期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于可信度的Android恶意代码多模型协同检测方法 被引量:3

A Confidence-guided Hybrid Android Malware Detection System with Multiple Heterogeneous Algorithms
下载PDF
导出
摘要 当前,基于机器学习模型的Android恶意代码检测系统存在退化问题。因为恶意代码在不断地快速变异和进化,产生了概念漂移现象,恶意代码的数据分布规律随时间产生变化。概念漂移破坏了机器学习提出的数据分布规律具有稳定性的假设。为了缓解检测模型的退化问题,本文提出基于可信度的支持多模型协同检测的方法,对多个异构模型的预测结果进行可信度和置信度分析,突破了由于模型的异构性而不能相互学习和协同检测的问题,建立了开放的多模型协同检测平台,缓解恶意代码的概念漂移问题。实验表明,多模型协同可以提升检测效果。在对66 000多个Android样本的预测中,SVM模型和随机森林模型各有优劣,协同检测系统能够在保证不低于任一种单模型的基础上对预测效果有所提升。 At present, machine learning based Android malware detection approaches has the problem of model aging. Malware is constantly changing and evolving rapidly with time, which leads to concept drift. Concept drift makes underlying data distribution change over time, which violates the machine learning assumption that the data distribution is stable. In order to alleviate the problem of model aging, a confidence-guided hybrid malware detection system is proposed. By analyzing the credibility and confidence of the predicted results of heterogeneous models, this system can break through the problem that the heterogeneous models could not cooperate with each other. An open hybrid detection platform is established to mitigate concept drift. Experiments show that hybrid Android malware detection system is effective. In an evaluation with 66 000 applications, SVM model and random forest model have their own advantages and disadvantages. Hybrid Android malware detection system can improve the prediction effect on the basis of one single model.
作者 张永生 朱文焌 史若琪 杜振华 张瑞 王志 ZHANG Yongsheng;ZHU Wenjun;SHI Ruoqi;DU Zhenhua;ZHANG Rui;WANG Zhi(East China Regional Air Traffic Management Bureau,Civil Aviation Administration of China,Shanghai 200335,China;College of Cyber Science,Nankai University,Tianjin 300350,China;National Computer Virus Emergency Response Center,Tianjin 300457,China)
机构地区 中国民用航空华东地区空中交通管理局 南开大学网络空间安全学院 国家计算机病毒应急处理中心
出处 《广西师范大学学报(自然科学版)》 CAS 北大核心 2020年第2期19-28,共10页 Journal of Guangxi Normal University:Natural Science Edition
基金 国家自然科学基金(61872202) 民航安全能力建设项目(PESA2018079,PESA2018082,PESA2019073,PESA2019074) 赛尔网络下一代互联网技术创新项目(NGII20180401) 中国民航大学信息安全测评中心开放课题基金(CAAC-ISECCA-201701) 计算机病毒防治技术国家工程实验室项目。
关键词 恶意代码检测 机器学习 可信度计算 协同检测 malware detection machine learning confidence calculation hybrid detection
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献2

二级参考文献15

  • 1BREIMAN L.Random Forests[J].Machine Learning,2001,45:5-32.
  • 2VAPNIK V.The Nature of Statistical Learning Theory[M].New York:Springer-Verlag,1995.
  • 3FRANK A,ASUNCION A.UCI Machine Learning Repository[DB/OL].http://archive.ics.uci.edu/ml.
  • 4LIAW A,WIENER M.RandomForest:Breiman and Cut-ler's random forests for classification and regression[CP/OL].http://CRAN.R-project.org/package=randomForest.
  • 5EVGENIA D,KURT H,FRIEDRICH L,et al.E1071:Misc Functions of the Department of Statistics[CP/OL].http://CRAN.R-project.org/package=e1071.
  • 6CHANG C C,LIN C J.LIBSVM:A Library for Support Vector Machines[J].ACM Transactions on Intelligent Sys-tems and Technology,2011,2(3):27:1-27:27.
  • 7KEERTHI S S,LIN C J.Asymptotic Behaviors of Support Vector Machines with Gaussian Kernel[J].Neural Computa-tion,2003,15(7):1667-1689.
  • 8LIN H T,LIN C J.A Study on Sigmoid Kernels for SVM and the Training of non-PSD Kernels by SMO-type Methods[R].Department of Computer Science,National Taiwan University,2003.
  • 9MENKE J,MARTINEZ T R.Using Permutations Instead of Student’s t Distribution for p-values in Paired-Differ-ence Algorithm Comparisons[C].Proceedings of2004IEEE International Joint Conference on Neural Networks2004,2:1331-1335.
  • 10GOOD P I.Permutation Tests:A Practical Guide to Resa-mpling Methods for Testing Hypotheses[M].New York:Springer,2000.

共引文献70

同被引文献29

引证文献3

二级引证文献1

广西师范大学学报(自然科学版)
2020年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部