摘要
安卓恶意软件的爆发式增长对恶意软件检测方法提出了更高效、准确的要求.早年的检测方法主要是基于权限、opcode序列等特征,然而这些方法并未充分挖掘程序的结构信息.基于API调用图的方法是目前主流方法之一,它重在捕获结构信息,可准确地预测应用程序可能的行为.本文提出一种基于图注意力网络的安卓恶意软件检测方法,该方法通过静态分析构建API调用图来初步表征APK,然后引入SDNE图嵌入算法从API调用图中学习结构特征和内容特征,再通过注意力网络充分融合邻居节点特征向量,进而构成图嵌入进行检测任务.在AMD数据集上的实验结果表明,本文提出的方法可以有效检测恶意软件,准确率为97.87%,F分数为97.40%.
The explosive growth of Android malware has put forward more efficient and accurate requirements for malware detection methods. In the early years, detection methods were mainly based on features such as permissions and opcode sequences. However, these methods did not fully mine the structural information of programs. The method based on API call graph is one of the mainstream methods. It focuses on capturing structural information and can accurately predict the possible behavior of the application. This paper proposes an Android malware detection method based on graph attention network. The method constructs an API call graph through static analysis to initially characterize the APK, and then introduces the SDNE graph embedding algorithm to learn structural and content features from the API call graph. The attention network fully fuses the neighbor node feature vectors, and then forms the graph embedding for the detection task. The experimental results on the AMD dataset show that the proposed method can effectively detect malware with an accuracy of 97.87% and an Fscore of 97.40%.
作者
岳子巍
方勇
张磊
YUE Zi-Wei;FANG Yong;ZHANG Lei(School of Cyber Science and Engineering,Sichuan University,Chengdu 610065,China)
出处
《四川大学学报(自然科学版)》
CAS
CSCD
北大核心
2022年第5期82-89,共8页
Journal of Sichuan University(Natural Science Edition)
