基于敏感权限及其函数调用图的Android恶意代码检测

为了有效地检测Android平台上的恶意软件,提出了一种基于敏感权限及其函数调用流程图的静态综合检测方法.通过对恶意软件进行逆向工程分析,构建了包含恶意代码敏感权限与函数调用图的特征库.并采用Munkres匈牙利算法计算待测样本与特征库在相同敏感权限下两个函数调用图之间的编辑距离,得到两个函数调用图之间的相似性,进而得到两个应用程序之间的相似性,据此对恶意软件进行检测识别.实验结果表明,该检测方法具有较高的准确性与有效性,检测效果明显优于工具Androguard.

Detecting Android malware based on sensitive permissions and function-call graphs

In order to detect malwares on the Android platform more effectively, we put forward a static comprehensive detection method which combines sensitive permissions with function-call graphs. Firstly, through reverse engineering, we constructed a malware graph database, including sensitive permissions and function-call graphs of numbers of malwares. Then, we used the Munkres algorithm to calculate the graph edit distance between the function-call graphs of the test sample and database at the same sensitive permissions to get the similarity of two function-call graphs, the similarity between two apps and detect malware further. The result shows that our method is highly effective in terms of a high accuracy and a low false positive rate, and it can detect more malwares when compared to the detection rate of Androguard.