通信学报 ›› 2020, Vol. 41 ›› Issue (1): 102-113.doi: 10.11959/j.issn.1000-436x.2020005

• 学术论文 • 上一篇    下一篇

基于值导数GRU的移动恶意软件流量检测方法

周翰逊1,陈晨1,冯润泽1,熊俊坤1,潘宏2,郭薇3()   

  1. 1 辽宁大学信息学院,辽宁 沈阳 110036
    2 辽宁大学数字经济研究院,辽宁 沈阳 110036
    3 沈阳航空航天大学计算机学院,辽宁 沈阳 110135
  • 修回日期:2019-11-13 出版日期:2020-01-25 发布日期:2020-02-11
  • 作者简介:周翰逊(1981- ),男,辽宁沈阳人,博士,辽宁大学副教授、硕士生导师,主要研究方向为网络安全、图像处理、深度学习、恶意代码分析|陈晨(1995- ),女,辽宁鞍山人,辽宁大学硕士生,主要研究方向为网络安全、深度学习、恶意代码分析|冯润泽(1994- ),男,山东临沂人,辽宁大学硕士生,主要研究方向为网络安全、深度学习、恶意代码分析|熊俊坤(1996- ),男,湖北天门人,辽宁大学硕士生,主要研究方向为深度学习、网络安全|潘宏(1979- ),男,辽宁盘锦人,博士,辽宁大学副教授,主要研究方向为数字经济、大数据、区块链、网络安全、深度学习等|郭薇(1983- ),女,辽宁沈阳人,博士,沈阳航空航天大学副教授,主要研究方向为网络安全和图像处理
  • 基金资助:
    国家自然科学基金资助项目(61300233);国家自然科学基金资助项目(61402298);国家自然科学基金资助项目(61472169);国家自然科学基金资助项目(51704138);辽宁省教育厅基金资助项目(JYT19053);辽宁省自然科学基金资助项目(2019-MS-149)

Mobile malware traffic detection approach based on value-derivative GRU

Hanxun ZHOU1,Chen CHEN1,Runze FENG1,Junkun XIONG1,Hong PAN2,Wei GUO3()   

  1. 1 Information Academy,LiaoNing University,Shenyang 110036,China
    2 Digital Economy Academy,LiaoNing University,Shenyang 110036,China
    3 Computer Academy,Shenyang Aerospace University,Shenyang 110135,China
  • Revised:2019-11-13 Online:2020-01-25 Published:2020-02-11
  • Supported by:
    The National Natural Science Foundation of China(61300233);The National Natural Science Foundation of China(61402298);The National Natural Science Foundation of China(61472169);The National Natural Science Foundation of China(51704138);Liaoning Provincial Department of Education Project(JYT19053);The Natural Science Foundation of Liaoning Province(2019-MS-149)

摘要:

针对移动恶意软件数量和种类的急剧增加给移动用户的信息安全带来的巨大挑战,提出了一种基于值导数GRU的移动恶意软件流量检测方法,旨在解决基于RNN的移动恶意软件流量检测方法难以捕获网络异常流量的动态变化和关键信息的问题。值导数 GRU 算法通过引入“累计状态变化”的概念,可以同时描述移动网络恶意流量的低阶和高阶动态变化信息。此外,通过增设池化层使算法可以捕获移动恶意流量的关键信息。最后,通过仿真实验分析累计状态变化、隐藏层和池化层对于值导数GRU算法性能的影响。实验表明,基于值导数GRU的移动恶意软件流量检测方法拥有较高的检测准确率。

关键词: 网络安全, 移动恶意软件, RNN, 值导数GRU, 流量检测

Abstract:

For the dramatic increase in the number and variety of mobile malware had created enormous challenge for information security of mobile network users,a value-derivative GRU-based mobile malware traffic detection approach was proposed in order to solve the problem that it was difficult for a RNN-based mobile malware traffic detection approach to capture the dynamic changes and critical information of abnormal network traffic.The low-order and high-order dynamic change information of the malicious network traffic could be described by the value-derivative GRU approach at the same time by introducing the concept of “accumulated state change”.In addition,a pooling layer could ensure that the algorithm can capture key information of malicious traffic.Finally,simulation were performed to verify the effect of accumulated state changes,hidden layers,and pooling layers on the performance of the value-derivative GRU algorithm.Experiments show that the mobile malware traffic detection approach based on value-derivative GRU has high detection accuracy.

Key words: network security, mobile malware, RNN, value-derivative GRU, traffic detection

中图分类号: 

No Suggested Reading articles found!