文章针对恶意程序检测中难以检测未知恶意程序等问题,提出了一种提取恶意程序语义特征的方法。该方法使用N-gram算法对提取的Android应用程序的权限和API特征建立语义特征序列,并对特征序列进行筛选处理,获得了更具代表性的行为特征序列。首先,为了增加特征的有效性,经验丰富的恶意程序分析专家为每个Android SDK中的API函数添加相应的权重,并使用出现频次和权重值重新计算N-gram序列中每个元素的特征值,从而构建了改进的N-gram序列模型。然后,使用多种机器学习算法进行分类检测,验证其有效性。实验结果表明,提取的特征及改进的N-gram算法可以有效检测Android平台上的恶意程序。%It is dififcult to detect malware detection of unknown malicious programs, Aiming at solving this problem, this paper proposes an approach for extracting the dynamic features of malicious code semantics. This method extracts the permissions and API features of Android application to set up the semantic feature sequence with theN-gram algorithm. With screening of the feature sequence, the behavior sequence becomes more representative. First, in order to increase the effectiveness of the characteristics, analysis of experienced malware experts for each Android API function in SDK to add the corresponding weights, and the use of frequency and the weight value of each element of theN-gram sequence characteristics of re-calculated values in order to build aN-gram series model improved. Then, using a variety of machine learning algorithms for classiifcation and detection, verify its effectiveness. The experimental results show that the improvedN-gram algorithm and features in this paper can effectively detect malicious programs under Android platform.
展开▼
