北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2016, Vol. 39 ›› Issue (2): 43-47.doi: 10.13190/j.jbupt.2016.02.009

• 论文 • 上一篇    下一篇

基于改进朴素贝叶斯的Android恶意应用检测技术

许艳萍1, 伍淳华1, 侯美佳2, 郑康锋1, 姚珊2   

  1. 1. 北京邮电大学 信息安全中心, 北京 100876;
    2. 国家计算机网络应急技术处理协调中心, 北京 100029
  • 收稿日期:2015-09-16 出版日期:2016-04-28 发布日期:2016-04-28
  • 作者简介:许艳萍(1986-),女,博士生,E-mail:xyp_xyp@126.com;姚珊(1983-),女,工程师.
  • 基金资助:

    国家自然科学基金项目(61272519);"十二五"国家科技支撑计划项目(2012BAH45B00)

Android Malware Detection Technology Based on Improved Naïve Bayesian

XU Yan-ping1, WU Chun-hua1, HOU Mei-jia2, ZHENG Kang-feng1, YAO Shan2   

  1. 1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    2. National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC), Beijing 100029, China
  • Received:2015-09-16 Online:2016-04-28 Published:2016-04-28

摘要:

在对未知应用静态分析的基础上,提取AndroidManifest.xml中申请的权限为特征,采用信息增益算法优化选择分类特征,再采用拉普拉斯校准、乘数取自然对数改进的朴素贝叶斯算法创建恶意应用分类器.通过十折交叉试验验证改进的朴素贝叶斯分类器的准度和精度较高,且通过信息增益优化选择的分类特征在保障准确率的情况下能有效提高检测效率.与k最近邻和k-Means分类器相比,改进的朴素贝叶斯分类器具有较好的分类效果.

关键词: Android权限, 恶意应用, 信息增益, 朴素贝叶斯

Abstract:

Permissions are extracted as features via static analysis. The information gain (IG) algorithm is applied to select significant features. The Naïve Bayesian (NB) classifier is created which is improved through Laplace calibration and natural logarithm of multiplier. The results with 10-fold cross validation indicate that the improved NB classifier achieves higher accuracy and precision, and the selected features by IG algorithm improve the detection efficiency in ensuring the accuracy of the case. Comparing k-nearest neighbor (KNN) and k-Means classifier, NB classifier has good performance on validity, accuracy and efficiency.

Key words: Android permission, malware application, information gain, Naï, ve Bayesian

中图分类号: