计算机科学 ›› 2022, Vol. 49 ›› Issue (6A): 508-515.doi: 10.11896/jsjkx.210700103

• 信息安全 • 上一篇    下一篇

一种基于异质模型融合的 Android 终端恶意软件检测方法

姚烨, 朱怡安, 钱亮, 贾耀, 张黎翔, 刘瑞亮   

  1. 西北工业大学计算机学院 西安 710129
  • 出版日期:2022-06-10 发布日期:2022-06-08
  • 通讯作者: 朱怡安(zhuya@nwpu.edu.cn)
  • 作者简介:(yaoye@nwpu.edu.cn)
  • 基金资助:
    国家重点研发计划(2020YFB1712200);陕西省重点研发(重点产业链)项目(2019ZDLGY12-07);西安市科技计划项目(GXYD192.1);太仓市大院大所创新项目(TC2019DYDS06);东莞市科技装备动员项目(KZ2018-14)

Android Malware Detection Method Based on Heterogeneous Model Fusion

YAO Ye, ZHU Yi-an, QIAN Liang, JIA Yao, ZHANG Li-xiang, LIU Rui-liang   

  1. School of Computer Science,Northwestern Polytechnical University,Xi'an 710129,China
  • Online:2022-06-10 Published:2022-06-08
  • About author:YAO Ye,born in 1972,associate professor,master supervisor.His main research interests include software security testing,network system security evaluation,industrial Internet and security technology.
    ZHU Yi-an,born in 1961,professor,doctoral supervisor.His main research interests include parallel computing,network and information security,complex system modeling and analysis,big data intelligent processing technology,security critical operating system.
  • Supported by:
    National key Research and Development Program of China(2020YFB1712200),Key Research Development Plan of Shaanxi Province of China(2019ZDLGY12-07),Xi'an City Science and Technology Plan Project of China(GXYD192.1),Innovation Leading Project of Taicang City of China (TC2019DYDS06) and Dongguan City Science and Technology Equipment Mobilization Project of China(KZ2018-14).

摘要: 针对单一分类模型检测精度有限的问题,提出了一种基于异质模型融合的Android恶意软件检测方法。首先识别和采集恶意软件混合特征信息,采用基于CART决策树的随机森林算法和基于MLP的Adaboost算法分别构造集成学习模型,然后通过Blending算法对这两个分类器进行模型融合,最后得到一种异质模型融合分类器,在此基础上实施移动终端恶意软件检测。实验结果表明所提方法能够有效克服单一分类模型检测精度不足的问题。

关键词: Android系统, 恶意软件, 机器学习, 模型融合, 移动终端

Abstract: Aiming at the problem of limited detection accuracy of a single classification model,this paper proposes an Android malware detection method based on heterogeneous model fusion.Firstly,by identifying and collecting the mixed feature information of malicious software,the random forest algorithm based on CART decision tree and the Adaboost algorithm based on MLP are used to construct the integrated learning model respectively,and then the two classifiers are fused by Blending algorithm.Finally,a heterogeneous model fusion classifier is obtained.On this basis,the mobile terminal malware detection is implemented.Experimental results show that the proposed method can effectively overcome the problem of insufficient accuracy of single classification model.

Key words: Android system, Machine learning, Malware, Mobile terminal, Model fusion

中图分类号: 

