摘要
现有的安卓恶意应用检测方法所提取的特征冗余且抽象,无法在高级语义上反映恶意应用的行为模式。针对这一问题,提出一种可解释性检测方法,通过社交网络检测算法聚类可疑系统调用组合,将其映射为单通道图像,用卷积神经网络进行分类,并利用卷积层梯度权重类激活映射可视化方法发现最可疑的系统调用组合,从而挖掘理解恶意应用行为。实验结果表明,所提方法在高效检测的基础上,能够正确发现恶意应用的行为模式。
The features extracted by existing malicious Android application detection methods are redundant and too abstract to reflect the behavior patterns of malicious applications in high-level semantics. In order to solve this problem, an interpretable detection method was proposed. Suspicious system call combinations clustering by social network analysis was converted to a single channel image. Convolution neural network was applied to classify Android application. The model trained was used to find the most suspicious system call combinations by convolution layer gradient weight classification activation mapping algorithm, thus mining and understanding malicious application behavior. The experimental results show that the method can correctly discover the behavior patterns of malicious applications on the basis of efficient detection.
作者
张鑫
羌卫中
吴月明
邹德清
金海
ZHANG Xin;QIANG Weizhong;WU Yueming;ZOU Deqing;JIN Hai(School of Cyber Science&Engineering,Huazhong University of Science and Technology,Wuhan 430074,China)
出处
《网络与信息安全学报》
2020年第6期35-44,共10页
Chinese Journal of Network and Information Security
基金
国家自然科学基金(61772221)
国家重点研发计划(2017YFB0802205)。
关键词
安卓
快速检测
卷积神经网络
社交网络分析
Android
rapid detection
convolutional neural network
social network analysis
