),女,河南,硕士研究生,主要研究方向为网络安全、移动应用安全;赵楷(1976—),男,安徽,副教授,博士,主要研究方向为恶意代码检测、云计算安全;张琳琳(1974—),女,河南,副教授,博士,主要研究方向为移动应用安全、恶意代码检测、软件安全;方文波(1991—),男,陕西,硕士研究生,主要研究方向为移动应用安全、恶意代码检测。

  • 基金资助:
    国家自然科学基金[61867006];新疆维吾尔自治区创新环境(人才、基地)建设专项(自然科学基金)联合基金[2019D01C062];新疆维吾尔自治区高校科研计划[XJEDU2017M005]

Research on Android Malware Detection Based on Random Forest

Xin SONG1, Kai ZHAO2,3, Linlin ZHANG2,3, Wenbo FANG4   

  1. 1. College of Computer, National University of Defense Technology, Changsha Hunan 410073, China
    2. College of Cyber Science and Engineering, Xinjiang University, Urumqi Xinjiang 830046, China
    3. College of Information Science and Engineering, Xinjiang University, Urumqi Xinjiang 830046,China
    4. College of Software, Xinjiang University, Urumqi Xinjiang 830008, China
  • Received:2019-07-15 Online:2019-09-10 Published:2020-05-11

摘要:

文章基于随机森林提出一种Android恶意软件检测方法。以Android的权限作为特征定义了有效权限,利用数据挖掘算法中的支持度和关联规则对权限进行分析,实现有效权限识别。文章构建了随机森林分类器,将有效权限矩阵作为分类器的输入进行训练和测试。实验结果表明,文中方法的检测结果准确率达到92.84%,F值达到93.05%,明显优于其他检测模型。

关键词: Android恶意软件检测, 有效权限, 关联规则, 随机森林

Abstract:

Based on the strong classifier random forest, an Android malware detection method is proposed. With the permission of Android as the feature, the effective permission is defined; the support and association rules in the data mining algorithm are employed to analyze the permission and realize the effective permission identification. Finally, a random forest classifier is constructed, and the effective permission matrix is used as the input of the classifier for training and testing. The experimental results show that the accuracy of the proposed method is 92.84%, and the F-value is 93.05%, which is obviously superior to other detection models.

Key words: Android malware detection, effective permission, association rules, random forest

中图分类号: