恶意软件
计算机科学
探测器
沙盒(软件开发)
Android(操作系统)
Android恶意软件
利用
逃避(道德)
假阳性率
人工智能
实时计算
数据挖掘
机器学习
操作系统
计算机安全
免疫系统
免疫学
生物
电信
标识
DOI:10.1109/tc.2021.3082002
摘要
Malware developers continually attempt to modify the execution pattern of malicious code hiding it inside apparent normal applications, which makes its detection and classification challenging. This paper proposes an ensemble detector, which exploits the capabilities of the main analysis algorithms proposed in the literature designed to offer greater resilience to specific evasion techniques. In particular, the paper presents different methods to optimally combine both generic and specialized detectors during the analysis process, which can be used to increase the unpredictability of the detection strategy, as well as improve the detection rate in presence of unknown malware families and provide better detection performance in the absence of a constant re-training of detector needed to cope with the evolution of malware. The paper also presents an alpha-count mechanism that explores how the length of the observation time window can affect the detection accuracy and speed of different combinations of detectors during the malware analysis. An extended experimental campaign has been conducted on both an open-source sandbox and an Android smartphone with different malware datasets. A trade-off among performance, training time, and mean-time-to-detect is presented. Finally, a comparison with other ensemble detectors is also presented.
科研通智能强力驱动
Strongly Powered by AbleSci AI