基于深度学习的安卓恶意应用检测

Android malware application detection using deep learning

针对传统安卓恶意程序检测技术检测准确率低,对采用了重打包和代码混淆等技术的安卓恶意程序无法成功识别等问题,设计并实现了DeepDroid算法。首先,提取安卓应用程序的静态特征和动态特征,结合静态特征和动态特征生成应用程序的特征向量;然后,使用深度学习算法中的深度置信网络(DBN)对收集到的训练集进行训练,生成深度学习网络;最后,利用生成的深度学习网络对待测安卓应用程序进行检测。实验结果表明,在使用相同测试集的情况下,DeepDroid算法的正确率比支持向量机(SVM)算法高出3.96个百分点,比朴素贝叶斯(Naive Bayes)算法高出12.16个百分点,比K最邻近(KNN)算法高出13.62个百分点。DeepDroid算法结合了安卓应用程序的静态特征和动态特征,采用了动态检测和静态检测相结合的检测方法,弥补了静态检测代码覆盖率不足和动态检测误报率高的缺点,在特征识别的部分采用DBN算法使得网络训练速度得到保证的同时还有很高的检测正确率。

The traditional Android malware detection algorithms have low detection accuracy, which can not successfully identify the Android malware by using the technologies of repaeking and code obfuscation. In order to solve the problems, the DeepDroid algorithm was proposed. Firstly, the static and dynamic features of Android application were extracted and the Android application features were created by combining static features and dynamic features. Secondly, the Deep Belief Network （DBN） of deep learning algorithm was used to train the collected training set for generating deep learning network. Finally, untrusted Android application was detected by the generated deep learning network. The experimental results show that, when using the same test set, the correct rate of DeepDroid algorithm is 3.96 percentage points higher than that of Support Vector Machine （SVM） algorithm, 12. 16 percentage points higher than that of Naive Bayes algorithm, 13.62 percentage points higher than that of K-Nearest Neighbor （KNN） algorithm. The proposed DeepDroid algorithm has combined the static features and dynamic features of Android application. The DeepDroid algorithm has made up for the disadvantages that code coverage of static detection is not enough and the false positive rate of dynamic detection is high by using the detection method combined dynamic detection and static detection. By using the DBN algorithm in feature recognition, the proposed DeepDroid algorithm has guaranteed high network training speed and high detection accuracy at the same time.