网络与信息安全学报 ›› 2019, Vol. 5 ›› Issue (6): 85-94.doi: 10.11959/j.issn.2096-109x.2019064

• 学术论文 • 上一篇    下一篇

基于操作码的安卓恶意代码多粒度快速检测方法

张雪涛,孙蒙,王金双()   

  1. 陆军工程大学指挥控制工程学院,江苏 南京210001
  • 修回日期:2019-06-14 出版日期:2019-12-15 发布日期:2019-12-14
  • 作者简介:张雪涛(1995- ),男,河北保定人,硕士,主要研究方向为网络安全以及恶意软件检测|孙蒙(1984- ),男,山东齐河人,博士,陆军工程大学副教授,主要研究方向为人工智能和网络安全|王金双(1978- ),男,黑龙江佳木斯人,博士,陆军工程大学副教授,主要研究方向为系统安全,机器定理证明

Multi-granularity Android malware fast detection based on opcode

Xuetao ZHANG,Meng SUN,Jinshuang WANG()   

  1. Institute of Command Control Engineering,Army Engineering University,Nanjing 210001,China
  • Revised:2019-06-14 Online:2019-12-15 Published:2019-12-14

摘要:

基于操作码的检测方式被广泛用于安卓恶意软件检测中,但存在特征提取方法复杂、效率低等问题。针对此类问题,提出一种基于操作码的安卓恶意软件多粒度快速检测方法,其中多粒度指以词袋模型为基础、函数为基本单位提取特征,通过逐级聚合特征获得 APK 多层级信息,通过对数长度表征函数规模;并基于Dalvik指令集中操作码语义上的相似性对其进行压缩映射以提升效率,构建相应分类模型。测试表明所提方法在性能和效率上均有明显优势。

关键词: 操作码, 压缩映射, 多粒度, 快速检测, 卷积神经网络

Abstract:

The detection method based on opcode is widely used in Android malware detection,but it still contains some problems such as complex feature extraction method and low efficiency.In order to solve these problems,a multi-granularity fast detection method based on opcode for Android malware was proposed.Multi-granularity refers to the feature based on the bag of words model,and with the function as basic unit to extract features.By step-by-level aggregation feature,the APK multi-level information is obtained.The log length characterizes the scale of the function.And feature can be compressed and mapped to improve the efficiency and construct the corresponding classification model based on the semantic similarity of the Dalvik instruction set.Tests show that the proposed method has obvious advantages in performance and efficiency.

Key words: opcode, compression map, multi-granularity, rapid detection, convolutional neural networks

中图分类号: 

No Suggested Reading articles found!