| 引用本文: |
-
姜建国,李松,喻民,李罡,刘超,李梅梅,黄伟庆.基于敏感特征深度域关联的Android恶意应用检测方法[J].信息安全学报,已采用 [点击复制]
- Jiang Jianguo,Li Song,Yu Min,Li Gang,Liu Chao,Li Meimei,Huang Weiqing.Android malware detection approach based on deep do-main correlation of sensitive features[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 利用机器学习或深度学习算法进行Android恶意应用的检测是当前主流方法,取得了一定的效果。然而,多数方法缺乏对敏感行为协同的深度分析,导致恶意应用检测准确率低。本文提出敏感特征域关联关系图来描述应用程序主要敏感行为,以及敏感行为之间的域关联关系。首先,定义类或者包为域,在同一个域中的敏感特征具有域关联关系。通过敏感特征所在域的相对范围,构造敏感特征之间不同的域关联权重,生成敏感特征域关联关系图。然后,基于敏感特征域关联关系图,设计基于图卷积神经网络的深度表征,构建Android恶意应用检测模型GCNDroid。在实践中,GCNDroid还可以更新的敏感特征,以适应移动应用程序新的敏感行为。最后,本文进行了系统评估,召回率、调和平均数、auc等重要指标均超过96%,结果表明GCNDroid取得了预期的效果。 |
| 关键词: Android恶意应用 域关联 图卷积神经网络 敏感特征 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2022.12.08 |
| 投稿时间:2020-08-19修订日期:2020-11-09 |
| 基金项目:国家重点基础研究发展计划(973计划) |
|
| Android malware detection approach based on deep do-main correlation of sensitive features |
|
Jiang Jianguo1, Li Song1, Yu Min1, Li Gang2, Liu Chao1, Li Meimei1, Huang Weiqing1
|
| (1.Institute of Information Engineering, Chinese Academy of Sciences;2.School of Information Technology, Deakin University) |
| Abstract: |
| The approaches based on traditional machine learning or deep learning algorithms are popular for Android malware de-tection, however, the majority of existing approaches still lack in-depth analysis of the coordination of sensitive behav-iors, resulting in low accuracy. In this paper, we propose a sensitive feature domain correlation graph to describe the main sensitive behaviors of the app and the domain correlation between sensitive behaviors. First, we define a class or package as a domain, and sensitive features in the same domain have a domain correlation. Through the relative range of the sensitive feature’s domain, we construct various domain correlation weights between the sensitive features, and gen-erate the sensitive feature domain correlation graph. Then, based on the graph, we design a deep representation with graph convolutional neural network to construct the Android malware detection model GCNDroid. In practice, GCNDroid can also be constantly updated using new features, which can adapt to the new sensitive behaviors of mobile apps. Finally, extensive evaluations of GCNDroid have been done, and the results show that GCNDroid achieves high agreement on Android malware detection, in which the recall, f1-score, auc, etc. all exceed 96%. |
| Key words: Android malware domain correlation GCN sensitive features |
