一种基于改进深度残差收缩网络的恶意应用检测方法

Detection of malicious applications based on improved deep residual shrinkage network

下载PDF

导出

摘要恶意应用的快速增长给移动智能终端带来了巨大的安全威胁,实现恶意应用高精度检测对移动网络信息安全具有重要意义.本文提出一种基于改进深度残差收缩网络的恶意应用检测方法.首先将流量特征预处理成卷积神经网络输入,接着引入通道注意力机制和空间注意力机制,从通道和空间两个维度对样本特征进行加权.然后再引入深度残差收缩网络,自适应滤除样本冗余特征并通过恒等连接优化参数反向传播,减小模型训练和分类的难度,最终实现安卓恶意应用高精度识别.所提方法可避免手工提取特征,能实现高精度分类并且具有一定泛化能力.实验结果表明,所提方法在恶意应用的2分类、4分类和42分类中准确率分别为99.40%、99.95%和97.33%,与现有方法相比,具有较高的分类性能与泛化能力. The rapid growth of malicious applications has posed a security threat to mobile intelligent terminals.It is of great significance to achieve high-precision detection of malicious applications for mobile network information security.Here,this paper proposes a method to detect malicious applications based on improved deep residual shrinkage network.First,the traffic features are preprocessed into convolutional neural network inputs,and then the channel attention mechanism and spatial attention mechanism are introduced to weight the sample features from the channel and spatial dimensions.Then,the deep residual shrinkage network is introduced to adaptively filter out the redundant features of the samples,and the parameters are back propagated through the identical connection optimization,so as to reduce the difficulty of model training and classification,and finally realize the high-precision identification of malicious android applications.The proposed method avoids manual feature extraction,achieves high-precision classification and has certain generalization ability.Experimental results show that the accuracy of the proposed method is 99.40%,99.95%and 97.33%in 2-classification,4-classification and 42-classification of malicious applications,respectively.Compared with the existing methods,the proposed method has better classification performance and generalization ability.

作者许历隆翟江涛林鹏崔永富 XU Lilong;ZHAI Jiangtao;LIN Peng;CUI Yongfu(School of Electronics&Information Engineering,Nanjing University of Information Science&Technology,Nanjing 210044)

机构地区南京信息工程大学电子与信息工程学院

出处《南京信息工程大学学报（自然科学版）》 CAS 北大核心 2022年第3期368-378,共11页 Journal of Nanjing University of Information Science & Technology（Natural Science Edition）

基金国家自然科学基金(U1836104,61772281,61801073,61931004,62072250) 南京信息工程大学人才启动基金(2020r061)。

关键词恶意应用恶意家族深度残差收缩网络信息安全 malicious application malicious families deep residual shrinkage network information security

分类号 TP393 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献2

1柯懂湘,潘丽敏,罗森林,张寒青.基于随机森林算法的Android恶意行为识别与分类方法[J].浙江大学学报（工学版）,2019,53(10):2013-2023. 被引量：12
2秦中元,王志远,吴伏宝,吴颖真,游雁天,徐倩怡.基于多级签名匹配算法的Android恶意应用检测[J].计算机应用研究,2016,33(3):891-895. 被引量：12

二级参考文献15

1Andreas M, Christopher K, Engin K. Limits of static analysis for malware detection[C] //Proc of the 23rd Annual Computer Security Applications Conference. 2007.
2Zheng Min, Sun Mingshen, Lui J C S. DroidAnalytics:a signature based analytic system to collect, extract, analyze and associate android malware[C] //Proc of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. 2013.
3Alazab M, Moonsamy V, Batten L, et al. Analysis of malicious andbenign Android applications[ C ]//Proc of the 32nd International Con- ference on Distributed Computing Systems Workshops. 2012: 608- 616.
4Enck W, Gilbert P, Han S, et al. TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[C] //Proc of the 9th USENIX Symposium on Operating Systems Design and Implementation. 2010.
5Burguera I, Zurutuza U, Nadjm-Tehrani S. CrowDroid:behavior-based malware detection system for Android[C] //Proc of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. 2011.
6Zhou Yajin, Jiang Xuxian. Dissecting Android malware:characterization and evolution[C] //Proc of the 33rd IEEE Symposium on Security and Privacy. 2012.
7Wei Teen, Mao C H, Teng A B, et al. Android malware detection via a latent network behavior analysis[C] //Proc of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. Washington DC:IEEE Computer Society, 2012:1251-1258.
8Comparetti P M, Salvaneschi G, Kirda E, et al. Identifying dormant functionality in malware programs[C] //Proc of the 31st IEEE Symposium on Security and Privacy. 2010:61-76.
9Mamoun A, Sitalakshmi V, Paul W. Towards understanding malware behaviour by the extraction of API calls[C] //Proc of the 2nd Cybercrime and Trustworthy Computing Workshop. 2010.
10Adrienne P, Matthew F, Erika C, et al. A survey of mobile malware in the wild[C] //Proc of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. 2011.

共引文献22

1刘新宇,翁健,张悦,冯丙文,翁嘉思.基于APK签名信息反馈的Android恶意应用检测[J].通信学报,2017,38(5):190-198. 被引量：9
2张珠庭.Android应用安全审核认证系统的设计研究[J].萍乡学院学报,2017,34(6):73-76.
3李秀,陆南,陈洲.基于决策树的Android恶意应用检测方法的研究[J].信息技术,2018,42(5):125-128. 被引量：2
4万晓榆,龙宇,蒋婷.公众参与、政府监管与移动应用安全治理动态演化研究[J].运筹与管理,2018,27(11):50-60. 被引量：15
5李靖平.一种基于权限的安卓恶意软件检测方法[J].西北民族大学学报（自然科学版）,2017,38(2):9-13.
6刘亚姝,王志海,李经纬,赵烜,文伟平.基于卡方检验的Android恶意应用检测方法[J].北京理工大学学报,2019,39(3):290-294. 被引量：6
7苗博,陈子豪,杨本明,殷旭东.基于随机森林的Android恶意代码检测系统[J].信息技术与信息化,2019(12):68-70.
8王澍玮,张林杰,贾哲,屈宏刚.基于网络流量的安卓恶意软件识别[J].无线电工程,2020,50(7):612-618. 被引量：3
9李向军,孔珂,魏智翔,王科选,肖聚鑫.面向Android恶意应用静态检测的特征频数差异增强算法[J].计算机工程与科学,2020,42(6):993-1002.
10王亚洲,王斌.基于深度学习的安卓恶意应用检测[J].计算机工程与设计,2020,41(10):2752-2757. 被引量：5

1梁巍,周策,钟政杰.基于粒子群优化的SDN网络多控制器均衡部署算法[J].自动化与仪器仪表,2022(5):53-56. 被引量：5
2程姣姣,阮祥燕,杜娟,谷牧青.未成熟卵母细胞体外成熟在生育力保护中的应用进展[J].首都医科大学学报,2022,43(3):329-335. 被引量：2

南京信息工程大学学报（自然科学版）

2022年第3期

浏览历史

内容加载中请稍等...

一种基于改进深度残差收缩网络的恶意应用检测方法

参考文献2

二级参考文献15

共引文献22

相关作者

相关机构

相关主题

浏览历史