摘要
目前,Android平台重打包应用检测方法依赖于专家定义特征,不但耗时耗力,而且其特征容易被攻击者猜测。另外,现有的应用特征表示难以在常见的重打包应用类型检测中取得良好的效果,导致在实际检测中存在漏报率较高的现象。针对以上2个问题,提出了一种基于深度学习的重打包应用检测方法,自动地学习程序的语义特征表示。首先,对应用程序进行控制流与数据流分析形成序列特征表示;然后,根据词向量嵌入模型将序列特征转变为特征向量表示,输入孪生网络长短期记忆(LSTM,long short term memory)网络中进行程序特征自学习;最后,将学习到的程序特征通过相似性度量实现重打包应用的检测。在公开数据集Andro Zoo上测试发现,重打包应用检测的精准率达到95.7%,漏报率低于6.2%。
The state-of-art techniques in Android repackaging detection relied on experts to define features,however,these techniques were not only labor-intensive and time-consuming,but also the features were easily guessed by attackers.Moreover,the feature representation of applications which defined by experts cannot perform well to the common types of repackaging detection,which caused a high false negative rate in the real detection scenario.A deep learning-based repackaged applications detection approach was proposed to learn the program semantic features automatically for addressing the above two issues.Firstly,control and data flow analysis were taken for applications to form a sequence feature representation.Secondly,the sequence features were transformed into vectors based on word embedding model to train a Siamese LSTM network for automatically program feature learning.Finally,repackaged applications were detected based on the similarity measurement of learned program features.Experimental results show that the proposed approach achieves a precision of 95.7%and false negative rate of 6.2%in an open sourced dataset AndroZoo.
作者
汪润
唐奔宵
王丽娜
WANG Run;TANG Benxiao;WANG Li’na(Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education,Wuhan University,Wuhan 430072,China;School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China)
出处
《通信学报》
EI
CSCD
北大核心
2018年第8期69-82,共14页
Journal on Communications
基金
国家自然科学基金资助项目(No.U1536204)
中央高校基本科研业务费专项资金资助项目(No.2042018kf1028)
国家高技术研究发展计划("863"计划)基金资助项目(No.2015AA016004)~~