摘要: |
目前针对未知的Android恶意应用可以采用机器学习算法进行检测,但传统的机器学习算法具有少于三层的计算单元,无法充分挖掘Android应用程序特征深层次的表达。文中首次提出了一种基于深度学习的算法DDBN (Data-flow Deep BeliefNetwork)对Android应用程序数据流特征进行分析,从而检测Android未知恶意应用。首先,使用分析工具FlowDroid和SUSI提取能够反映Android应用恶意行为的静态数据流特征;然后,针对该特征设计了数据流深度学习算法DDBN,该算法通过构建深层的模型结构,并进行逐层特征变换,将数据流在原空间的特征表示变换到新的特征空间,从而使分类更加准确;最后,基于DDBN实现了Android恶意应用检测工具Flowdect,并对现实中的大量安全应用和恶意应用进行检测。实验结果表明,Flowdect能够充分学习Android应用程序的数据流特征,用于检测未知的Android恶意应用。通过与其他基于传统机器学习算法的检测方案对比,DDBN算法具有更优的检测效果。 |
关键词: 机器学习 Android 恶意应用检测 深度学习 数据流特征 |
DOI:10.19363/J.cnki.cn10-1380/tn.2019.03.06 |
Received:July 24, 2017Revised:January 28, 2018 |
基金项目:国家自然基金(No.61701494),中科院信工所青年之星(No.Y8YS016104),和中国科学院战略性先导专项项目(No.XDA06010703)资助。 |
|
Android malware detection method based on data-flow deep learning algorithm |
ZHU Dali,JIN Hao,WU Di,JING Pengfei,YANG Ying |
The 4th Laboratory, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100093, China |
Abstract: |
At present,machine learning algorithm is always used to detect unknown malicious applications of Android.As traditional machine learning algorithm has less than three computing layers,it could not fully mine the deep characterizations of features in an Android application.For this problem,a Data-flow Deep Belief Network Algorithm (DDBN) is proposed,which learns data flow features deeply to detect Android malware.Firstly,we combine the analysis tools FlowDroid and SUSI to extract static data flow features,which can reflect malicious behaviors of an Android application.Then,we design DDBN to construct a deep model and transform the data flow features from the original representation space to a new feature space layer by layer,so as to achieve higher classification accuracy.Finally,we implement an automated tool named Flowdect based on DDBN to detect a number of benign and malicious applications in real.The experimental results show that Flowdect can fully learn the data flow features to detect unknown Android malware.What's more,DDBN performs better than other machine learning-based approaches on the accuracy and efficiency. |
Key words: machine learning android malware detection deep learning data flow feature |