基于关联规则的Android恶意软件检测技术
The Android Malware Detection Technology Based on Association Rules
方加娟 1丁乙恒2
作者信息
- 1. 郑州职业技术学院 信息工程与大数据学院,河南 郑州 450121
- 2. 郑州轻工业大学 计算机与通信工程学院,河南 郑州 450000
- 折叠
摘要
由于Android系统的开放性和多样性,使得该系统的受攻击面非常广泛,同时随着入侵技术和手段不断升级,导致恶意软件难以被检测到.为此,提出基于关联规则的Android恶意软件检测技术.利用计算机编程语言中dpke库对wireshark配置脚本文件解析,提取恶意软件流量,并获取恶意软件静态特征,通过对恶意软件流量聚类分析,利用频繁项集与关联规则计算最小支持度与最小置信度,提取到关联规则,将关联规则与规则库比对,识别检测恶意软件类型,以此实现基于关联规则的Android恶意软件检测.实验证明,设计技术查准率在 95%以上,F_measure值在 0.95 以上,在Android安全防护方面具有良好的应用前景.
Abstract
Due to the openness and diversity of the Android system,the attack surface of the system is very extensive,and with the continuous upgrading of intrusion techniques and methods,it is difficult to detect malicious software.Therefore,an Android malware detection technology based on association rules is proposed.The dpke library in the computer programming language was used to parse the wireshark configuration script file,extract the malware traffic,and obtain the static characteristics of the malware.Through the cluster analysis of the malware traffic,the minimum support and minimum confidence were calculated by using frequent item sets and association rules,and the association rules were extracted and compared with the rule library.Identify and detect the types of malware,so as to realize the detection of Android malware based on association rules.The experimental results show that the accuracy of the design technology is above 95%and the F_measure value is above 0.95,which has a good application prospect in Android security protection.
关键词
关联规则/Android/恶意软件/计算机编程语言/F_measure值Key words
association rules/Android/malware/computer programming language/F_measure value引用本文复制引用
出版年
2024
NETL
NSTL
万方数据