计算机科学 ›› 2020, Vol. 47 ›› Issue (4): 298-304.doi: 10.11896/jsjkx.190700132

• 信息安全 • 上一篇    下一篇

基于深度自编码网络的Android恶意软件检测方法

孙志强, 万良, 丁红卫   

  1. 贵州大学计算机科学与技术学院 贵阳550025
    贵州大学计算机软件与理论研究所 贵阳550025
  • 收稿日期:2019-07-19 出版日期:2020-04-15 发布日期:2020-04-15
  • 通讯作者: 万良(wanliangtr@163.com)
  • 基金资助:
    贵州省科学基金黔科合LH字(7634)

Android Malware Detection Method Based on Deep Autoencoder Network

SUN Zhi-qiang, WAN Liang, DING Hong-wei   

  1. School of Computer Science and Technology,Guizhou University,Guiyang 550025,China;
    Institute of Computer Software and Theory,Guizhou University,Guiyang 550025,China
  • Received:2019-07-19 Online:2020-04-15 Published:2020-04-15
  • Contact: WAN Liang,born in 1974,Ph.D,professor,is a member of China Computer Federation.His main research interests include information security,network security and deep learning.
  • About author:SUN Zhi-qiang,born in 1995,postgra-duate,is a member of China Computer Federation.His main research interests include malware detection,information security and deep learning.
  • Supported by:
    This work was supported by the Guizhou Provincial Science Fund LH Word (7634)

摘要: 针对传统Android恶意软件检测方法检测率低的问题,文中提出一种基于深度收缩降噪自编码网络(Deep Contractive Denoising Autoencoder Network,DCDAN)的Android恶意软件检测方法。首先,逆向分析APK文件获取文件中的权限、敏感API等7类信息,并将其作为特征属性;然后,将特征属性作为深度收缩降噪自编码网络的输入,使用贪婪算法自底向上逐层训练每个收缩降噪自编码网络(Contractive Denoising Autoencoder Network),将训练完成的深度收缩降噪自编码网络用于原始特征的信息抽取,以获取最优的低维表示;最后,使用反向传播算法对获取的低维表示进行训练和分类,实现对Android恶意软件的检测。对深度自编码网络的输入数据添加噪声,使得重构的数据具有更强的鲁棒性,同时加入雅克比矩阵作为惩罚项,增强了深度自编码网络的抗扰动能力。实验结果验证了该方法的可行性和高效性。与传统的检测方法相比,该检测方法有效地提高了对恶意软件检测的准确率并降低了误报率。

关键词: Android恶意软件, 反向传播算法, 深度收缩降噪自编码网络, 贪婪算法, 雅克比矩阵

Abstract: To solve the problem of low detection rate of traditional Android malware detection methods,an Android malware detection method based on deep contractive denoising autoencoder network (DCDAN) was proposed.Firstly,the APK file is analyzed in reverse to obtain seven kinds of information in the APK file,such as permissions,sensitive API in the file,which are taken as feature attributes.Then,the feature attributes are taken as the input of the deep contractive denoising autoencoder network,train each contractive denoising autoencoder network is trined layer by layer from bottom to top by using greedy algorithm,and the The deep contractive denoising autoencoder network completed by training is used to extract the information of the original features to obtain the optimal low-dimensional representation.Finally,the back propagation algorithm is used to train and classify the acquired low-dimensional representations to realize the detection of Android malware.Adding noise to the input data of the deep autoencoder network makes the reconstructed data more robust,and adding jacobian matrix as penalty term enhances the anti-disturbance ability of the deep autoencoder network.The experimental results verify the feasibility and high efficiency of this method.Compared with the traditional detection method,the detection method can improve the accuracy of malware detection and reduce the false alarm rate effectively.