  • TP391.9
[1] China Internet Network Information Center.The 46th 《Statistical Reports on Internet Development in China》[EB/OL].http://www.gov.cn/xinwen/2020-09/29/content_5548176.htm.
[2] 360 Beacon Lab,360 Security Brain.2019 Android Malware Special Report [EB/OL].https://blogs.360.cn/post/review android_malware_of_2019.html.
[3] China Academy of Information and Communications Technology.White Paper on Mobile Application (App) Data Security and Personal Information Protection (2019) [EB/OL].http://www.caict.ac.cn/kxyj/qwfb/bps/201912/t20191229_272847.htm.
[4] Network and Information Technology Center.Information Security Technology Personal Information Security Specification (2020 Edition) [EB/OL]. http://www.ahstu.edu.cn/wlzx/info/1011/1478.htm.
[5] National Engineering Laboratory,China Academy of Informa-tion and Communications Technology,iJiami.National Mobile App Risk Monitoring and Evaluation Report (2020 3rd Quarter Edition)[EB/OL].https://www.anquanke.com/post/id/219502.
[6] SHEN F,VECCHIO J D,MOHAISEN A,et al.Android Malware Detection Using Complex-Flows[C]//IEEE Transactions on Mobile Computing.2017.
[7] ZHANG C,HU G,WANG Z,et al.A NOVEL SVM-BASED DETECTION METHOD FOR ANDROID MALWARE[J].Computer Applications and Software,2018,35(10):298-304.
[8] LI C F ,LEE W L,SUN W.Android Malware Detection Algorithm Based on CNN and Naive Bayesian Method[J].Journal of Information Security Research,2019,5(6):470-476.
[9] WANG W,LI Y,WANG X,et al.Detecting android malicious apps and categorizing benign apps with ensemble of classifiers[J].Future Generation Computer Systems,2018,78:987-994.
[10] Android Developers.Motion Event [EB/OL].https://develo-per.android.com/reference/android/view/MotionEvent#getAction%28%29.
[11] GREGORUTTI B ,MICHEL B ,SAINT-PIERRE P.Correlation and variable importance in random forests[J].Stats & Computing,2017,27(3):659-678.
[12] SIKORA R ,AL-LAYMOUN O H.A Modified Stacking En-semble Machine Learning Algorithm Using Genetic Algorithms[J/OL].https://www.igi-global.com/Files/Ancillary/7a51f757-7e8d-4feb-8afd-2d16a8257b18_TOC.pdf.
[13] DONG K Y.Research and implementation of Android malware detection method[D].Nanjing:Nanjing University of Science and Technology,2018.
[14] DU W,LI J.Android malware detection and malicious behavior analysis based on semi-supervised learning[J].Journal of Information Security Research,2018,4(3):242-250.
[15] QIU H J,LIAN G X,LIU Z J.Android malware detection based on combined machine learning algorithm[J].Journal of Information Technology,2019(7):59-64.
[16] WANG T,LI J.Design and implementation of Android malware detection based on deep learning[J].Journal of Information Security Research,2018,4(2):140-144.
[17] JIANG C.Research on Android malware detection technologybased on deep learning [D].Changsha:Hunan University.
[18] HOU L Y,LUO L L,PAN L M,et al.Android Malware Detection Method Fusion Multi-feature[J].Chinese Journal of Network and Information Security,2020(1):67-74.
[19] WANG G Y.Research on Android malware detection method based on multi-features [D].Xi'an:Xidian University,2020.
[20] SONG L.Research on Android Local Layer Code Obfuscation Analysis Based on Machine Learning [D].Xi'an:Northwest University,2019.
[21] WANG X.Research and implementation of Android mobile terminal data security protection technology [D].Beijing:Beijing University of Posts and Telecommunications,2019.
[22] XU H.Research on Malware Detection Technology Based on Recurrent Neural Network [D].Beijing:Beijing University of Posts and Telecommunications,2016.
