Journal of Computer Applications ›› 2018, Vol. 38 ›› Issue (4): 1058-1063.DOI: 10.11772/j.issn.1001-9081.2017102499

Previous Articles     Next Articles

Android malware detection based on texture fingerprint and malware activity vector space

LUO Shiqi1, TIAN Shengwei1, YU Long2, YU Jiong1, SUN Hua1   

  1. 1. School of Software, Xinjiang University, Urumqi Xinjiang 830008, China;
    2. Network Center, Xinjiang University, Urumqi Xinjiang 830046, China
  • Received:2017-10-23 Revised:2017-12-12 Online:2018-04-10 Published:2018-04-09
  • Supported by:
    This work is partially supported by the Scientific Research Innovation Project of Education Innovation Plan for Graduate Students in Xinjiang Uygur Autonomous Region (XJGRI2017007), the Science and Technology Talent Training Project of Xinjiang Uygur Autonomous Region (QN2016YX0051), the Cernet Next Generation Internet Technology Innovation Project (NGII20170420).

基于纹理指纹与活动向量空间的Android恶意代码检测

罗世奇1, 田生伟1, 禹龙2, 于炯1, 孙华1   

  1. 1. 新疆大学 软件学院, 乌鲁木齐 830008;
    2. 新疆大学 网络中心, 乌鲁木齐 830046
  • 通讯作者: 禹龙
  • 作者简介:罗世奇(1993-),男,湖北大悟人,硕士研究生,CCF会员,主要研究方向:信息安全、图像处理;田生伟(1973-),男,新疆乌鲁木齐人,教授,博士,主要研究方向:智能计算;禹龙(1974-),女,新疆乌鲁木齐人,教授,硕士,主要研究方向:计算机智能;于炯(1964-),男,北京人,教授,博士,主要研究方向:网络安全、网格计算;孙华(1977-),女,山东人,副教授,博士,主要研究方向:信息安全。
  • 基金资助:
    新疆自治区研究生教育创新计划科研创新项目(XJGRI2017007);新疆自治区科技人才培养项目(QN2016YX0051);赛尔网络下一代互联网技术创新项目(NGII20170420)。

Abstract: To improve the accuracy and automation of malware recognition, an Android malware analysis and detection method based on deep learning was proposed. Firstly, the malware texture fingerprint was proposed to reflect the content similarity of malicious code binary files, and 33 types of malware activity vector space were selected to reflect the potential dynamic activities of malicious code. In addition, to improve the accuracy of the classification, the AutoEncoder (AE) and the Softmax classifier were trained combined with the above characteristics. Test results on different data samples showed that the average classification accuracy of the proposed method was up to 94.9% by using Stacked AE (SAE), which is 1.1 percentage points higher than that of Support Vector Machine (SVM). The proposed method can effectively improve the accuracy of malicious code recognition.

Key words: malware, texture fingerprin, activity vector space, stacked AutoEncoder (AE)

摘要: 为了进一步提高恶意代码识别的准确率和自动化程度,提出一种基于深度学习的Android恶意代码分析与检测方法。首先,提出恶意代码纹理指纹体现恶意代码二进制文件块内容相似性,选取33类恶意代码活动向量空间来反映恶意代码的潜在动态活动。其次,为确保分类准确率的提高,融合上述特征,训练自编码器(AE)和Softmax分类器。通过对不同数据样本进行测试,利用栈式自编码(SAE)模型对Android恶意代码的分类平均准确率可达94.9%,比支持向量机(SVM)高出1.1个百分点。实验结果表明,所提出的方法能够有效提高恶意代码识别精度。

关键词: 恶意代码, 纹理指纹, 活动向量空间, 栈式自编码

CLC Number: