基于应用描述的Android应用异常行为检测研究
首发时间:2017-12-01
摘要:移动应用是否恶意,与用户对该应用的应用的期望相关。然而,Android应用的一个特点是广泛使用第三方库,第三方库的使用会对应用异常行为的检测造成影响。因此,基于自然语言处理、机器学习和第三方库识别技术,本文实现一个改进的基于描述的Android应用异常行为检测工具。首先,通过自然语言处理技术对应用描述进行分析,使用遗传算法对应用描述聚类并寻找最佳聚类数目,得到相似描述(功能)的应用集合。然后对应用静态分析,检测应用中的第三方库,并分析应用的敏感行为。最后,相似描述的应用集合中的具有异常行为的应用即被检测为可疑应用。工具对Google Play应用市场中27.6万余个应用进行分析,实验结果验证所提出方法的有效性且说明第三方库对Android应用的异常行为检测有较大影响。
关键词: Android 第三方库 应用描述分析 聚类 异常点检测
For information in English, please click here
Automated Detection of Abnormal Behaviors of Android Apps based on App Descriptions
Abstract:Whether the sensitive behaviors of mobile apps should be granted is related to the users\' expectation of the app. However, third-party libraries are widely used in Android apps. Third-party libraries could greatly impact the accuracy of abnormal behavior detection. Therefore, based on Natural Language Processing, machine learning and third-party libraries detection techniques, this paper has implemented an improved abnormal behavior detection tool by analyzing app description. First, this paper analyzes the app description using Natural Language Processing technique, and uses genetic algorithm to cluster apps based on app descriptions and identifies the optimal number of clusters, then this paper could obtain the app set of similar description (function). Then, the static analysis is applied to detect the third-party libraries and analyze the sensitive behaviors. Finally, in a collection of similar description android apps, the apps with abnormal behaviors are detected as outlier apps. This paper use the tool to analyze more than 276K apps in the Google Play app market, and experiment results show that the proposed method is effective to detect outlier apps, and the third-party libraries have a great impact on the abnormal behavior detection of Android apps.
Keywords: Android Third-party Library App description analysis Clustering Outlier detection
基金:
引用
No.****
同行评议
共计0人参与
勘误表
基于应用描述的Android应用异常行为检测研究
评论
全部评论0/1000