| Summary: | 碩士 === 國立臺灣海洋大學 === 資訊工程學系 === 101 === The majority of anti-virus software makes use of signatures to judge whether something is malware or not, so how the signature is generated is a basic requirement. However, we usually collect and compare data manually. To reduces the cost of artificial selection and speeds up the time to create the signature. Our research tries to develop an automatic malware signature generator based on the character string as shown on a control flow graph and uses our collected signatures to detect malware.
First we collected numerous known species of malware and normal applications. These had been scanned by the anti-virus program to be our test sample and then used Androguard to get all of the applications character strings for the control flow graph. Finally, we used the Levershtein Distance Algorithm to compare and analyze the similar character strings. In the end, the signature generator that we designed was able to distinguish malware from normal applications effectively. Our experiment shows that 94% of malware can be correctly detected and the false positive rate was 6%. In the future, we will change our comparison program and revise the algorithim to decrease the false positive rate. We hope that the signature generator can find the malware efficiently thus creating a safe environment that the mobile device application can use.
|
|---|
