摘要
函数调用图存在规模过大、无关信息过多等缺陷。为实现函数调用图的高效分析,对安卓恶意软件的恶意代码模式进行挖掘,提出一种基于图卷积神经网络(GCN)的敏感API调用模式,并设计相应的函数调用图精简方法,以及敏感API权重评价方法,有效降低了函数调用图规模,实现对敏感API调用模式的挖掘。检测模型综合了安卓恶意软件操作码特征、敏感权限特征、敏感函数调用频度特征,构建了基于多特征融合的安卓恶意软件检测系统,进一步提升了检测精度。数据集测试验证了API调用模式特征以及集成检测模型的有效性。
The function call graph(FCG)of the APK is too large and carries redundant information.To achieve efficient analysis of the FCG,and represent the calling mode of sensitive APIs,we propose a sensitive API call mode feature.A function call graph reduction method and a sensitive API weight evaluation method are proposed,which effectively reduces the size of the FCG and realizes the mining of the calling mode of the sensitive API.Besides,opcode frequency feature,sensitive permission feature and API frequency feature are introduced for further detection model improvement.Experiment results show that the API call model feature and integrated detection model are effective.
作者
张雪涛
王金双
孙蒙
ZHANG Xue-tao;WANG Jin-shuang;SUN Meng(Command&Control Engineering College,Army Engineering University of PLA,Nanjing 210007,China)
出处
《软件导刊》
2020年第7期187-193,共7页
Software Guide
关键词
图嵌入
图卷积神经网络
恶意软件检测
多特征
graph embedding
graph convolutional networks
malware detection
multi-feature
