摘要
基于操作码的检测方式被广泛用于安卓恶意软件检测中,但存在特征提取方法复杂、效率低等问题。针对此类问题,提出一种基于操作码的安卓恶意软件多粒度快速检测方法,其中多粒度指以词袋模型为基础、函数为基本单位提取特征,通过逐级聚合特征获得APK多层级信息,通过对数长度表征函数规模;并基于Dalvik指令集中操作码语义上的相似性对其进行压缩映射以提升效率,构建相应分类模型。测试表明所提方法在性能和效率上均有明显优势。
The detection method based on opcode is widely used in Android malware detection, but it still contains some problems such as complex feature extraction method and low efficiency. In order to solve these problems, a multi-granularity fast detection method based on opcode for Android malware was proposed. Multi-granularity refers to the feature based on the bag of words model, and with the function as basic unit to extract features. By step-by-level aggregation feature, the APK multi-level information is obtained. The log length characterizes the scale of the function. And feature can be compressed and mapped to improve the efficiency and construct the corresponding classification model based on the semantic similarity of the Dalvik instruction set. Tests show that the proposed method has obvious advantages in performance and efficiency.
作者
张雪涛
孙蒙
王金双
ZHANG Xuetao;SUN Meng;WANG Jinshuang(Institute of Command Control Engineering,Army Engineering University,Nanjing 210001,China)
出处
《网络与信息安全学报》
2019年第6期85-94,共10页
Chinese Journal of Network and Information Security
关键词
操作码
压缩映射
多粒度
快速检测
卷积神经网络
opcode
compression map
multi-granularity
rapid detection
convolutional neural networks
作者简介
张雪涛(1995-),男,河北保定人,硕士,主要研究方向为网络安全以及恶意软件检测;孙蒙(1984-),男,山东齐河人,博士,陆军工程大学副教授,主要研究方向为人工智能和网络安全;通信作者:王金双(1978-),男,黑龙江佳木斯人,博士,陆军工程大学副教授,主要研究方向为系统安全,机器定理证明。siyezhishuang@163.com。
