基于值导数GRU的移动恶意软件流量检测方法

doi:10.11959/j.issn.1000-436x.2020005

Abstract

Abstract:

For the dramatic increase in the number and variety of mobile malware had created enormous challenge for information security of mobile network users,a value-derivative GRU-based mobile malware traffic detection approach was proposed in order to solve the problem that it was difficult for a RNN-based mobile malware traffic detection approach to capture the dynamic changes and critical information of abnormal network traffic.The low-order and high-order dynamic change information of the malicious network traffic could be described by the value-derivative GRU approach at the same time by introducing the concept of “accumulated state change”.In addition,a pooling layer could ensure that the algorithm can capture key information of malicious traffic.Finally,simulation were performed to verify the effect of accumulated state changes,hidden layers,and pooling layers on the performance of the value-derivative GRU algorithm.Experiments show that the mobile malware traffic detection approach based on value-derivative GRU has high detection accuracy.

Key words: network security, mobile malware, RNN, value-derivative GRU, traffic detection

CLC Number:

TP393.4

Hanxun ZHOU,Chen CHEN,Runze FENG,Junkun XIONG,Hong PAN,Wei GUO. Mobile malware traffic detection approach based on value-derivative GRU[J]. Journal on Communications, 2020, 41(1): 102-113.

Figures/Tables 13

References 18

[1]	HE D , CHAN S , GUIZANI M . Mobile application security:malware threats and defenses[J]. IEEE Wireless Communications, 2015,22(1): 138-144.
[2]	冯勇, 张丽颖, 顾兆旭 ,等. 面向高校多源异构数据环境的元数据集成方法[J]. 辽宁大学学报(自然科学版), 2019,46(2): 135-141.
	FENG Y , ZHANG L Y , GU Z X ,et al. A metadata integration method for multi-source heterogeneous data environment in universities[J]. Journal of Liaoning University:Natural Science, 2019,46(2): 135-141.
[3]	SAYYAR S , . Enhanced TWOACK based AODV protocol for intrusion detection system[C]// International Conference on Computing,Mathematics and Engineering Technologies. 2018: 1-4.
[4]	MIMURA M , TANAKA H . Long-term performance of a generic intrusion detection method using Doc2vec[C]// 2017 Fifth International Symposium on Computing and Networking (CANDAR). 2017: 456-462.
[5]	KHATRI V , ABENDROTH J . Mobile guard demo:network based malware detection[C]// IEEE International Conference on Trust,Security and Privacy in Computing and Communications. 2015: 1177-1179.
[6]	ADEEL M , TOKARCHUK L N . Analysis of mobile P2P malware detection framework through cabir ＆ commwarrior families[C]// IEEE Third International Conference on Privacy,Security,Risk and Trust. 2011: 1335-1343.
[7]	MOGHADDAM S H , . Sensitivity analysis of static features for Android malware detection[C]// 22nd Iranian Conference on Electrical Engineering. 2014: 920-924.
[8]	TRIPP O , PISTOIA M , FERRARA P ,et al. Pinpointing mobile malware using code analysis[C]// IEEE/ACM International Conference on Software Engineering and Systems. 2016: 275-276.
[9]	NGUYEN TRI-HAI , YOO M . A behavior-based mobile malware detection model in software-defined networking[C]// International Conference on Information Science and Communications Technologies. 2017: 1-3.
[10]	LI D F , WANG Z G , XUE Y B . Fine-grained Android malware detection based on deep learning[C]// IEEE Conference on Communications and Network Security. 2018: 1-2.
[11]	YUAN Z L , LU Y Q , XUE Y B . Droiddetector:Android malware characterization and detection using deep learning[J]. Tsinghua Science and Technology, 2016,22(1): 114-123.
[12]	KIM T G , KANG B J , RHO M ,et al. A multimodal deep learning method for Android malware detection using various features[J]. IEEE Transactions on Information Forensics and Security, 2019,14(3): 773-788.
[13]	SU X , ZHANG D F , LI W J ,et al. A deep learning approach to Android malware feature learning and detection[C]// IEEE International Conference on Trust,Security and Privacy in Computing and Communications. 2016: 244-251.
[14]	CHEN Z X , YAN Q B , HAN H B . Machine learning based mobile malware detection using highly imbalanced network traffic[C]// IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing. 2017: 588-595.
[15]	ZHANG L , FAN X P . A fusion financial prediction strategy based on RNN and representative pattern discovery[C]// International Conference on Parallel and Distributed Computing,Applications and Technologies. 2017: 92-97.
[16]	BENGIO Y . Learning long-term dependencies with gradient descent is difficult[J]. IEEE Transactions on Neural Networks, 2002,5(2): 157-166.
[17]	BEAUFAYS S S . Long short-term memory recurrent neural network architectures for large scale acoustic modeling[J]. Computer Science, 2014,15(3): 338-342.
[18]	CHO K , MERRIENBOER VAN B , GULCEHRE C . Learning phrase representations using RNN encoder-decoder for statistical machine translation[J]. Computer Science, 2014,12(1): 236-248.

Metrics

Recommended 0

No Suggested Reading articles found!

算法	验证集	测试集
RNN	87.17%	86.14%
LSTM	91.21 %	91.23%
GRU	91.17%	91.12%
值导数GRU(一阶)	95.47%	95.46%
值导数GRU(二阶)	95.78%	95.91%
值导数GRU(三阶)	96.79%	96.89%

算法	验证集	测试集
RNN	81.23%	79.51%
LSTM	—	90.70%
GRU	—	90.07%
值导数GRU(一阶)	96.64%	94.26%
值导数GRU(二阶)	96.83%	95.74%
值导数GRU(三阶)	96.87%	96.03%

算法	验证集	测试集
RNN	87.17%	86.14%
LSTM	91.21%	91.23%
GRU	91.17%	91.12%
值导数GRU(一层)	95.47%	95.46%
值导数GRU(三层)	96.50%	96.53%
值导数GRU(五层)	96.55%	96.62%

算法	验证集	测试集
RNN	81.23%	79.51%
LSTM	—	90.70%
GRU	—	90.07%
值导数GRU(一层)	96.64%	94.26%
值导数GRU(三层)	97.84%	95.76%
值导数GRU(五层)	98.20%	96.13%

算法	验证集	测试集
RNN	87.17%	86.14%
LSTM	91.21%	91.23%
GRU	91.17%	91.12%
值导数GRU(无池化层)	95.47%	95.46%
值导数GRU(有池化层)	95.13%	94.28%

Mobile malware traffic detection approach based on value-derivative GRU

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 13

References 18

Related Articles 15

Metrics

Recommended 0

算法RNN	验证集	测试集
算法RNN	81.23%	79.51%
LSTM	—	90.70%
GRU	—	90.07%
值导数GRU(三阶)	96.87%	96.03%
值导数GRU(五层)	98.02%	96.13%
值导数GRU(有池化层)	96.65%	95.34%
值导数GRU(无池化层)	96.64%	94.26%
值导数GRU(三阶，五层，有池化层)	96.98%	96.38%
值导数GRU(三阶，五层，无池化层)	96.90%	96.14%

[1]	Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56.
[2]	Qianyi DAI, Bin ZHANG, Song GUO, Kaiyong XU. Blockchain network layer anomaly traffic detection method based on multiple classifier integration [J]. Journal on Communications, 2023, 44(3): 66-80.
[3]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[4]	Hongbin ZHANG, Yan YIN, Dongmei ZHAO, Bin LIU. Network security situational awareness model based on threat intelligence [J]. Journal on Communications, 2021, 42(6): 182-194.
[5]	Wengang MA, Yadong ZHANG, Jin GUO. Abnormal traffic detection method based on LSTM and improved residual neural network optimization [J]. Journal on Communications, 2021, 42(5): 23-40.
[6]	Tengfei ZHANG, Shunzheng YU. Research prospects of user information detection from encrypted traffic of mobile devices [J]. Journal on Communications, 2021, 42(2): 154-167.
[7]	Xu CHENG, Yingying WANG, Nianjie ZHANG, Zhangjie FU, Beijing CHEN, Guoying ZHAO. Multi-level loss object tracking adversarial attack method based on spatial perception [J]. Journal on Communications, 2021, 42(11): 242-254.
[8]	Tao HUANG, Jiang LIU, Shuo WANG, Chen ZHANG, Yunjie LIU. Survey of the future network technology and trend [J]. Journal on Communications, 2021, 42(1): 130-150.
[9]	Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph [J]. Journal on Communications, 2020, 41(9): 160-169.
[10]	Tieming CHEN,Chengqiang JIN,Mingqi LYU,Tiantian ZHU. Intelligent detection method on network malicious traffic based on sample enhancement [J]. Journal on Communications, 2020, 41(6): 128-138.
[11]	Zhu XIAO, Xin QIAN, Hongbo JIANG, Chenglin CAI, Fanzi ZENG. Bidirectional RNN-based private car trajectory reconstruction algorithm [J]. Journal on Communications, 2020, 41(12): 171-181.
[12]	JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game [J]. Journal on Communications, 2019, 40(6): 128-137.
[13]	Zhiyong LUO, Xu YANG, Guanglu SUN, Zhiqiang XIE, Jiahui LIU. Finite automaton intrusion tolerance system model based on Markov [J]. Journal on Communications, 2019, 40(10): 79-89.
[14]	Shirui HUANG,Hengwei ZHANG,Jindong WANG,Ruiyu DOU. Network security threat warning method based on qualitative differential game [J]. Journal on Communications, 2018, 39(8): 29-36.
[15]	Xiaodong ZANG,Jian GONG,Xiaoyan HU. Detecting malicious domain names based on AGD [J]. Journal on Communications, 2018, 39(7): 15-25.