Journal of Computer Applications ›› 2024, Vol. 44 ›› Issue (5): 1539-1545.DOI: 10.11772/j.issn.1001-9081.2023050708

Special Issue: 网络空间安全

• Cyber security • Previous Articles     Next Articles

CBAM-CGRU-SVM based malware detection method for Android

Min SUN(), Qian CHENG, Xining DING   

  1. College of Computer and Information Technology,Shanxi University,Taiyuan Shanxi 030006,China
  • Received:2023-06-04 Revised:2023-09-18 Accepted:2023-09-28 Online:2024-05-10 Published:2024-05-10
  • Contact: Min SUN
  • About author:CHENG Qian, born in 1998, M. S. candidate. Her research interests include information security, deep learning.
    DING Xining, born in 1998, M. S. candidate. Her research interests include information security, privacy protection.
  • Supported by:
    Basic Research Program of Shanxi Province(20210302123455)

基于CBAM-CGRU-SVM的Android恶意软件检测方法

孙敏(), 成倩, 丁希宁   

  1. 山西大学 计算机与信息技术学院,太原 030006
  • 通讯作者: 孙敏
  • 作者简介:成倩(1998—),女,山西太原人,硕士研究生,主要研究方向:信息安全、深度学习
    丁希宁(1998—),女,山西长治人,硕士研究生,主要研究方向:信息安全、隐私保护。
    第一联系人:孙敏(1966—),女,天津人,教授,硕士,主要研究方向:计算机网络、信息安全
  • 基金资助:
    山西省基础研究计划项目(20210302123455)

Abstract:

With the increasing variety and quantity of Android malware, it becomes increasingly important to detect malware to protect system security and user privacy. To address the problem of low classification accuracy of traditional malware detection models, A malware detection model for Android named CBAM-CGRU-SVM was proposed based on Convolutional Neural Network (CNN), Gated Recurrent Unit (GRU), and Support Vector Machine (SVM). In this model, more key features of malware were learned by adding a Convolutional Block Attention Module (CBAM) to the convolutional neural network, and GRUs were employed to further extract features. In order to solve the problem of insufficient generalization ability of the model when performing image classification, SVM was used instead of softmax activation function as the classification function of the model. Experiments were conducted on Malimg public dataset, in which the malware data was transformed to images as model input. Experimental results show that the classification accuracy of CBAM-CGRU-SVM model reaches 94.73%, which can effectively classify malware families.

Key words: malware, Convolutional Neural Network (CNN), Convolutional Block Attention Module (CBAM), Gated Recurrent Unit (GRU), Support Vector Machine (SVM)

摘要:

随着Android恶意软件的种类和数量不断增多,检测恶意软件以保护系统安全和用户隐私变得越来越重要。针对传统的恶意软件检测模型分类准确率较低的问题,提出一种基于卷积神经网络(CNN)、门控循环单元(GRU)和支持向量机(SVM)的模型CBAM-CGRU-SVM。首先,在CNN中添加卷积块注意力模块(CBAM)以学习更多恶意软件的关键特征;其次,利用GRU进一步提取特征;最后,为了解决图像分类时模型泛化能力不足的问题,使用SVM代替softmax激活函数作为模型的分类函数。实验使用了Malimg公开数据集,该数据集将恶意软件数据图像化作为模型输入。实验结果表明,CBAM-CGRU-SVM模型分类准确率达到94.73%,能够更有效地对恶意软件家族进行分类。

关键词: 恶意软件, 卷积神经网络, 卷积块注意力模块, 门控循环单元, 支持向量机

CLC Number: