随着Android系统的不断发展,人们对该平台的安全问题也更为关注。针对Android恶意应用程序存在的安全隐患,提出一种基于事件的恶意程序检测技术。系统采用C/S结构,通过手机客户端获取目标分析程序的系统调用序列,提交服务器端分析处理,分析服务器预先运行大量的已知恶意程序和良性程序作为训练样本,利用支持向量机学习算法对调用序列流进行聚类分类学习,检测出与样本类似特征的恶意程序。实验测试表明,该技术对恶意程序检出率高,误报率低,为Android恶意程序检测系统的设计提供有价值的参考。%With the development of Android system, people are concerned about the security probelem of the platform much more. In view of the hidden security problems of malicious program,a kind of malicious program detection technology based on event is proposed. C/S structure is adopted to abtain the system call sequence of target analysis program by mobile phone client,and submit it to the server for analysis processing,and run the known malicious programs and benign program as training sample. The leaning algorithm of support vector machine is utilized to complete the clustering and classification learning of call sequence flow,making the system identify malicious program similar to the sample characteristic. The result of experi⁃ment shows that the technology has a high detection rate and low false positive rate,and can provide valuable reference for de⁃sign of malicious program detection system.
展开▼