[23] ALZAYLAEE M K,YERIMA S Y,SEZER S.DL-Droid:Deep learning based android malware detection using real devices[J].Computers & Security,2020,89(2):101663.1-101663.11.
[24] JIANG F S.Research and implementation of malware identification based on deep learning [D].Beijing:Beijing University of Posts and Telecommunications,2019.
[25] YAN B.Research on Android malware detection technologybased on multi-model fusion [D].Xi'an:Xidian University,2019.
[26] MILOSEVIC N, DEHGHANTANHA A, CHOO K K R. Machine learning aided Android malware classification[J]. Compu-ters & Electrical Engineering,2017,61:266-227.
[1] 冷典典, 杜鹏, 陈建廷, 向阳.
面向自动化集装箱码头的AGV行驶时间估计
Automated Container Terminal Oriented Travel Time Estimation of AGV
计算机科学, 2022, 49(9): 208-214. https://doi.org/10.11896/jsjkx.210700028
[2] 宁晗阳, 马苗, 杨波, 刘士昌.
密码学智能化研究进展与分析
Research Progress and Analysis on Intelligent Cryptology
计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053
[3] 何强, 尹震宇, 黄敏, 王兴伟, 王源田, 崔硕, 赵勇.
基于大数据的进化网络影响力分析研究综述
Survey of Influence Analysis of Evolutionary Network Based on Big Data
计算机科学, 2022, 49(8): 1-11. https://doi.org/10.11896/jsjkx.210700240
[4] 李瑶, 李涛, 李埼钒, 梁家瑞, Ibegbu Nnamdi JULIAN, 陈俊杰, 郭浩.
基于多尺度的稀疏脑功能超网络构建及多特征融合分类研究
Construction and Multi-feature Fusion Classification Research Based on Multi-scale Sparse Brain Functional Hyper-network
计算机科学, 2022, 49(8): 257-266. https://doi.org/10.11896/jsjkx.210600094
[5] 张光华, 高天娇, 陈振国, 于乃文.
基于N-Gram静态分析技术的恶意软件分类研究
Study on Malware Classification Based on N-Gram Static Analysis Technology
计算机科学, 2022, 49(8): 336-343. https://doi.org/10.11896/jsjkx.210900203
[6] 于滨, 李学华, 潘春雨, 李娜.
基于深度强化学习的边云协同资源分配算法
Edge-Cloud Collaborative Resource Allocation Algorithm Based on Deep Reinforcement Learning
计算机科学, 2022, 49(7): 248-253. https://doi.org/10.11896/jsjkx.210400219
[7] 陈明鑫, 张钧波, 李天瑞.
联邦学习攻防研究综述
Survey on Attacks and Defenses in Federated Learning
计算机科学, 2022, 49(7): 310-323. https://doi.org/10.11896/jsjkx.211000079
[8] 王君锋, 刘凡, 杨赛, 吕坦悦, 陈峙宇, 许峰.
基于多源迁移学习的大坝裂缝检测
Dam Crack Detection Based on Multi-source Transfer Learning
计算机科学, 2022, 49(6A): 319-324. https://doi.org/10.11896/jsjkx.210500124
[9] 肖治鸿, 韩晔彤, 邹永攀.
基于多源数据和逻辑推理的行为识别技术研究
Study on Activity Recognition Based on Multi-source Data and Logical Reasoning
计算机科学, 2022, 49(6A): 397-406. https://doi.org/10.11896/jsjkx.210300270
[10] 李亚茹, 张宇来, 王佳晨.
面向超参数估计的贝叶斯优化方法综述
Survey on Bayesian Optimization Methods for Hyper-parameter Tuning
计算机科学, 2022, 49(6A): 86-92. https://doi.org/10.11896/jsjkx.210300208
[11] 赵璐, 袁立明, 郝琨.
多示例学习算法综述
Review of Multi-instance Learning Algorithms
计算机科学, 2022, 49(6A): 93-99. https://doi.org/10.11896/jsjkx.210500047
[12] 王飞, 黄涛, 杨晔.
基于Stacking多模型融合的IGBT器件寿命的机器学习预测算法研究
Study on Machine Learning Algorithms for Life Prediction of IGBT Devices Based on Stacking Multi-model Fusion
计算机科学, 2022, 49(6A): 784-789. https://doi.org/10.11896/jsjkx.210400030
[13] 许杰, 祝玉坤, 邢春晓.
机器学习在金融资产定价中的应用研究综述
Application of Machine Learning in Financial Asset Pricing:A Review
计算机科学, 2022, 49(6): 276-286. https://doi.org/10.11896/jsjkx.210900127
[14] 李野, 陈松灿.
基于物理信息的神经网络:最新进展与展望
Physics-informed Neural Networks:Recent Advances and Prospects
计算机科学, 2022, 49(4): 254-262. https://doi.org/10.11896/jsjkx.210500158
[15] 么晓明, 丁世昌, 赵涛, 黄宏, 罗家德, 傅晓明.
大数据驱动的社会经济地位分析研究综述
Big Data-driven Based Socioeconomic Status Analysis:A Survey
计算机科学, 2022, 49(4): 80-87. https://doi.org/10.11896/jsjkx.211100014
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!