针对Android平台恶意程序泛滥的问题,提出一种基于应用分类和系统调用的恶意程序检测方法.以Google Play为依据进行应用程序分类,利用运行时产生的系统调用频数计算每个类别的系统调用使用阈值.当应用程序安装运行时,手机端收集应用程序权限信息和产生的系统调用信息发给远程服务器,远程服务器根据权限信息采用序列最小优化算法给应用程序进行分类,分类后利用系统调用频数计算出系统调用使用值,与该类别的阈值进行比较判断是否恶意程序,将分类结果及判定结果反馈给用户,由用户判断是否需要更改分类重新检测.实验结果表明了该方法的可行性和有效性,不仅减少了手机的资源消耗,又能对产生恶意行为的应用程序及时做出反应.%Considering the increasement of malware for Android, a malware detection based on application classfication and system calls of Android applications is proposed. The method depends on the categories in the Google Play as a ref-erence to count system calls usage threshold of each category. During the installation of the application to a Android mo-bile phone runtime, the infornation of system calls and the permission infornation is sent to the remote server by the mo-bile phone. Sequential minimal optimzation algorithm is used to classify the application, and system calls usage value of the this application is calculated after the information of system call frequency is analyzed. Comparing this value and sys-tem calls usage threshold of category, whether it is a procedure including hostile program can be ascertained. Users can get the result and change the category of the application to examine the application depending on the requirement. Finally, the effectiveness and feasibility of the method is verified, not only can reduce resource consumption of phones, but also can response the malware as quickly as possible.
展开▼
