[1]陈 非,曹晓梅,王少辉.基于特征图像生成的 Android 恶意软件检测方法[J].计算机技术与发展,2023,33(06):125-132.[doi:10. 3969 / j. issn. 1673-629X. 2023. 06. 019]
 CHEN Fei,CAO Xiao-mei,WANG Shao-hui.Android Malware Detection Method Based on Feature Image Generation[J].,2023,33(06):125-132.[doi:10. 3969 / j. issn. 1673-629X. 2023. 06. 019]
点击复制

基于特征图像生成的 Android 恶意软件检测方法()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
33
期数:
2023年06期
页码:
125-132
栏目:
网络空间安全
出版日期:
2023-06-10

文章信息/Info

Title:
Android Malware Detection Method Based on Feature Image Generation
文章编号:
1673-629X(2023)06-0125-08
作者:
陈 非曹晓梅王少辉
南京邮电大学 计算机学院、软件学院、网络空间安全学院,江苏 南京 210003
Author(s):
CHEN FeiCAO Xiao-meiWANG Shao-hui
School of Computer,Nanjing University of Posts and Telecommunications,Nanjing 210003,China
关键词:
Android 恶意软件FPGrowth降噪自编码器特征图像BaggingCNN
Keywords:
Android malwareFPGrowthdenoising autoencoderfeature imageBaggingCNN
分类号:
TP311. 5
DOI:
10. 3969 / j. issn. 1673-629X. 2023. 06. 019
摘要:
目前的传统机器学习方法在 Android 恶意软件检测上存在特征分布不平衡、检测准确率偏低的问题。 针对于此,该文提出一种基于特征图像生成的 Android 恶意软件检测方法。 该方法首先采用特征匹配的方法提取 APK 文件的权限、API、操作码作为特征,并使用改进的 FPGrowth 算法挖掘各特征的频繁特征项集,以获取有效特征;再利用降噪自编码器(DAE) 抽取特征信息和转换特征向量维度,将各特征对应的特征向量转换成单通道图像并在通道维度进行拼接,生成RGB 特征图像用于训练和分类;最后构建 BaggingCNN 分类算法,其集成了多个不同的卷积神经网络( CNN) 算法,这些算法均在采用 Bootstrap 抽样构造的多个子训练集上进行训练,得到若干个子分类器,这些子分类器将用来对表示 APK 文件的特征图像进行检测,并采取多数投票机制得到最终的检测结果。 实验结果表明,该方法生成的特征图像具有较好的表征能力,有利于分类算法的收敛和准确度的提升;其检测准确率达到 98. 21% ,可以有效地检测 Android 恶意软件。
Abstract:
The current traditional machine learning methods have the problems of unbalanced feature distribution and low detectionaccuracy in Android malware detection. To address this, we propose an Android malware detection method based on feature imagegeneration. The method first uses feature matching to extract the permissions,APIs,and opcodes of APK files as features,and uses theimproved FPGrowth algorithm to mine the set of frequent feature items of each feature to obtain effective features. Then,denoising autoencoder ( DAE) is used to extract feature information and convert feature vector dimensions. The feature vectors corresponding to eachfeature are converted into single-channel images and splicing them in channel dimensions to generate RGB feature images for training andclassification. Finally,the BaggingCNN classification algorithm is constructed, which integrates several different convolutional neuralnetwork
?( CNN) algorithms. These algorithms are trained on multiple sub - training sets constructed by Bootstrap sampling to obtainseveral sub-classifiers. These sub-classifiers will be used to detect the feature images representing APK files,and the majority votingmechanism is adopted to get the final detection result. The experimental results show that the feature images generated by the proposedmethod have better characterization ability, which is conducive to the convergence and accuracy of the classification algorithm. Itsdetection accuracy reaches 98. 21% ,which can effectively detect Android malware.
更新日期/Last Update: 2023-06-10