Yuan Hongli, Tang Yongchuan
Institute of information engineering, Anhui Xinhua University, Hefei 230088, China.
School of Big Data and Software Engineering, Chongqing University, Chongqing 401331, China.
Entropy (Basel). 2020 Jul 20;22(7):792. doi: 10.3390/e22070792.
Millions of Android applications (apps) are widely used today. Meanwhile, the number of malicious apps has increased exponentially. Currently, there are many security detection technologies for Android apps, such as static detection and dynamic detection. However, the uncertainty of the features in detection is not considered sufficiently in these technologies. Permissions play an important role in the security detection of Android apps. In this paper, a malicious application detection model based on features uncertainty (MADFU) is proposed. MADFU uses logistic regression function to describe the input (permissions) and output (labels) relationship. Moreover, it uses the Markov chain Monte Carlo (MCMC) algorithm to solve features' uncertainty. After experimenting with 2037 samples, for malware detection, MADFU achieves an accuracy of up to 95.5%, and the false positive rate (FPR) is 1.2%. MADFU's Android app detection accuracy is higher than the accuracy of directly using 24 dangerous permission. The results also indicate that the method for an unknown/new sample's detection accuracy is 92.7%. Compared to other state-of-the-art approaches, the proposed method is more effective and efficient, by detecting malware.
如今,数以百万计的安卓应用程序被广泛使用。与此同时,恶意应用程序的数量呈指数级增长。目前,针对安卓应用程序有许多安全检测技术,如静态检测和动态检测。然而,这些技术在检测中对特征的不确定性考虑得并不充分。权限在安卓应用程序的安全检测中起着重要作用。本文提出了一种基于特征不确定性的恶意应用检测模型(MADFU)。MADFU使用逻辑回归函数来描述输入(权限)和输出(标签)之间的关系。此外,它使用马尔可夫链蒙特卡罗(MCMC)算法来解决特征的不确定性。在对2037个样本进行实验后,对于恶意软件检测,MADFU的准确率高达95.5%,误报率(FPR)为1.2%。MADFU对安卓应用程序的检测准确率高于直接使用24个危险权限的准确率。结果还表明,该方法对未知/新样本的检测准确率为92.7%。与其他现有方法相比,所提出的方法在检测恶意软件方面更有效、更高效。
