摘要 |
Disclosed are a method and device for constructing an apk virus signature database and an apk virus detection system. The method comprises: obtaining a given sample set, the sample set being composed of N normal apk file samples and N virus-infected apk file samples; for any sample in the given sample set, separately obtaining M signature values of the sample according to M preset signatures; combining the signature values of the M signatures, and dividing the given sample set into 2M sample subsets according to the arrangement result; for any sample subset i (i=1,…,2M), determining whether the sample subset satisfies the following conditions: the ratio of the total number Citotal of samples in the subset to the total number of samples in the given sample set is greater than a preset first threshold and the ratio of the total number Civirus of virus samples to Citotal is greater than a preset second threshold, and if yes, determining a combination of signature values of M signatures corresponding to the sample subset i as a virus signature; and generating an apk virus signature database comprising multiple virus signatures, the apk virus signature database being used for detecting apk files. |