基于特征生成方法的Android惡意軟件檢測(cè)方法
2020年信息技術(shù)與網(wǎng)絡(luò)安全第11期
馮 垚,王金雙,張雪濤
陸軍工程大學(xué) 指揮控制工程學(xué)院,江蘇 南京210001
摘要: 針對(duì)傳統(tǒng)特征工程中需要大量專家經(jīng)驗(yàn)和人力的不足,研究了基于特征生成方法的Android惡意軟件檢測(cè)方法。基于UC Berkeley的ExploreKit自動(dòng)特征生成方法,通過(guò)對(duì)原始特征計(jì)算獲得大量候選特征,根據(jù)候選特征的元特征預(yù)測(cè)其性能并進(jìn)行評(píng)估排序,使用貪心算法從中選出能夠提升模型性能的新特征。從APK中提取了敏感API、危險(xiǎn)權(quán)限等多種特征,在根據(jù)信息增益對(duì)特征進(jìn)行篩選后,輸入到特征生成框架中,使用C4.5、SVM和隨機(jī)森林等作為分類模型。實(shí)驗(yàn)證明,該方法使錯(cuò)誤率平均降低了24.6%,準(zhǔn)確率達(dá)到了96.5%,曲線下面積(Area Under Curve,AUC)達(dá)到了0.99。
中圖分類號(hào): TP393
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2020.11.002
引用格式: 馮垚,王金雙,張雪濤. 基于特征生成方法的Android惡意軟件檢測(cè)方法[J].信息技術(shù)與網(wǎng)絡(luò)安全,2020,39(11):8-13.
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2020.11.002
引用格式: 馮垚,王金雙,張雪濤. 基于特征生成方法的Android惡意軟件檢測(cè)方法[J].信息技術(shù)與網(wǎng)絡(luò)安全,2020,39(11):8-13.
Android malware detection based on feature generation method
Feng Yao,Wang Jinshuang,Zhang Xuetao
Institute of Command Control Engineering,Army Engineering University,Nanjing 210001,China
Abstract: Considering the expert experience and manpower required in traditional feature engineering, a detection method based on feature generation was proposed in this paper. ExploreKit was adopted as the automated feature generation method, which can improve Android malware detection model performance by generating and selecting new features. A large of candidate features are obtaioned by calculating the initial features. According to the meta-features of the candidate features, their performance is predicted and evaluated. New features that will improve the performance of the model are selected by greedy algorithms. The time spent on feature generation is reduced by filtering the initial features input to ExploreKit and limiting the number of generated features. Many features were extracted from APK, such as sensitive API and dangerous permission. By using C4.5, SVM and random forest as the classification models, our experiments show that the error rate of Android malware detection decreases 24.6% on average, the accuracy reaches 96.5%, and the AUC reaches 0.99.
Key words : malware detection;feature engineering;feature generation;ExploreKit
0 引言
機(jī)器學(xué)習(xí)在Android惡意軟件檢測(cè)中得到廣泛應(yīng)用,特征工程是基于機(jī)器學(xué)習(xí)的Android惡意軟件檢測(cè)的關(guān)鍵環(huán)節(jié)。目前使用的特征主要包括靜態(tài)特征和動(dòng)態(tài)特征。但特征工程的過(guò)程嚴(yán)重依賴于專家經(jīng)驗(yàn),反復(fù)試驗(yàn)調(diào)優(yōu)才能確定候選特征集合。
針對(duì)傳統(tǒng)特征工程需要大量專家經(jīng)驗(yàn)和人力的不足,本文提出了基于特征生成方法的Android惡意軟件檢測(cè)方法。該方法提取了多類特征,基于UC Berkeley的ExploreKit[1]方法進(jìn)行自動(dòng)化特征生成計(jì)算,篩選得到能夠提升模型性能的新特征,得到了良好的檢測(cè)性能。
本文詳細(xì)內(nèi)容請(qǐng)下載:http://www.rjjo.cn/resource/share/2000003054
作者信息:
馮 垚,王金雙,張雪濤
(陸軍工程大學(xué) 指揮控制工程學(xué)院,江蘇 南京210001)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。