Key words: Android malware, Back propagation algorithm, Deep contractive denoising autoencoder network, Greedy algorithm, Jacobian matrix

中图分类号: 

  • TP309
[1]QING S H.Research Progress on Android Security [J].Journal of Software,2016,27(1):45-71.
[2]VINOD P,AKKA Z,MAURO C.A machine learning based approach to detect malicious android apps using discriminant system calls[J].Future Generation Computer Systems,2019,94:333-350.
[3]HE G F,XU B F,ZHU H T.AppFA:A Novel Approach to Detect Malicious Android Applications on the Network[J].Security and Communication Networks,2018,2018(4):1-15.
[4]SAPNA M,KIRAN K.Malicious Application Detection andClassification System for Android Mobiles[J].International Journal of Ambient Computing and Intelligence,2018,9:95-114.
[5]MARIOS A,NICOLA D,ANGELO S.Analysis and Evaluation of SafeDroid v2.0,a Framework for Detecting Malicious Android Applications[J].Security and Communication Networks,2018(1):1-15.
[6]WANG W,LI Y Y,WANG X,et al.Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers[J].Future Generation Computer Systems,2018,78(3):987-994.
[7]JUERGEN S.Deep Learning in Neural Networks:An Overview[J].Neural Networks,2015,61:85-117.
[8]PRASHANT K,PANKAJ K.A Novel Approach for Detecting Malware in Android Applications Using Deep Learning[C]//2018 Eleventh International Conference on Contemporary Computing(IC3).IEEE Computer Society,2018,1:1-4.
[9]LI D F,WANG Z G,XUE Y B.Fine-grained Android Malware Detection based on Deep Learning[C]//2018 IEEE Conference on Communications and Network Security(CNS).Beijing:IEEE,2018:1-2.
[1] 廖勇, 杨馨怡, 夏茂菡, 王博, 李守智, 沈轩帆.
高速移动场景下基于贪婪算法的改进模代数预编码
Improved Tomlinson-Harashima Precoding Based on Greedy Algorithm in High-speed Mobile Scenarios
计算机科学, 2019, 46(8): 121-126. https://doi.org/10.11896/j.issn.1002-137X.2019.08.020
[2] 郑斐峰, 蒋娟, 梅启煌.
最小化集装箱运输成本的配载优化
Study on Stowage Optimization in Minimum Container Transportation Cost
计算机科学, 2019, 46(6): 239-245. https://doi.org/10.11896/j.issn.1002-137X.2019.06.036
[3] 余建军, 吴春明.
基于禁忌遗传优化的离线静态虚拟网映射算法
Offline Static Virtual Network Mapping Algorithm Based on Tabu Search Genetic Optimization
计算机科学, 2019, 46(12): 114-119. https://doi.org/10.11896/jsjkx.181001981
[4] 杜秀丽,顾斌斌,胡兴,邱少明,陈波.
用于图像重构的基于行间支撑集相似度的CoSaMP算法
Support Similarity between Lines Based CoSaMP Algorithm for Image Reconstruction
计算机科学, 2018, 45(4): 306-311. https://doi.org/10.11896/j.issn.1002-137X.2018.04.052
[5] 宁卓,邵达成,陈勇,孙知信.
基于签名与数据流模式挖掘的Android恶意软件检测系统
Android Static Analysis System Based on Signature and Data Flow Pattern Mining
计算机科学, 2017, 44(Z11): 317-321. https://doi.org/10.11896/j.issn.1002-137X.2017.11A.067
[6] 魏霖静,练智超,王联国,侯振兴.
基于词条与语意差异度量的文档聚类算法
Term and Semantic Difference Metric Based Document Clustering Algorithm
计算机科学, 2016, 43(12): 229-233. https://doi.org/10.11896/j.issn.1002-137X.2016.12.042
[7] 刘 梓,宋晓宁,唐振民.
整合原始人脸图像和其虚拟样本的人脸分类算法
Integrating Original Images and its Virtual Samples for Face Recognition
计算机科学, 2015, 42(5): 289-294. https://doi.org/10.11896/j.issn.1002-137X.2015.05.059
[8] 蔡旭,谢正光,蒋小燕,黄宏伟.
基于压缩感知的步长自适应前向后向追踪重建算法
Adaptive Step Length Forward-backward Pursuit Algorithm for Signal Reconstruction Based on Compressed Sensing
计算机科学, 2014, 41(11): 169-174. https://doi.org/10.11896/j.issn.1002-137X.2014.11.033
[9] 杨云,章国安,邱恭安.
认知无线Mesh网络中基于概率的贪婪频谱决策技术研究
Research of Probability-based Greedy Spectrum Decision in Cognitive Wireless Mesh Networks
计算机科学, 2012, 39(Z6): 163-165.
[10] 刘曙光 郑崇勋.
前馈神经网络中的反向传播算法及其改进:进展与展望

计算机科学, 1996, 23(1): 76-79.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!