摘要
Android操作系统上的恶意应用数量和种类快速增长,现实生活中需要替代传统的人工审核和特征码匹配的方法出现。研究深度学习在海量Android应用程序的检测分类,提出了一个混合卷积神经网络和长短期记忆网络的神经网络模型,利用Android应用程序的汇编代码的操作指令序列和运行时的行为与操作的序列进行训练分类。相比于传统的机器学习方法 ,提出的方法省去了手动从汇编代码里提取指定的指令调用作为特征,能够自动对其进行分析和对比。相比于单纯使用卷积神经网络的模型,混合了长短期记忆网络的网络模型,在Android恶意应用检测效果方面效果提升显著。
With the rapid growth of the number and variety of malicious applications on the Android operating system,there exists an urgent need to implement a method that can replace the traditional manual verification and signature matching in real life.The application of deep learning in the detection and classification of mass Android applications are explored,and a neural network model in combination of convolutional neural network with long short-term memory network is proposed.The assembly-code operation instruction sequence and the sequence of runtime behaviors and operations for Android application are used for training classification.Relative to the traditional machine learning method,the specified instruction manually extracted from the assembly code as a feature is omitted,and this method can be automatically analyzed and compared.Compared to the model simply using convolutional neural network,the network model mixing with long short-term memory networks has a significant improvement in the detection effect of Android malicious applications.
作者
王聪
邱卫东
唐鹏
连慧娟
WANG Cong;QIU Wei-dong;TANG Peng;LIAN Hui-juan(Shanghai Jiaotong University,Shanghai 200240,China)
出处
《通信技术》
2018年第9期2209-2214,共6页
Communications Technology
基金
科技部重点研发专项(No.2017YFB0802704)
上海市优秀技术带头人计划(No.16XD1424400)~~
