Unlock instant, AI-driven research and patent intelligence for your innovation.

An Android malicious software detection method based on a semi-supervised K-Means clustering algorithm

A malware and clustering algorithm technology, applied in computer components, computing, computer security devices, etc., can solve the problem that Android malware is easily affected by the initial clustering center, and achieve high accuracy

Active Publication Date: 2019-04-23
HANGZHOU NORMAL UNIVERSITY
View PDF11 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The object of the present invention is to provide a kind of Android malware detection method based on semi-supervised K-Means clustering algorithm, to solve the problem that K-Means clustering algorithm detects Android malware easily affected by the initial clustering center

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Android malicious software detection method based on a semi-supervised K-Means clustering algorithm
  • An Android malicious software detection method based on a semi-supervised K-Means clustering algorithm
  • An Android malicious software detection method based on a semi-supervised K-Means clustering algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0034] Example: such as figure 1 Shown, a kind of Android malware detection method based on semi-supervised K-Means clustering algorithm, described method comprises:

[0035] Step S1, analyze the Android application software package: select an appropriate amount of labeled samples and double the number of unlabeled samples, use the decompression tool to open the Android application software packages of these samples, obtain the classes.dex file AndroidManifest.xml file, and analyze the AndroidManifest The .xml file extracts the permission feature set P1 of each sample, decompiles the classes.dex file to extract the called API, and constructs the feature set P2 of the permission corresponding to each sample API, and obtains the permission set P1 and P2 of each sample. The non-over-applied permission set P3 of the sample.

[0036] Step S2, constructing feature matrix: Obtain the attribute scoring results of different permissions through the information gain algorithm, count the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an Android malicious software detection method based on a semi-supervised K-Means clustering algorithm. The method comprises the following steps of S1, analyzing an Android application software package, selecting a proper amount of labeled samples and two times of quantity of unlabeled samples, and opening the Android application software package of the samples by using a decompression tool to obtain permission sets P1, P2 and P3; S2, constructing a feature matrix, counting the scoring results s1, s2 and s3 of the permission sets P1, P2 and P3 of each sample through aninformation gain algorithm, and selecting a proper amount of labeled samples to construct feature matrixes FN and FM; S3, detecting the malicious software, utilizing a semi-supervised K-means algorithm to detect the malicious software in the samples of a feature matrix FN and a feature matrix FM. According to the technical scheme, by using a large number of unlabeled samples and using the labeledsamples as few as possible for classification, the higher accuracy is achieved for malicious software detection.

Description

technical field [0001] The invention relates to the technical fields of malware detection and network security, in particular to an Android malware detection method based on a semi-supervised K-Means clustering algorithm. Background technique [0002] Due to the open source and free features of the system, the Android system, as a mainstream mobile operating system, has become the main target of malware attacks. Judging from the distribution of new malware in 2017, the proportion of tariff-consuming malicious samples has reached 3 / 4, indicating that malware still seeks economic benefits by promoting advertisements, consuming traffic, and increasing traffic tariffs for mobile phone users. Security cannot be guaranteed, so it is still necessary to study Android malware detection methods. [0003] There are currently two main methods for Android malicious code analysis research, namely static analysis and dynamic detection. Static analysis refers to judging the program behavi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/562G06F21/563G06F18/23213
Inventor 刘雪娇罗娟胡芷琦
Owner HANGZHOU NORMAL UNIVERSITY