基于异构信息网络的Android恶意程序检测方法

doi:10.12052/gdutxb.230021

Abstract

Abstract: To address the problems of camouflage and real-time detection of the traditional Android malware detection methods, a new Android malware detection method based on heterogeneous information networks is proposed. By modeling the Android entities and relationships nodes and edges, respectively, in a heterogeneous information network, two network representation learning models are designed, including the meta-structure attention network representation learning and the incremental learning models. First, the meta-structure attention network representation learning model is used for intra-sample node embedding, and the embedded nodes and labels are input to a deep neural network for training. Then, the incremental learning model is used for learning the extra-sample node embeddings. The top-k algorithm is used to aggregate neighboring nodes within the heterogeneous information network, and the embedded node to be detected is input to the trained deep neural network for detection. Experimental results show that the F₁ value of the proposed method is 97.5%, the accuracy rate is 96.7%, and the average detection time is 3.7 ms, which are better than the existing methods, demonstrating the effectiveness of the proposed method for dealing with Android malware camouflage and for real-time Android malware detection.

Key words: Android, malware detection, heterogeneous information networks, meta-structure, deep neural networks

CLC Number:

TP309

Yin Dan-li, Ling Jie. Android Malware Application Detection Method Based on Heterogeneous Information Network[J].Journal of Guangdong University of Technology, 2024, 41(02): 56-64.

References

[1] ZHANG G, LI Y, BAO X, et al. TSDroid: a novel android malware detection framework based on temporal & spatial metrics in IoMT [J]. ACM Transactions on Sensor Networks, 2023, 19(3): 1-23.
[2] AMI A S, KAFLE K, MORAN K, et al. Systematic mutation-based evaluation of the soundness of security-focused android static analysis techniques [J]. ACM Transactions on Privacy and Security, 2021, 24(3): 1-37.
[3] HU C C, JENG T H, Chen Y M. Dynamic android malware analysis with de-identification of personal identifiable information[C]//2020 the 3rd International Conference on Computing and Big Data(ICCBD) . New York: Association for Computing Machinery, 2020: 30-36.
[4] 郑珏, 欧毓毅. 基于卷积神经网络与多特征融合恶意代码分类方法[J]. 计算机应用研究, 2022, 39(1): 240-244.
ZHENG J, OU Y Y. Malware classification method based on convolutional neural network and multi-feature fusion [J]. Application Research of Computers, 2022, 39(1): 240-244.
[5] REN X X, ZHAO L R, WANG K, et al. Android malware detection based on heterogeneous information network with cross-layer features[C]// 2022 19th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP) . Piscataway: IEEE, 2022: 1-4.
[6] LI B T, PI D. Network representation learning: a systematic literature review [J]. Neural Computing and Applications, 2020, 32(21): 16647-16679.
[7] 黄剑航, 王振友. 基于特征融合的深度学习目标检测算法研究[J]. 广东工业大学学报, 2021, 38(4): 52-58.
HUANG J H, WANG Z Y. A research on deep learning object detection algorithm based on feature fusion [J]. Journal of Guangdong University of Technology, 2021, 38(4): 52-58.
[8] 凌捷, 殷丹丽, 罗玉. 一种基于异构图注意力网络的安卓恶意程序检测方法和装置: CN202210983464.3[P]. 2022-8-14.
[9] GROVER A, LESKOVEC J. node2vec: scalable feature learning for networks[C]//Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining(KDD) . New York: Association for Computing Machinery, 2016: 855-864.
[10] ZHANG D, YIN J, ZHU X, et al. Metagraph2vec: complex semantic path augmented heterogeneous network embedding[C]//Advances in Knowledge Discovery and Data Mining: 22nd Pacific-Asia Conference(PAKDD) . Berlin: Springer, 2018: 196-208.
[11] ROMERO H J, LI C, WANG P, et al. ACE-GCN: a fast data-driven FPGA accelerator for GCN embedding [J]. ACM Transactions on Reconfigurable Technology and Systems, 2021, 14(4): 1-23.
[12] WANG X, JI H Y, SHI C, et al. Heterogeneous graph attention network[C]//The 2019 World Wide Web Conference(WWW) . New York: Association for Computing Machinery, 2019: 2022-2032.
[13] DAOUDI N, ALLIX K, BISSYANDÉ T F, et al. A deep dive inside drebin: an explorative analysis beyond android malware detection scores [J]. ACM Transactions on Privacy and Security, 2022, 25(2): 1-28.
[14] WANG S, PHILIP S Y. Heterogeneous graph matching networks: Application to unknown malware detection[C]//2019 IEEE International Conference on Big Data. California: IEEE Computer Society Press, 2019: 5401-5408.
[15] XU K, LI Y, DENG R, et al. Droidevolver: self-evolving android malware detection system[C]//2019 IEEE European Symposium on Security and Privacy. California: IEEE Computer Society Press, 2019: 47-62.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 0

No Suggested Reading articles found!

Android Malware Application Detection Method Based on Heterogeneous Information Network

HTML

PDF (PC)

Abstract

Cite this article

share this article

References

Related Articles 4

Metrics

Comments

Recommended 0

[1]	Zeng Bi, Zhang Yu. A Research on Synchronous Transmission for Audio and Video Based on FFMPEG [J]. Journal of Guangdong University of Technology, 2017, 34(04): 58-64.
[2]	Fan Rui, Yan Si-wei, Peng Zhong-huang, Liao Yong-le, Chen Yue-feng, Luo Xiao-hang, Lin Hen, Tan Zhi. A Research on Software Architecture and its Application for ESGS [J]. Journal of Guangdong University of Technology, 2017, 34(02): 1-5.
[3]	HUANG Bin-Jie, LIU Yi-Jun. Wireless Doorbell System Design and Implementation on a Hadoop-based Cloud Platform [J]. Journal of Guangdong University of Technology, 2016, 33(03): 55-59.
[4]	Wu Yi-min, He Jia-rong. The Design and Implementation of the SQlite Security Mechanism Basedon Android and Remote Service [J]. Journal of Guangdong University of Technology, 2013, 30(3): 49-52.