首页|Android Malware Detection Method Based on Permission Complement and API Calls
Android Malware Detection Method Based on Permission Complement and API Calls
扫码查看
点击上方二维码区域,可以放大扫码查看
原文链接
NETL
NSTL
万方数据
The dynamic code loading mechanism of the Android system allows an application to load execut-able files externally at runtime.This mechanism makes the development of applications more convenient,but it also brings security issues.Applications that hide mali-cious behavior in the external file by dynamic code load-ing are becoming a new challenge for Android malware detection.To overcome this challenge,based on dynamic code loading mechanisms,three types of threat models,i.e.Model Ⅰ,Model Ⅱ,and Model Ⅲ are defined.For the Model Ⅰ type malware,its malicious behavior occurs in DexCode,so the application programming interface(API)classes were used to characterize the behavior of the Dex-Code file.For the Model Ⅱ type and Model Ⅲ type mal-wares whose malicious behaviors occur in an external file,the permission complement is defined to characterize the behaviors of the external file.Based on permission com-plement and API calls,an Android malicious application detection method is proposed,of which feature sets are constructed by improving a feature selection method.Five datasets containing 15,581 samples are used to evaluate the performance of the proposed method.The experi-mental results show that our detection method achieves accuracy of 99.885%on general dataset,and performes the best on all evaluation metrics on all datasets in all com-parison methods.
NETL
NSTL
万方数据
