摘要
针对Android恶意软件检测特征选择中,对类间具有相同频率分布的特征过度关注而导致特征冗余问题,提出了一种Android恶意软件检测低冗余特征选择方法。利用Mann-Whitney检验方法选择出存在频率分布偏差的特征;通过外观比率间隔算法量化偏差程度和特征出现频率剔除低偏差和整体软件中低频使用的特征;结合粒子群优化算法和分类器检测效果得到最优特征子集。使用公开数据集DREBIN和AMD进行实验,实验结果显示,在AMD数据集上选择出了294维特征,进行特征选择后6种分类器的检测准确率提高了1%~5%,在DREBIN数据集上选择出了295维特征,少于4种对比方法,且进行特征选择后6种分类器的检测准确率提高了1.7%~5%。实验结果表明,所提方法能够降低Android恶意软件检测中特征的冗余性,提升恶意软件的检测准确率。
A low redundancy feature selection method for Android malware detection is proposed to solve the problem of feature redundancy caused by excessive attention to features with the same frequency distribution between classes.First,the method selects features with frequency distribution bias by Mann-Whitney test,and then quantifies the degree of bias and feature appearance frequency by the appearance ratio interval algorithm to reject features with low bias and low use frequency in the overall software.Finally,the particle swarm optimization algorithm is combined with model detection effect to obtain the optimal feature subset.Experiments were conducted using public datasets DREBIN and AMD.The experimental results show that 294-dimensional features were selected on the AMD dataset,and the detection accuracy of the six classifiers is improved by 1%-5%,295-dimensional features were selected on the DREBIN dataset less than 4 comparison methods,and the detection accuracy of the six classifiers is improved by 1.7%-5%.The experimental results illustrate that the proposed method can reduce the redundancy of features in Android malware detection and improve the malware detection accuracy.
作者
郝靖伟
潘丽敏
李蕊
杨鹏
罗森林
HAO Jingwei;PAN Limin;LI Rui;YANG Peng;LUO Senlin(School of Information and Electronics,Beijing Institute of Technology,Beijing 100081,China;National Computer Network Emergency Response Technical Team/Coordination Center of China,Beijing 100029,China)
出处
《北京航空航天大学学报》
EI
CAS
CSCD
北大核心
2022年第2期225-232,共8页
Journal of Beijing University of Aeronautics and Astronautics
基金
国家242信息安全计划(2019A012)
工信部2020年信息安全软件项目(CEIEC-2020-ZM02-0134)。