基于图模式与内存足迹的 Android 恶意应用与行为检测.

The current all Android APP stores only check the known malware APPs and can not detect the new and dynamically loading malware APPs and behaviors. This paper proposed a graph pattern and memory footprint based malware application detection algorithm. Firstly,it acquired memory information of the APP,analyzed the footprint and series number to detect the dynamically packed malware code and new malware APPs. Then, it abstracted the co-occurring permissions required by the APP,and modeled the permissions as graph structure,and used the metrics of graph to analyze the classify pattern and centric permission of the graph. It determined the optimal graph measurement for class representation according to the centric permission. Lastly,it calculated the privacy score and risk threshold of the APPs,and detected malware APPs and behaviors with that risk threshold. Simulation experimental results show that the proposed algorithm performs a high detection ratio to different types of malware APPs and a good detection ration to unknown malware APPs. [ABSTRACT FROM AUTHOR]