Research and Design on Malware Detection System Based on N-gram Algorithm

doi:10.3969/j.issn.1671-1122.2016.08.012

Abstract

Abstract:

It is difficult to detect malware detection of unknown malicious programs, Aiming at solving this problem, this paper proposes an approach for extracting the dynamic features of malicious code semantics. This method extracts the permissions and API features of Android application to set up the semantic feature sequence with the N-gram algorithm. With screening of the feature sequence, the behavior sequence becomes more representative. First, in order to increase the effectiveness of the characteristics, analysis of experienced malware experts for each Android API function in SDK to add the corresponding weights, and the use of frequency and the weight value of each element of the N-gram sequence characteristics of re-calculated values in order to build a N-gram series model improved. Then, using a variety of machine learning algorithms for classification and detection, verify its effectiveness. The experimental results show that the improved N-gram algorithm and features in this paper can effectively detect malicious programs under Android platform.

Key words: machine learning, malicious code detection, N-gram, Android application

CLC Number:

TP309

Jiawang ZHANG, Yanwei LI. Research and Design on Malware Detection System Based on N-gram Algorithm[J]. Netinfo Security, 2016, 16(8): 74-80.

Figures/Tables 7

References 16

[1]	阿里安全. 阿里安全发布2015移动安全病毒年报[EB/OL]., 2016-03-02.
[2]	CHRITODORESCU M, JHA S. Static Analysis of Executables to Detect Malicious Paterns[EB/OL]. , 2016-05-15.
[3]	徐曾春,卢洲,叶坤. 一种检测可疑软件的Android沙箱系统的研究与设计[J]. 南京邮电大学学报(自然科学版),2015,35(4):104-109.
[4]	YE Y, WANG D, LI T, et al. An Intelligent PE Malware Detection System Based on Association Mining[J]. Journal in Computer Virology, 2008, 4(4) : 323-334.
[5]	李盟,贾晓启, 王蕊,等. 一种恶意代码特征选取和建模的方法[J]. 计算机应用与软件,2015(8):266-271.
[6]	杨欢,张玉清,胡予濮,等. 基于多类特征的Android应用恶意行为检测系统[J]. 计算机学报, 2014,37(1):15-27.
[7]	AMOS B, TURNER H, WHITE J.Applying Machine Learning Classifiers to Dynamic Android Malware Detection at Scale[C]//IWCMC 2013.9th International Wireless Communications and Mobile Computing Conference ,July 1-5,2013.Sardinia.New York:IEEE,2013:1666-1671.
[8]	SAHA J, KHAN L.A Machine Learning Approach to Android Malware Detection[C]//IEEE. 2012 European Intelligence and Security Informatics Conference (EISIC),August 22-24,2012,Odense.New York:IEEE,2012:141-147.
[9]	PEIRAVIAN N, ZHU X.Machine Learning for Android: Malware Detection Using Permission and API Calls[C]//IEEE. 2013 IEEE 25th International Conference on Tools with Artificial Intelligence.November 4-6, 2013, Washington DC, USA.New York:IEEE,2013:300-305.
[10]	SHABTAI A, FLEDEL Y, ELOVICI Y.Automated Static Code Analysis for Classifying Android Applications Using Machine Learning[C]//IEEE. 2010 International Conference on Computational Intelligence and Security.December 11-14,2010,Nanning,China.New York:IEEE,2010: 329-333.
[11]	XU J Y,SUNG A H,CHAVEZ P,et al.Polymorphic Malicious Executable Scanner by API Sequence Analysis[C]//IEEE. 4th International Conference on Hybrid Intelligent Systems. June 20, 2004, Puszczykowo, Poland. New York:IEEE, 2004 : 378-383.
[12]	PENG H, GATES C, SARMA B, et al.Using Probabilistic Generative Models for Ranking Risks of Android Apps[C]//ACM. 2012 ACM conference on Computer and communications security.October 16-18, 2012, Raleigh, NC, USA.New York:ACM,2012: 241-252.
[13]	MIN Z, SUN M S, JOHN C S.DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware[C]//IEEE. 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom).July 16-18, 2013, Melbourne, Australia. New York:IEEE, 2013: 163-171.
[14]	GitHub. Dynamic Analysis of Android Apps[EB/OL]. ,2016-05-15.
[15]	ASSALEH, CERCONE N, KESELJ V, et al.N-gram-based Detection of New Malicious Code[C]//IEEE.Computer Software and Applications Conference, 2004. COMPSAC 2004. 28th Annual International.September 28-30,2004,Hong Kong, China.New York:IEEE, 2004:41-42.
[16]	MOSKOVITCH R, FEHER C, TZACHAR N, et al.Unknown Malcode Detection Using OPCODE Representation[C]//Springer.Intelligence & Security Informatics, First European Conference.December 3-5, 2008, Euroisi, Esbjerg, Denmark.Berlin Heidelberg:Spring, 2008: 204-215.