广东工业大学学报 ›› 2024, Vol. 41 ›› Issue (02): 56-64.doi: 10.12052/gdutxb.230021

• 计算机科学与技术 • 上一篇    

基于异构信息网络的Android恶意程序检测方法

殷丹丽, 凌捷   

  1. 广东工业大学 计算机学院, 广东 广州 510006
  • 收稿日期:2023-02-15 发布日期:2024-04-23
  • 通信作者: 凌捷(1964-),男,教授,博士,主要研究方向为网络信息安全,E-mail:jling@gdut.edu.cn
  • 作者简介:殷丹丽(1997-),女,硕士研究生,主要研究方向为网络信息安全,E-mail:1521506972@qq.com
  • 基金资助:
    广东省重点领域研发计划项目(2019B010139002);广州市科技研发计划项目(202007010004)

Android Malware Application Detection Method Based on Heterogeneous Information Network

Yin Dan-li, Ling Jie   

  1. School of Computer Science and Technology, Guangzhou University of Technology, Guangzhou 510006, China
  • Received:2023-02-15 Published:2024-04-23

HTML

PDF (PC)

220

摘要: 针对传统Android恶意程序检测方法无法解决的伪装及实时检测问题,提出了一种基于异构信息网络的Android恶意程序检测方法。将Android实体及关系建模为异构信息网络中的节点和边,设计了元结构注意力网络表示学习模型和增量学习模型。首先使用元结构注意力网络表示学习模型进行训练集节点嵌入,将节点嵌入及标签输入到深度神经网络中进行训练,再采用增量表示学习模型学习测试集节点嵌入,使用top-k算法寻找邻居节点进行聚合,将待检测节点输入到训练好的深度神经网络中进行检测。实验结果表明,该方法$ {F}_{1} $值为97.5%,准确率为96.7%,平均检测时间3.7 ms。与现有方法相比,$ {F}_{1} $值和准确率更高,平均检测时间更短,表明该方法能够有效应对Android恶意程序伪装,可以用于实时Android恶意程序检测。

关键词: 安卓, 恶意程序检测, 异构信息网络, 元结构, 深度神经网络

Abstract: To address the problems of camouflage and real-time detection of the traditional Android malware detection methods, a new Android malware detection method based on heterogeneous information networks is proposed. By modeling the Android entities and relationships nodes and edges, respectively, in a heterogeneous information network, two network representation learning models are designed, including the meta-structure attention network representation learning and the incremental learning models. First, the meta-structure attention network representation learning model is used for intra-sample node embedding, and the embedded nodes and labels are input to a deep neural network for training. Then, the incremental learning model is used for learning the extra-sample node embeddings. The top-k algorithm is used to aggregate neighboring nodes within the heterogeneous information network, and the embedded node to be detected is input to the trained deep neural network for detection. Experimental results show that the F1 value of the proposed method is 97.5%, the accuracy rate is 96.7%, and the average detection time is 3.7 ms, which are better than the existing methods, demonstrating the effectiveness of the proposed method for dealing with Android malware camouflage and for real-time Android malware detection.

Key words: Android, malware detection, heterogeneous information networks, meta-structure, deep neural networks

中图分类号: 

  • TP309
[1] ZHANG G, LI Y, BAO X, et al. TSDroid: a novel android malware detection framework based on temporal & spatial metrics in IoMT [J]. ACM Transactions on Sensor Networks, 2023, 19(3): 1-23.
[2] AMI A S, KAFLE K, MORAN K, et al. Systematic mutation-based evaluation of the soundness of security-focused android static analysis techniques [J]. ACM Transactions on Privacy and Security, 2021, 24(3): 1-37.
[3] HU C C, JENG T H, Chen Y M. Dynamic android malware analysis with de-identification of personal identifiable information[C]//2020 the 3rd International Conference on Computing and Big Data(ICCBD) . New York: Association for Computing Machinery, 2020: 30-36.
[4] 郑珏, 欧毓毅. 基于卷积神经网络与多特征融合恶意代码分类方法[J]. 计算机应用研究, 2022, 39(1): 240-244.
ZHENG J, OU Y Y. Malware classification method based on convolutional neural network and multi-feature fusion [J]. Application Research of Computers, 2022, 39(1): 240-244.
[5] REN X X, ZHAO L R, WANG K, et al. Android malware detection based on heterogeneous information network with cross-layer features[C]// 2022 19th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP) . Piscataway: IEEE, 2022: 1-4.
[6] LI B T, PI D. Network representation learning: a systematic literature review [J]. Neural Computing and Applications, 2020, 32(21): 16647-16679.
[7] 黄剑航, 王振友. 基于特征融合的深度学习目标检测算法研究[J]. 广东工业大学学报, 2021, 38(4): 52-58.
HUANG J H, WANG Z Y. A research on deep learning object detection algorithm based on feature fusion [J]. Journal of Guangdong University of Technology, 2021, 38(4): 52-58.
[8] 凌捷, 殷丹丽, 罗玉. 一种基于异构图注意力网络的安卓恶意程序检测方法和装置: CN202210983464.3[P]. 2022-8-14.
[9] GROVER A, LESKOVEC J. node2vec: scalable feature learning for networks[C]//Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining(KDD) . New York: Association for Computing Machinery, 2016: 855-864.
[10] ZHANG D, YIN J, ZHU X, et al. Metagraph2vec: complex semantic path augmented heterogeneous network embedding[C]//Advances in Knowledge Discovery and Data Mining: 22nd Pacific-Asia Conference(PAKDD) . Berlin: Springer, 2018: 196-208.
[11] ROMERO H J, LI C, WANG P, et al. ACE-GCN: a fast data-driven FPGA accelerator for GCN embedding [J]. ACM Transactions on Reconfigurable Technology and Systems, 2021, 14(4): 1-23.
[12] WANG X, JI H Y, SHI C, et al. Heterogeneous graph attention network[C]//The 2019 World Wide Web Conference(WWW) . New York: Association for Computing Machinery, 2019: 2022-2032.
[13] DAOUDI N, ALLIX K, BISSYANDÉ T F, et al. A deep dive inside drebin: an explorative analysis beyond android malware detection scores [J]. ACM Transactions on Privacy and Security, 2022, 25(2): 1-28.
[14] WANG S, PHILIP S Y. Heterogeneous graph matching networks: Application to unknown malware detection[C]//2019 IEEE International Conference on Big Data. California: IEEE Computer Society Press, 2019: 5401-5408.
[15] XU K, LI Y, DENG R, et al. Droidevolver: self-evolving android malware detection system[C]//2019 IEEE European Symposium on Security and Privacy. California: IEEE Computer Society Press, 2019: 47-62.
[1] 黎耀东, 任志刚, 吴宗泽. 基于深度神经网络的注塑过程预测控制[J]. 广东工业大学学报, 2022, 39(05): 120-126,136.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
版权所有 © 2017 《广东工业大学学报》编辑部
地址:广州市东风东路729号广东工业大学 邮编:510090
电话:020-37626653,020-37626139,020-37626396
邮箱:xbzrb@gdut.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发