摘要
在过去的十几年间,Android系统由于其开源性、丰富的硬件选择性以及拥有百万级别应用市场等优点,已经迅速成为了目前最流行的移动操作系统.与此同时,Android系统的开源性也使其成为了恶意软件的主要攻击目标.恶意软件的快速增长给移动智能手机用户带来了巨大的危害,包括资费消耗、隐私窃取以及远程控制等.因此,深入研究移动应用的安全问题对智能手机生态圈的健全发展具有重要意义.本文首先介绍了恶意软件检测所面临的问题与挑战,然后综述了近些年的恶意软件检测所使用的数据集信息以及相关方法,将现有方法分为了基于特征码、基于机器学习以及基于行为3大类,并针对各方法所使用的技术进行了归纳总结,全面比较和分析了不同技术的优缺点.最后,结合我们自身在恶意软件检测方面的研究基础对未来的研究方向和面临的挑战进行了探索与讨论.
Android has become the most popular mobile operating system in the past ten years due to its three main advantages,namely,the openness of source code,richness of hardware selection,and millions of applications(apps).It is of no surprise that Android has become the major target of malware.The rapid increase in the number of Android malware poses big threats to smart phone users such as financial charges,information collection,and remote control.Thus,the in-depth study of the security issues of mobile apps is of great importance to the sound development of the smart phone ecosystem.We first introduce the existing problems and challenges of malware analysis,and then summarize the widely-used benchmark datasets.After that,we divide the existing malware analysis methods into three categories,including signature-based methods,machine learning-based methods,and behavior-based methods.We further summarize the techniques used in each method,and compare and analyze the advantages and disadvantages of different techniques.Finally,combined with our own research foundation in malware analysis,we explore and discuss future research directions and challenges.
作者
范铭
刘烃
刘均
罗夏朴
于乐
管晓宏
Ming FAN;Ting LIU;Jun LIU;Xiapu LUO;Le YU;Xiaohong GUAN(School of Cyber Science and Engineering,Xi'an Jiaotong University,Xi'an 710049,China;Department of Computing,The Hong Kong Polytechnic University,Hong Kong 999077,China;School of Computer Science and Technology,Xi'an Jiaotong University,Xi'an 710049,China)
出处
《中国科学:信息科学》
CSCD
北大核心
2020年第8期1148-1177,共30页
Scientia Sinica(Informationis)
基金
国家重点研发计划(批准号:2016YFB1000903)
国家自然科学基金(批准号:61902306,61632015,U1766215,61772408,61833015)
国家自然科学基金创新群体(批准号:61721002)
教育部创新团队(批准号:IRT 17R86)
中国博士后科学基金站前特别资助(批准号:2019TQ0251)资助项目。
关键词
安卓
恶意软件检测
家族识别
机器学习
Android
malware detection
familial identification
machine learning
作者简介
Ming FAN was born in 1991.He received his B.S.and Ph.D.degrees in computer science and technology from Xi'an Jiaotong University,China,in 2013 and 2019,respectively.He received his Ph.D.degree in computing from The Hong Kong Polytechnic University in 2019.He is currently a lecturer in the School of Cyber Science and Engineering at Xi'an Jiaotong University,China.His research interests include trustworthy software and Android malware detection and familial identification;通信作者:刘烃.Ting LIU was born in 1981.He received his B.S.and Ph.D.degrees from Xi'an Jiaotong University,Xi'an,China,in 2003 and 2010,respectively.He was a visiting professor at Cornell University.He is currently a professor at the Systems Engineering Institute,Xi'an Jiaotong University.His research interests include software security and smart grids security.E-mail:tingliu@mail.xjtu.edu.cn;Jun LIU was born in 1973.He received his B.S.and Ph.D.degrees in computer science and technology from Xi'an Jiaotong University in 1995 and 2004,respectively.He is currently a professor in the Department of Computer Science and Technology,Xi'an Jiaotong University,China.His current research focuses on data mining and text mining;Xiaohong GUAN was born in 1955.He received his B.S.and M.S.degrees in automatic control from Tsinghua University,Beijing.China,in 1982 and 1985,respectively,and a Ph.D.degree in electrical engineering from the University of Connecticut,Storrs,CT,USA,in 1993.Since 1995,he has been at the Systems Engineering Institute,Xi'an Jiaotong Uni vers计y,Xi'an,China.He became Dean of the School of Electronic and Information Engineering in 2008.His research interests include optimization of power and energy systems,electric power markets,and cyberphysical systems such as smart grids and sensor networks。
