基于深度学习的安卓恶意应用检测
发布时间:2018-08-27 19:46
【摘要】:针对传统安卓恶意程序检测技术检测准确率低,对采用了重打包和代码混淆等技术的安卓恶意程序无法成功识别等问题,设计并实现了DeepDroid算法。首先,提取安卓应用程序的静态特征和动态特征,结合静态特征和动态特征生成应用程序的特征向量;然后,使用深度学习算法中的深度置信网络(DBN)对收集到的训练集进行训练,生成深度学习网络;最后,利用生成的深度学习网络对待测安卓应用程序进行检测。实验结果表明,在使用相同测试集的情况下,DeepDroid算法的正确率比支持向量机(SVM)算法高出3.96个百分点,比朴素贝叶斯(Naive Bayes)算法高出12.16个百分点,比K最邻近(KNN)算法高出13.62个百分点。DeepDroid算法结合了安卓应用程序的静态特征和动态特征,采用了动态检测和静态检测相结合的检测方法,弥补了静态检测代码覆盖率不足和动态检测误报率高的缺点,在特征识别的部分采用DBN算法使得网络训练速度得到保证的同时还有很高的检测正确率。
[Abstract]:Aiming at the low detection accuracy of traditional malware detection technology of Android, the DeepDroid algorithm is designed and implemented to solve the problem that malware can not be recognized successfully by using repackaging and code confusion techniques. First, the static and dynamic features of Android applications are extracted, and the feature vectors are generated by combining static and dynamic features. The depth confidence network (DBN) in the depth learning algorithm is used to train the collected training set to generate the deep learning network. Finally, the generated depth learning network is used to detect the Android testing application. The experimental results show that the accuracy of DeepDroid algorithm is 3.96% higher than that of support vector machine (SVM) algorithm and 12.16% higher than that of naive Bayesian (Naive Bayes) algorithm under the same test set. This algorithm is 13.62 percentage points higher than K's nearest neighbor (KNN) algorithm. DeepDroid algorithm combines the static and dynamic features of Android application, and adopts the combination of dynamic detection and static detection. It makes up for the deficiency of the static detection code coverage and the high false alarm rate of dynamic detection. In the part of feature recognition, the DBN algorithm is used to ensure the network training speed and the detection accuracy is also very high.
【作者单位】: 数学工程与先进计算国家重点实验室;
【基金】:国家自然科学基金资助项目(61271252)~~
【分类号】:TP309;TP316
,
本文编号:2208273
[Abstract]:Aiming at the low detection accuracy of traditional malware detection technology of Android, the DeepDroid algorithm is designed and implemented to solve the problem that malware can not be recognized successfully by using repackaging and code confusion techniques. First, the static and dynamic features of Android applications are extracted, and the feature vectors are generated by combining static and dynamic features. The depth confidence network (DBN) in the depth learning algorithm is used to train the collected training set to generate the deep learning network. Finally, the generated depth learning network is used to detect the Android testing application. The experimental results show that the accuracy of DeepDroid algorithm is 3.96% higher than that of support vector machine (SVM) algorithm and 12.16% higher than that of naive Bayesian (Naive Bayes) algorithm under the same test set. This algorithm is 13.62 percentage points higher than K's nearest neighbor (KNN) algorithm. DeepDroid algorithm combines the static and dynamic features of Android application, and adopts the combination of dynamic detection and static detection. It makes up for the deficiency of the static detection code coverage and the high false alarm rate of dynamic detection. In the part of feature recognition, the DBN algorithm is used to ensure the network training speed and the detection accuracy is also very high.
【作者单位】: 数学工程与先进计算国家重点实验室;
【基金】:国家自然科学基金资助项目(61271252)~~
【分类号】:TP309;TP316
,
本文编号:2208273
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2208273.html
