信息网络安全 ›› 2022, Vol. 22 ›› Issue (10): 1-7.doi: 10.3969/j.issn.1671-1122.2022.10.001
收稿日期:
2022-09-07
出版日期:
2022-10-10
发布日期:
2022-11-15
通讯作者:
金波
E-mail:jinbo@gass.cn
作者简介:
仝鑫(1995—),男,河南,博士研究生,主要研究方向为网络空间安全和自然语言处理|金波(1972—),男,上海,研究员,博士,主要研究方向为网络空间安全|王靖亚(1966—),女,北京,教授,硕士,主要研究方向为深度学习和人工智能安全|杨莹(1981—),女,河南,副研究员,博士,主要研究方向为网络空间安全和数据安全
基金资助:
TONG Xin1, JIN Bo1,2(), WANG Jingya1, YANG Ying2
Received:
2022-09-07
Online:
2022-10-10
Published:
2022-11-15
Contact:
JIN Bo
E-mail:jinbo@gass.cn
摘要:
近年来,针对Android平台的恶意软件急剧增加,给反恶意软件领域带来了巨大挑战。尽管目前基于机器学习的检测方法为弥补传统检测技术的不足提供了新方向,但这些检测方法往往是基于单个模型或组合的相似模型构建的,很难从多个视角提取不同层次的语义信息,最终限制了检测效果。针对这一问题,文章提出了一种基于多视角多任务学习的Android恶意软件检测模型。首先,系统调用信息被输入梯度提升树模型以挖掘频次视角信息,然后调用信息还会被转化为灰度图并输入到基于视觉图神经网络、卷积神经网络的学习器以学习共现和关联特征。最后,文章还引入了基于层次标签的多任务学习方法完成模型训练,实现了针对Android恶意软件的多视角特征提取和分析。在来自UNB的细粒度公开数据集上的实验结果表明,该方法总体上优于传统基于单视角的检测方法,具备较好的准确率和可靠性。
中图分类号:
仝鑫, 金波, 王靖亚, 杨莹. 一种面向Android恶意软件的多视角多任务学习检测方法[J]. 信息网络安全, 2022, 22(10): 1-7.
TONG Xin, JIN Bo, WANG Jingya, YANG Ying. A Multi-View and Multi-Task Learning Detection Method for Android Malware[J]. Netinfo Security, 2022, 22(10): 1-7.
表1
实验结果
方法 | 模型 | Accuracy | Precision | Recall | F1 Score |
---|---|---|---|---|---|
机器学习方法 | NB | 64.15 | 69.99 | 64.15 | 62.21 |
DT | 90.05 | 89.95 | 90.05 | 89.96 | |
RF | 91.30 | 91.33 | 91.30 | 91.26 | |
SVM | 67.85 | 67.43 | 67.85 | 66.56 | |
KNN | 83.05 | 82.93 | 83.05 | 82.77 | |
LightGBM | 92.10 | 92.09 | 92.10 | 92.06 | |
深度学习方法 | VGG 11 | 88.10 | 88.02 | 88.10 | 88.01 |
VGG 13 | 86.00 | 86.28 | 86.00 | 86.06 | |
ResNet18 | 85.65 | 86.33 | 85.65 | 85.68 | |
ResNet34 | 88.65 | 88.63 | 88.65 | 88.62 | |
ResNet50 | 86.15 | 86.94 | 86.15 | 86.21 | |
DenseNet121 | 85.75 | 85.78 | 85.75 | 85.75 | |
ResNext50 | 87.65 | 88.32 | 87.65 | 87.82 | |
ShuffleNet v2 | 80.55 | 81.02 | 80.55 | 80.66 | |
MobileNet v2 | 85.50 | 86.20 | 85.50 | 85.69 | |
ViG | 88.90 | 89.13 | 88.90 | 88.96 | |
MVMTM(ours) | 93.70 | 93.73 | 93.70 | 93.69 |
表2
消融实验结果
组件 | 细节 | Accuracy | Precision | Recall | F1 Score |
---|---|---|---|---|---|
MVMTM | 93.70 | 93.73 | 93.70 | 93.69 | |
多视角 | LightGBM+ResNet | 0.15↓ | 0.16↓ | 0.15↓ | 0.17↓ |
LightGBM+ViG | 0.70↓ | 0.72↓ | 0.70↓ | 0.71↓ | |
ResNet+ViG | 3.35↓ | 3.19↓ | 3.35↓ | 3.30↓ | |
多任务 | 二分类辅助标签 | 0.35↓ | 0.35↓ | 0.35↓ | 0.35↓ |
无辅助标签 | 0.65↓ | 0.68↓ | 0.65↓ | 0.67↓ | |
固定θ | 0.1 | 0.20↓ | 0.20↓ | 0.20↓ | 0.21↓ |
0.2 | 0.75↓ | 0.77↓ | 0.75↓ | 0.76↓ |
[1] | JIN Bo, WU Songyang, XIONG Xiong, et al. Research on Digital Forensics of Smart Devices[J]. Journal of Cyber Security, 2016, 1(3): 37-51. |
金波, 吴松洋, 熊雄, 等. 新型智能终端取证技术研究[J]. 信息安全学报, 2016, 1(3): 37-51. | |
[2] | ENCK W, ONGTANG M, MCDANIEL P. On Lightweight Mobile Phone Application Certification[C]// ACM.Proceedings of the 16th ACM Conference on Computer and Communications Security. New York Illinois: ACM, 2009: 235-245. |
