网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (6): 35-44.doi: 10.11959/j.issn.2096-109x.2020073

• 专栏:网络应用与防护技术 • 上一篇    下一篇

基于卷积神经网络恶意安卓应用行为模式挖掘

张鑫,羌卫中(),吴月明,邹德清,金海   

  1. 华中科技大学网络空间安全学院,湖北 武汉 430074
  • 修回日期:2020-06-20 出版日期:2020-12-15 发布日期:2020-12-16
  • 作者简介:张鑫(1993- ),男,河南汝州人,华中科技大学硕士生,主要研究方向为恶意软件检测|羌卫中(1977- ),男,江苏南通人,博士,华中科技大学教授、博士生导师,主要研究方向为系统安全及软件安全|吴月明(1993- ),男,湖北洪湖人,华中科技大学博士生,主要研究方向为恶意软件检测、漏洞检测|邹德清(1975- ),男,湖南湘潭人,博士,华中科技大学教授、博士生导师,主要研究方向为软件安全|金海(1966- ),男,上海人,博士,华中科技大学教授、博士生导师,主要研究方向为分布式计算
  • 基金资助:
    国家自然科学基金(61772221);国家重点研发计划(2017YFB0802205)

Mining behavior pattern of mobile malware with convolutional neural network

Xin ZHANG,Weizhong QIANG(),Yueming WU,Deqing ZOU,Hai JIN   

  1. School of Cyber Science &Engineering,Huazhong University of Science and Technology,Wuhan 430074,China
  • Revised:2020-06-20 Online:2020-12-15 Published:2020-12-16
  • Supported by:
    The National Natural Science Foundation of China(61772221);>The National Key Research & Development (R&D) Plan of China(2017YFB0802205)

摘要:

现有的安卓恶意应用检测方法所提取的特征冗余且抽象,无法在高级语义上反映恶意应用的行为模式。针对这一问题,提出一种可解释性检测方法,通过社交网络检测算法聚类可疑系统调用组合,将其映射为单通道图像,用卷积神经网络进行分类,并利用卷积层梯度权重类激活映射可视化方法发现最可疑的系统调用组合,从而挖掘理解恶意应用行为。实验结果表明,所提方法在高效检测的基础上,能够正确发现恶意应用的行为模式。

关键词: 安卓, 快速检测, 卷积神经网络, 社交网络分析

Abstract:

The features extracted by existing malicious Android application detection methods are redundant and too abstract to reflect the behavior patterns of malicious applications in high-level semantics.In order to solve this problem,an interpretable detection method was proposed.Suspicious system call combinations clustering by social network analysis was converted to a single channel image.Convolution neural network was applied to classify Android application.The model trained was used to find the most suspicious system call combinations by convolution layer gradient weight classification activation mapping algorithm,thus mining and understanding malicious application behavior.The experimental results show that the method can correctly discover the behavior patterns of malicious applications on the basis of efficient detection.

Key words: Android, rapid detection, convolutional neural network, social network analysis

中图分类号: