Journal of Computer Applications ›› 2024, Vol. 44 ›› Issue (5): 1539-1545.DOI: 10.11772/j.issn.1001-9081.2023050708
Special Issue: 网络空间安全
• Cyber security • Previous Articles Next Articles
Min SUN(), Qian CHENG, Xining DING
Received:
2023-06-04
Revised:
2023-09-18
Accepted:
2023-09-28
Online:
2024-05-10
Published:
2024-05-10
Contact:
Min SUN
About author:
CHENG Qian, born in 1998, M. S. candidate. Her research interests include information security, deep learning.Supported by:
通讯作者:
孙敏
作者简介:
成倩(1998—),女,山西太原人,硕士研究生,主要研究方向:信息安全、深度学习基金资助:
CLC Number:
Min SUN, Qian CHENG, Xining DING. CBAM-CGRU-SVM based malware detection method for Android[J]. Journal of Computer Applications, 2024, 44(5): 1539-1545.
孙敏, 成倩, 丁希宁. 基于CBAM-CGRU-SVM的Android恶意软件检测方法[J]. 《计算机应用》唯一官方网站, 2024, 44(5): 1539-1545.
Add to citation manager EndNote|Ris|BibTeX
URL: https://www.joca.cn/EN/10.11772/j.issn.1001-9081.2023050708
序号 | 家族名称 | 样本数 | 序号 | 家族名称 | 样本数 |
---|---|---|---|---|---|
1 | Adialer.C | 122 | 14 | Lolyda.AA 2 | 184 |
2 | Agent.FYI | 116 | 15 | Lolyda.AA 3 | 123 |
3 | Allaple.A | 2 949 | 16 | Lolyda.AT | 159 |
4 | Allaple.L | 1 591 | 17 | Malex.gen!J | 136 |
5 | Alueron.gen!J | 198 | 18 | Obfuscator.AD | 142 |
6 | Autorun.K | 106 | 19 | Rbot!gen | 158 |
7 | C2Lop.P | 146 | 20 | Skintrim.N | 80 |
8 | C2Lop.gen!G | 200 | 21 | Swizzor.gen!E | 128 |
9 | Dialplatform.B | 177 | 22 | Swizzor.gen!I | 132 |
10 | Dontovo.A | 162 | 23 | VB.AT | 408 |
11 | Fakerean | 381 | 24 | Wintrim.BX | 97 |
12 | Instantaccess | 431 | 25 | Yuner.A | 800 |
13 | Lolyda.AA 1 | 213 |
Tab. 1 Malware families found in Malimg dataset
序号 | 家族名称 | 样本数 | 序号 | 家族名称 | 样本数 |
---|---|---|---|---|---|
1 | Adialer.C | 122 | 14 | Lolyda.AA 2 | 184 |
2 | Agent.FYI | 116 | 15 | Lolyda.AA 3 | 123 |
3 | Allaple.A | 2 949 | 16 | Lolyda.AT | 159 |
4 | Allaple.L | 1 591 | 17 | Malex.gen!J | 136 |
5 | Alueron.gen!J | 198 | 18 | Obfuscator.AD | 142 |
6 | Autorun.K | 106 | 19 | Rbot!gen | 158 |
7 | C2Lop.P | 146 | 20 | Skintrim.N | 80 |
8 | C2Lop.gen!G | 200 | 21 | Swizzor.gen!E | 128 |
9 | Dialplatform.B | 177 | 22 | Swizzor.gen!I | 132 |
10 | Dontovo.A | 162 | 23 | VB.AT | 408 |
11 | Fakerean | 381 | 24 | Wintrim.BX | 97 |
12 | Instantaccess | 431 | 25 | Yuner.A | 800 |
13 | Lolyda.AA 1 | 213 |
参数 | 参数值 | 参数 | 参数值 |
---|---|---|---|
Batch Size | 256 | Learning Rate | 0.001 |
Dropout | 0.85 | SVM C | 10 |
Epochs | 30 |
Tab. 2 Model parameter setting
参数 | 参数值 | 参数 | 参数值 |
---|---|---|---|
Batch Size | 256 | Learning Rate | 0.001 |
Dropout | 0.85 | SVM C | 10 |
Epochs | 30 |
模型 | Acc | Pre | Re | F1 |
---|---|---|---|---|
SVM | 79.31 | 81.55 | 81.49 | 81.52 |
Decision Tree | 87.38 | 89.42 | 86.27 | 87.81 |
Random Forest | 90.11 | 90.01 | 91.45 | 90.72 |
Naive Bayes | 65.84 | 65.61 | 76.81 | 70.77 |
KNN | 87.95 | 92.02 | 82.36 | 86.92 |
Adaboost | 78.92 | 77.56 | 82.73 | 80.06 |
MLP | 82.54 | 81.98 | 89.13 | 85.41 |
CBAM-CGRU-SVM | 94.73 | 95.87 | 93.92 | 94.30 |
Tab. 3 Detection effects of different algorithm models
模型 | Acc | Pre | Re | F1 |
---|---|---|---|---|
SVM | 79.31 | 81.55 | 81.49 | 81.52 |
Decision Tree | 87.38 | 89.42 | 86.27 | 87.81 |
Random Forest | 90.11 | 90.01 | 91.45 | 90.72 |
Naive Bayes | 65.84 | 65.61 | 76.81 | 70.77 |
KNN | 87.95 | 92.02 | 82.36 | 86.92 |
Adaboost | 78.92 | 77.56 | 82.73 | 80.06 |
MLP | 82.54 | 81.98 | 89.13 | 85.41 |
CBAM-CGRU-SVM | 94.73 | 95.87 | 93.92 | 94.30 |
模型 | Acc | Pre | Re | F1 |
---|---|---|---|---|
CNN-softmax | 82.42 | 83.51 | 82.38 | 82.94 |
CGRU-SVM | 85.92 | 86.71 | 85.16 | 85.93 |
CBAM-CNN-SVM | 90.23 | 90.03 | 90.00 | 90.01 |
CBAM-CGNN-softmax | 92.91 | 92.88 | 92.90 | 92.89 |
CBAM-CGRU-SVM | 94.73 | 95.87 | 93.92 | 94.30 |
Tab. 4 Results of ablation experiments
模型 | Acc | Pre | Re | F1 |
---|---|---|---|---|
CNN-softmax | 82.42 | 83.51 | 82.38 | 82.94 |
CGRU-SVM | 85.92 | 86.71 | 85.16 | 85.93 |
CBAM-CNN-SVM | 90.23 | 90.03 | 90.00 | 90.01 |
CBAM-CGNN-softmax | 92.91 | 92.88 | 92.90 | 92.89 |
CBAM-CGRU-SVM | 94.73 | 95.87 | 93.92 | 94.30 |
模型 | Acc/% | Pre/% | Re/% | F1/% | 训练时间/s |
---|---|---|---|---|---|
文献[ | 91.90 | 91.90 | 91.26 | 91.57 | 466 |
文献[ | 86.80 | 87.00 | 87.00 | 87.00 | 512 |
文献[ | 94.03 | 94.03 | 99.15 | 96.97 | 437 |
文献[ | 94.27 | 94.14 | 94.02 | 94.08 | 2 224 |
本文方法模型 | 94.73 | 95.87 | 93.92 | 94.30 | 253 |
Tab. 5 Comparison of proposed model with other models onMalimg dataset
模型 | Acc/% | Pre/% | Re/% | F1/% | 训练时间/s |
---|---|---|---|---|---|
文献[ | 91.90 | 91.90 | 91.26 | 91.57 | 466 |
文献[ | 86.80 | 87.00 | 87.00 | 87.00 | 512 |
文献[ | 94.03 | 94.03 | 99.15 | 96.97 | 437 |
文献[ | 94.27 | 94.14 | 94.02 | 94.08 | 2 224 |
本文方法模型 | 94.73 | 95.87 | 93.92 | 94.30 | 253 |
1 | Statcounter. Mobile operating system market share worldwide [EB/OL]. (2022-03-31) [2023-01-30]. . |
2 | Google. GooglePlay[EB/OL]. (2022-12-24) [2023-02-07]. . |
3 | Wired. Google’s training its AI to be Android’s security guard [EB/OL]. (2016-06-02) [2023-02-26]. . |
4 | LeCUN Y, BENGIO Y, HINTON G. Deep learning[J]. Nature, 2015, 521(7553): 436-444. 10.1038/nature14539 |
5 | STAUDEMEYER R C. Applying long short-term memory recurrent neural networks to intrusion detection[J]. South African Computer Journal, 2015, 56(1): 136-154. 10.18489/sacj.v56i1.248 |
6 | SHIN E C R, SONG D, MOAZZEZI R. Recognizing functions in binaries with neural networks[C]// Proceedings of the 24th USENIX Conference on Security Symposium. Berkley: USENIX Association, 2015: 611-626. |
7 | SAXE J, BERLIN K. Deep neural network based malware detection using two dimensional binary program features[C]// Proceedings of the 2015 10th International Conference on Malicious and Unwanted Software. Piscataway: IEEE, 2015: 11-20. 10.1109/malware.2015.7413680 |
8 | WANG Z. The applications of deep learning on traffic identification[J]. Black Hat USA, 2015, 24(11): 1-10. |
9 | IMTIAZ S I, REHMAN S UR, JAVED A R, et al. DeepAMD: detection and identification of Android malware using high-efficient deep artificial neural network[J]. Future Generation computer systems, 2021, 115: 844-856. 10.1016/j.future.2020.10.008 |
10 | 李玉,罗森林,郝靖伟,等.基于抽象汇编指令的恶意软件家族分类方法[J].北京航空航天大学学报,2022,48(2):348-355. |
LI Y, LUO S L, HAO J W, et al. Malware family classification method based on abstract assembly instructions[J]. Journal of Beijing University of Aeronautics and Astronautics, 2022, 48(2): 348-355. | |
11 | HOSSEINI S, NEZHAD A E, SEILANI H. Android malware classification using convolutional neural network and LSTM[J]. Journal of Computer Virology and Hacking Techniques, 2021, 17: 307-318. 10.1007/s11416-021-00385-z |
12 | KIM J, BAN Y, KO E, et al. MAPAS: a practical deep learning-based android malware detection system[J]. International Journal of Information Security, 2022, 21: 725-738. 10.1007/s10207-022-00579-6 |
13 | BAKOUR K, ÜNVER H M. DeepVisDroid: Android malware detection by hybridizing image-based features with deep learning techniques[J]. Neural Computing and Applications, 2021, 33: 11499-11516. 10.1007/s00521-021-05816-y |
14 | VASAN D, ALAZAB M, WASSAN S, et al. IMCFN: image-based malware classification using fine-tuned convolutional neural network architecture[J]. Computer Networks, 2020, 171: 107138. 10.1016/j.comnet.2020.107138 |
15 | 李一萌, 李成海, 宋亚飞, 等. 基于 Attention-DenseNet-BC 的恶意软件家族分类方法[J]. 计算机科学, 2021, 48(10): 308-314. |
LI Y M, LI C H, SONG Y F, et al. Method of malware family classification based on Attention-DenseNet-BC model mechanism[J]. Computer Science, 2021, 48(10): 308-314. | |
16 | GO J H, JAN T, MOHANTY M, et al. Visualization approach for malware classification with ResNeXt[C]// Proceedings of the 2020 IEEE Congress on Evolutionary Computation. Piscataway: IEEE, 2020: 1-7. 10.1109/cec48606.2020.9185490 |
17 | CHO K, VAN MERRIENBOER B, GULCEHRE C, et al. Learning phrase representations using RNN encoder-decoder for statistical machine translation[EB/OL]. (2014-09-03) [2023-01-17]. . 10.3115/v1/d14-1179 |
18 | WOO S, PARK J, LEE J-Y, et al. CBAM: convolutional block attention module[C]// Proceedings of the 15th European Conference on Computer Vision. Cham: Springer, 2018: 3-19. 10.1007/978-3-030-01234-2_1 |
19 | NATARAJ L, KARTHIKEYAN S, JACOB G, et al. Malware images: visualization and automatic classification[C]// Proceedings of the 8th International Symposium on Visualization for Cyber Security. New York: ACM, 2011: No.4. 10.1145/2016904.2016908 |
20 | LU Y, SHETTY S. Multi-class malware classification using deep residual network with non-softmax classifier[C]// Proceedings of the 2021 IEEE 22nd International Conference on Information Reuse and Integration for Data Science. Piscataway: IEEE, 2021: 201-207. 10.1109/iri51335.2021.00033 |
21 | ABHESA R A, HENDRAWAN, IAMAIL S J I. Classification of malware using machine learning based on image processing[C]// Proceedings of the 2021 15th International Conference on Telecommunication Systems, Services, and Applications. Piscataway: IEEE, 2021: 1-4. 10.1109/tssa52866.2021.9768222 |
22 | ONOJA M, JEGEDE A, MAZADU J, et al. Exploring the effectiveness and efficiency of LightGBM algorithm for windows malware detection[C]// Proceedings of the 5th Information Technology for Education and Development. Piscataway: IEEE, 2022: 1-6. 10.1109/ited56637.2022.10051488 |
[1] | Yun LI, Fuyou WANG, Peiguang JING, Su WANG, Ao XIAO. Uncertainty-based frame associated short video event detection method [J]. Journal of Computer Applications, 2024, 44(9): 2903-2910. |
[2] | Guixiang XUE, Hui WANG, Weifeng ZHOU, Yu LIU, Yan LI. Port traffic flow prediction based on knowledge graph and spatio-temporal diffusion graph convolutional network [J]. Journal of Computer Applications, 2024, 44(9): 2952-2957. |
[3] | Hong CHEN, Bing QI, Haibo JIN, Cong WU, Li’ang ZHANG. Class-imbalanced traffic abnormal detection based on 1D-CNN and BiGRU [J]. Journal of Computer Applications, 2024, 44(8): 2493-2499. |
[4] | Yangyi GAO, Tao LEI, Xiaogang DU, Suiyong LI, Yingbo WANG, Chongdan MIN. Crowd counting and locating method based on pixel distance map and four-dimensional dynamic convolutional network [J]. Journal of Computer Applications, 2024, 44(7): 2233-2242. |
[5] | Dongwei WANG, Baichen LIU, Zhi HAN, Yanmei WANG, Yandong TANG. Deep network compression method based on low-rank decomposition and vector quantization [J]. Journal of Computer Applications, 2024, 44(7): 1987-1994. |
[6] | Mengyuan HUANG, Kan CHANG, Mingyang LING, Xinjie WEI, Tuanfa QIN. Progressive enhancement algorithm for low-light images based on layer guidance [J]. Journal of Computer Applications, 2024, 44(6): 1911-1919. |
[7] | Jianjing LI, Guanfeng LI, Feizhou QIN, Weijun LI. Multi-relation approximate reasoning model based on uncertain knowledge graph embedding [J]. Journal of Computer Applications, 2024, 44(6): 1751-1759. |
[8] | Wenshuo GAO, Xiaoyun CHEN. Point cloud classification network based on node structure [J]. Journal of Computer Applications, 2024, 44(5): 1471-1478. |
[9] | Tianhua CHEN, Jiaxuan ZHU, Jie YIN. Bird recognition algorithm based on attention mechanism [J]. Journal of Computer Applications, 2024, 44(4): 1114-1120. |
[10] | Lijun XU, Hui LI, Zuyang LIU, Kansong CHEN, Weixuan MA. 3D-GA-Unet: MRI image segmentation algorithm for glioma based on 3D-Ghost CNN [J]. Journal of Computer Applications, 2024, 44(4): 1294-1302. |
[11] | Jie WANG, Hua MENG. Image classification algorithm based on overall topological structure of point cloud [J]. Journal of Computer Applications, 2024, 44(4): 1107-1113. |
[12] | Bin XIAO, Yun GAN, Min WANG, Xingpeng ZHANG, Zhaoxing WANG. Network abnormal traffic detection based on port attention and convolutional block attention module [J]. Journal of Computer Applications, 2024, 44(4): 1027-1034. |
[13] | Jingxian ZHOU, Xina LI. UAV detection and recognition based on improved convolutional neural network and radio frequency fingerprint [J]. Journal of Computer Applications, 2024, 44(3): 876-882. |
[14] | Ruifeng HOU, Pengcheng ZHANG, Liyuan ZHANG, Zhiguo GUI, Yi LIU, Haowen ZHANG, Shubin WANG. Iterative denoising network based on total variation regular term expansion [J]. Journal of Computer Applications, 2024, 44(3): 916-921. |
[15] | Yongfeng DONG, Jiaming BAI, Liqin WANG, Xu WANG. Chinese named entity recognition combining prior knowledge and glyph features [J]. Journal of Computer Applications, 2024, 44(3): 702-708. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||