[3] | ENCK W, GILBERT P, HAN S, et al. Taintdroid: An information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones[J]. ACM Transactions on Computer Systems (TOCS), 2014, 32(2): 1-29. |
[4] | ARZT S, RASTHOFER S, FRITZ C, et al. Flowdroid: Precise Context, Flow, Field, Object-Sensitive and Lifecycle-Aware Taint Analysis for android Apps[J]. Acm Sigplan Notices, 2014, 49(6): 259-269. |
[5] | ZHANG Chaoqin, HU Guangwu, WANG Zhenlong, et al. A Novel SVM-Based Detection Method for Android Malware[J]. Computer Applications and Software, 2018, 35(10): 292-298. |
张超钦, 胡光武, 王振龙, 等. 一种基于支持向量机的安卓恶意软件新型检测方法[J]. 计算机应用与软件, 2018, 35(10): 292-298. | |
[6] | QU Jun, GU Liujun. Research on Android Malware Detection Based on Naive Bayes[J]. Netinfo Security, 2020(S1): 27-30. |
瞿俊, 顾刘军. 基于朴素贝叶斯的安卓恶意软件检测研究[J]. 信息网络安全, 2020(S1): 27-30. | |
[7] | LI Jianghua, QIU Chen. Android Malware Detection Method Based on Meta-Information[J]. Application Research of Computers, 2019, 36(10): 3058-3062. |
李江华, 邱晨. 一种基于元信息的Android恶意软件检测方法[J]. 计算机应用研究, 2019, 36(10): 3058-3062. | |
[8] | ZHU Huijuan, JIANG Tonghai, MA Bo, et al. HEMD: A Highly Efficient Random Forest-Based Malware Detection Framework for Android[J]. Neural Computing and Applications, 2018, 30(11): 3353-3361. |
[9] | XIONG Jian, QIN Renchao, HE Mengyi, et al. Application of Improved Random Forest Algorithm in Android Malware Detection[J]. Computer Engineering and Applications, 2021, 57(3): 130-136. |
熊健, 覃仁超, 何梦乙, 等. 改进随机森林在Android恶意软件检测中的应用[J]. 计算机工程与应用, 2021, 57(3): 130-136. | |
[10] | ZHAO Yuxin, NURBOL, AI Zhuang. Android Malware Detection Based on Ensemble Learning Voting Algorithm[J]. Computer Engineering and Applications, 2020, 56(22): 74-82. |
赵宇鑫, 努尔布力, 艾壮. 基于集成学习投票算法的Android恶意应用检测[J]. 计算机工程与应用, 2020, 56(22): 74-82. | |
[11] | GAO Yangchen, FANG Yong, LIU Liang, et al. Android Malware Detection Technology Based on Deep Convolutional Neural Network[J]. Journal of Sichuan University (Natural Science Edition), 2020, 57(4): 673-680. |
高杨晨, 方勇, 刘亮, 等. 基于卷积神经网络的Android恶意软件检测技术研究[J]. 四川大学学报(自然科学版), 2020, 57(4): 673-680. | |
[12] | VINAYAKUMAR R, SOMAN K P, POORNACHANDRAN P, et al. Detecting Android Malware Using Long Short-Term Memory (LSTM)[J]. Journal of Intelligent & Fuzzy Systems, 2018, 34(3): 1277-1288. |
[13] | YUE Ziwei, FANG Yong, ZHANG Lei. Android Malware Detection Based on Graph Attention Networks[J]. Journal of Sichuan University (Natural Science Edition), 2022, 59(5): 88-95. |
岳子巍, 方勇, 张磊. 基于图注意力网络的安卓恶意软件检测[J]. 四川大学学报(自然科学版), 2022, 59(5): 88-95. | |
[14] | WANG Wei, ZHAO Mengxue, WANG Jigang. Effective Android Malware Detection with a Hybrid Model Based on Deep Autoencoder and Convolutional Neural Network[J]. Journal of Ambient Intelligence and Humanized Computing, 2019, 10(8): 3035-3043. |
