基于深度学习的Android恶意软件检测的设计和实现

信息安全研究 ›› 2018, Vol. 4 ›› Issue (2): 140-144.

基于深度学习的Android恶意软件检测的设计和实现

王涛,李剑

北京邮电大学计算机学院

收稿日期:2018-02-25 出版日期:2018-02-15 发布日期:2018-02-25
通讯作者: 王涛
作者简介:王涛硕士研究生，主要研究方向为机器学习、信息安全. 李剑博士，副教授，博士生导师，主要研究方向为智能网络安全、量子密码学.

Design and Implementation of Android Malware Detection System Based on Deep Learning

Received:2018-02-25 Online:2018-02-15 Published:2018-02-25

摘要/Abstract

摘要： 为了提高安卓恶意软件检测的准确率和有效性，提出了一种新的基于深度学习的安卓恶意软件系统．该系统中使用的安全相关特征分别由静态特征和动态特征组成．经过特征选择算法，将深度学习多层降噪自动编码机，用于最终的分类．提出了一种基于深度学习的安卓恶意软件检测系统：SDADLDroid．在本次实验中，使用了8000个良性应用软件和7000个恶意软件组成的数据集，该系统通过对现实中15000个应用构建了一个3层的SDA神经网络，该系统的检测正确率高达95.8%．实验表明基于深度学习的安卓恶意软件检测系统比传统机器学习技术有更高的准确率．

关键词: 安卓安全, 深度学习, 恶意软件, 机器学习

Abstract: In order to improve the detection efficiency and accuracy of Android malicious application, an Android malware detection system based on deep learning is proposed. Deep learning especially emphasizes on Android Security features, which combines static and dynamic features for classification. In order to improve the accuracy of malware detection, attribute subset selection analysis is used to reduce the dimensionality of fusion features. Then, the Stacked Denoising Autoencoders is used for classification. The SDADLDroid, a static and dynamic analysis system that detects the Android malware, is proposed. In order to recognize different Android malware, different kinds of clustering algorithms can be applied to compare the malware modeling capability. We use a dataset containing more than fifteen thousand real applications, including seven thousands malware applications. Experimental results show that the deep learning technique is especially suitable for Android malware detection than machine learning and can achieve a high level of 95.8% accuracy with real-world Android application sets.

Key words: Android security, deep learning, Android malware, machine learning

王涛李剑. 基于深度学习的Android恶意软件检测的设计和实现 [J]. 信息安全研究, 2018, 4(2): 140-144.

参考文献

[1] IDC.Smartphone OS Market Share[EB/OL].[2017-04-27]. https://www.idc.com/promo/smartphone-market-share/os [2] Zhou Y, Jiang X. Dissecting Android malware: Characterization and evolution[C]// Security and Privacy. Piscataway,NJ:IEEE, 2012:95-109 [3] Tam K, Feizollah A, Anuar N B, et al. The evolution of Android malware and Android analysis techniques[J]. ACM Computing Surveys, 2017, 49(4):76 [4] Sanz B, Santos I, Laorden C, et al. PUMA: Permission usage to detect malware in Android[C]//Proc of Int Joint Conf on CISIS’12-ICEUTE´12-SOCO´12 Special Sessions. Berlin:Springer, 2013:289-298 [5] Martín A, Calleja A, Menéndez H D, et al. ADROIT: Android malware detection using meta-information[C]// Computational Intelligence.Piscataway,NJ:IEEE, 2017:1-8 [6] Sahs J, Khan L. A machine learning approach to Android malware detection[C]// European Intelligence and Security Informatics Conf. Los Alamitos,CA: IEEE Computer Society, 2012:141-147 [7] Sanz B, Santos I, Laorden C, et al. MAMA: Manifest analysis for Malware Detection in Android[J]. Cybernetics & Systems, 2013, 44(6/7):469-488 [8] Xiao X, Wang Z, Li Q, et al. ANNs on co-occurrence matrices for mobile malware detection[J]. Ksii Trans on Internet & Information Systems, 2015, 9(7):2736-2754 [9] Aafer Y, Du W, Yin H. DroidAPIMiner: Mining API-level features for robust malware detection in Android[M]// Security and Privacy in Communication Networks. Berlin:Springer, 2013:86-103 [10] Bartel A, Klein J, Traon Y L, et al. Automatically securing permission-based software by reducing the attack surface: An application to Android[C]// Proc of the IEEE/ACM Int Conf on Automated Software Engineering. Piscataway,NJ: IEEE, 2012:274-277 [11] BENGIO Y. Learning deep architectures for AI[J]. Foundations and trends in Machine Learning, 2009,2(1) :1-127 [12] Hinton G E, Osindero S, Teh Y W. A fast learning algorithm for deep belief nets[J]. Neural Computation, 2006, 18(7):1527-1554 [13] Bengio Y, Lamblin P, Popovici D, et al. Greedy layer-wise training of deep networks[C]//Advances in Neural Information Processing Systems. 2007: 153-160 [14] Lecun Y, Bottou L, Bengio Y, et al. Gradient-based learning applied to document recognition[J]. Proceedings of the IEEE, 1998, 86(11):2278-2324 [15] Vincent P, Larochelle H, Lajoie I, et al. Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion.[J]. Journal of Machine Learning Research, 2010, 11(6):3371-3408 [16] Vincent P, Larochelle H, Bengio Y, et al. Extracting and composing robust features with denoising autoencoders[C]// Proc of Int Conf. New York:ACM, 2008:1096-1103 [17] Bengio Y, Delalleau O. On the expressive power of deep architectures[C]//Proc of Int Conf on Discovery Science. Berlin:Springer, 2011:18-36 [18] Bengio Y, Courville A, Vincent P. Representation learning: A review and new perspectives[J]. IEEE Trans on Software Engineering, 2013, 35(8):1798-1828