摘要
传统机器学习在恶意软件分析上需要复杂的特征工程,不适用于大规模的恶意软件分析。为提高在Android恶意软件上的检测效率,将Android恶意软件字节码文件映射成灰阶图像,综合利用深度可分离卷积(depthwise separable convolution,DSC)和注意力机制提出基于全局注意力模块(GCBAM)的Android恶意软件分类模型。从APK文件中提取字节码文件,将字节码文件转换为对应的灰阶图像,通过构建基于GCBAM的分类模型对图像数据集进行训练,使其具有Android恶意软件分类能力。实验表明,该模型对Android恶意软件家族能有效分类,在获取的7630个样本上,分类准确率达到98.91%,相比机器学习算法在准确率、召回率等均具有较优效果。
Traditional machine learning requires complex feature engineering in malware analysis,which is not suitable for large-scale malware analysis.For this reason,this paper used the visualization method to deal with the malware to improve the detection efficiency on Android malware.Thus,this paper proposed an Android malware classification model based on global attention module(GCBAM)which combined depthwise separable convolution(DSC)and attention mechanism.It extracted bytecode files from APK files and converted bytecode files into corresponding grayscale images,and trained image datasets by constructing a classification model based on GCBAM to make the module have Android malware classification capabilities.Experiments show that the model can effectively classify Android malware families.On the obtained 7630 samples,the classification accuracy rate reaches 98.91%,which is superior to machine learning algorithms in terms of accuracy and recall.
作者
褚堃
万良
马丹
张志宁
Chu Kun;Wan Liang;Ma Dan;Zhang Zhining(College of Computer Science&Technology,Guizhou University,Guiyang 550025,China;Institute of Computer Theory&Software,Guizhou University,Guiyang 550025,China)
出处
《计算机应用研究》
CSCD
北大核心
2022年第5期1534-1540,共7页
Application Research of Computers
基金
国家自然科学基金资助项目(62062020)。