[15] | RENJITH G, LAUDANNA S, AJI S, et al. GANG-MAM: GAN Based enGine for Modifying Android Malware[EB/OL]. (2022-02-17)[2022-07-06]. https://www.softxjournal.com/article/S2352-7110(22)00003-6/fulltext. |
[16] | HAN Kai, WANG Yunhe, GUO Jianyuan, et al. Vision GNN: An Image is Worth Graph of Nodes[EB/OL]. (2022-07-05)[2022-09-03]. https://arxiv.org/abs/2206.00272. |
[17] | HE Kaiming, ZHANG Xiangyu, REN Shaoqing, et al. Deep Residual Learning for Image Recognition[C]// IEEE.Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. New York: IEEE, 2016: 770-778. |
[18] | KE Guolin, MENG Qi, FINLEY T, et al. LightGBM: A Highly Efficient Gradient Boosting Decision Tree[C]// NIPS. Proceedings of the 31st International Conference on Neural Information Processing Systems. West Chester: Curran Associates, 2017: 3147-3155. |
[19] | MAHDAVIFAR S, ALHADIDI D, GHORBANi A. Effective and Efficient Hybrid Android Malware Classification Using Pseudo-Label Stacked Auto-Encoder[J]. Journal of Network and Systems Management, 2022, 30(1): 1-34. |
[20] | DOSOVITSKIY A, BEYER L, KOLESNIKOV A, et al. An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale[EB/OL]. (2021-06-03)[2022-07-06]. https://arxiv.org/abs/2010.11929. |
[21] | SIMONYAN K, ZISSERMAN A. Very Deep Convolutional Networks for Large-Scale Image Recognition[EB/OL]. (2015-04-10) [2022-07-06]. https://arxiv.org/abs/1409.1556. |
[22] | HUANG Gao, LIU Zhuang, MAATEN L, et al. Densely Connected Convolutional Networks[C]// IEEE. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. New York: IEEE, 2017: 4700-4708. |
[23] | SANDLER M, HOWARD A, ZHU M, et al. Mobilenetv2: Inverted Residuals and Linear Bottlenecks[C]// IEEE. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. New York: IEEE Computer Society, 2018: 4510-4520. |
[24] | ZHANG Xiangyu, ZHOU Xinyu, LIN Mengxiao, et al. Shufflenet: An Extremely Efficient Convolutional Neural Network for Mobile Devices[C]// IEEE. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. New York: IEEE, 2018: 6848-6856. |
[25] | XIE Saining, GIRSHICK R, DOLLÁR P, et al. Aggregated Residual Transformations for Deep Neural Networks[C]// IEEE. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. New York: IEEE, 2017: 1492-1500. |
[26] | LI Heng, ZHOU Shiyao, YUAN Wei, et al. Adversarial-Example Attacks toward Android Malware Detection System[J]. IEEE Systems Journal, 2019, 14(1): 653-656. |
[27] | ZHI Yongbo, XI Ning, LIU Yuanqing, et al. A Lightweight Android Malware Detection Framework Based on Knowledge Distillation[C]// Springer. International Conference on Network and System Security. Berlin:Springer, 2021: 116-130. |
[1] | 朱丽娜, 马铭芮, 朱东昭. 基于图神经网络和通用漏洞分析框架的C类语言漏洞检测方法[J]. 信息网络安全, 2022, 22(10): 59-68. |
[2] | 秦中元, 胡宁, 方兰婷. 基于免疫仿生机理和图神经网络的网络异常检测方法[J]. 信息网络安全, 2021, 21(8): 10-16. |
[3] | 宋鑫, 赵楷, 张琳琳, 方文波. 基于随机森林的Android恶意软件检测方法研究[J]. 信息网络安全, 2019, 19(9): 1-5. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||