| 440 | 8 | 126 |
| 下载次数 | 被引频次 | 阅读次数 |
随着针对Android系统的恶意软件数量不断增加,对恶意软件进行检测的方法也不断迭代更新,但大多都是通过对软件结构的剖析和运行时的系统调用机制,忽略了恶意行为基本是依托网络流量这一必要条件,由此提出使用深度学习的基于网络流量检测方案。采用14 702个正常样本和9 802个恶意样本构成网络流量的结构化信息,根据一个数据包内的字节间关系和不同数据包的字节间关系的紧密程度的明显不同,2个相邻数据包往往是发送方和接收方之间的一次数据交互,它们之间的时序特征关系能独立提取,构造2层双向长短时记忆循环神经网络模型并将其用于基于流量的Android恶意软件识别。实验结果表明,恶意软件的检测效率和误报率都得到显著提升。
Abstract:With the continuous increase of the number of malware in the Android system,the detection methods for the malicious are also iteratively updated.However,most of them are based on the analysis of the software structure and the system call mechanism at runtime,and the prerequisite that the malicious behavior is basically based on the network traffic is ignored.A network traffic detection scheme based on deep learning is presented.14 702 normal samples and 9 802 malicious samples are used to construct the structured information of the network traffic,and the closeness of the relationship between bytes in a data packet and the relationship between different data packets is different.Two adjacent data packets are often one data interaction between the sender and the receiver.The relationship of the time-series feature can be extracted independently.A two-layer bidirectional long-term and short-term memory recurrent neural network model is constructed and used for traffic-based Android malware identification.The experiment results show that both the detection efficiency and false positive rate of malware have been significantly improved.
[1] 秦中元,王志远,吴伏宝,等.基于多级签名匹配算法的Android恶意应用检测[J].计算机应用研究,2016,33 (3) :891-895.
[2] HOU S F,SAAS A,CHEN L F,et al.Deep4MalDroid:A Deep Learning Framework for Android Malware Detection Based on Linux Kernel System Call Graphs[C]// IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW),Omaha,NE,USA,2016:104-111.
[3] ZHOU Y J,JIANG X X.Dissecting Android Malware:Characterization and Evolution[C]//2012 IEEE Symposium on Seaurity and Privacy,2012.
[4] 张玉清,王凯,杨欢,等.Android安全综述[J].计算机研究与发展,2014,51 (7) :1385-1396.
[5] RASTOGI V.Catch Me If You Can:Evaluating Android Anti-malware Against Transformation Attacks[J].IEEE Transactions on Information Forensics and Security,2014,9(1):99-108.
[6] 何文才,闫翔宇,刘培鹤,等.基于最小距离分类器的Android恶意软件检测方案[J].计算机应用研究,2017,34 (7) :2184-2188.
[7] 姜海涛,郭雅娟,陈昊,等.一种混合的Android恶意应用检测方法[J].计算机应用研究,2018 35(6):1786-1788.
[8] 许艳萍,伍淳华,侯美佳,等.基于改进朴素贝叶斯的Android恶意应用检测技术[J].北京邮电大学学报,2016,39 (2) :43-47.
[9] ZHANG L S,NIU Y,WU X,et al.A3:Automatic Analysis of Android Malware[C]//Proceedings of the 1st International Workshop on Cloud Computing and Information Security,2013-08-02,Shanghai,China:Atlantis Press,2013.
[10] SANZ B,SANTOS I,LAORDEN C,et al.PUMA:Permission Usage to Detect Malware in Android[M].Berlin:Springer,2013:289-298.
[11] LI D F,WANG Z G,XUE Y B.Fine-grained Android Malware Detection Based on Deep Learning[C]//Proc.of 2018 IEEE Conference on Communications and Network Security (CNS),Beijing,2018:1-2.
[12] LIANG H,SONG Y,XIAO D.An End-to-end Model for Android Malware Detection[C]//Proc.of 2017 IEEE International Conference on Intelligence and Security Informatics (ISI),Beijing,2017:140-142.
[13] PAN GUTEANM.Pegasus Analysison APT Attack against iOS Devices[EB/OL].https://blog.pangu.io/?p=54.
[14] SU X,LIU X C,LIN J C,et al.Decloaking Malicious Activities in Smartphones Using HTTP Flow Mining[J].KSII Transactions on Internet and Information Systems,2017,11(6):3230-3253.
[15] MALIK J,KAUSHAL R.CREDROID:Android Malware Detection by Network Traffic Analysis[C]// Acm Workshop on Privacy-aware Mobile Computing.ACM,2016.
[16] CHEN Z,YAN Q,HAN H,et al.Machine Learning Based Mobile Malware Detection Using Highly Imbalanced Network Traffic[J].Information Sciences,2017:S0020025517307077.
[17] ARORA A,PEDDOJU S K.NTPDroid:A Hybrid Android Malware Detector Using Network Traffic and System Permissions[C]//Proc.of 2018 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering(TrustCom/BigDataSE),IEEE,2018:808-813.
[18] RONG C,LI Y,FANG W W.Android Malware Identification Based on Traffic Analysis[M].Cham:Springer International Publishing,2019:293-303.
[19] WANG S S,CHEN Z X,YAN Q B,et al.A Mobile Malware Detection Method Using Behavior Features in Network Traffic[J].Journal of Network and Computer Applications,2019(133):15-25.
[20] TAYLOR V F,SPOLAOR R,CONTI M,et al.Robust Smartphone APP Identification via Encrypted Network Traffic Analysis[J].IEEE Transactions on Information Forensics & Security,2017,13(1):63-78.
[21] MéDéRIC H,GUILLERMO S T,SANTANU K,et al.Euphony:Harmonious Unification of Cacophonous Anti-virus Vendor Labels for Android Malware[C]// IEEE/ACM 14th International Conference on Mining Software Repositories,ACM,2017.
[22] 王晓飞.基于 HTTP 的安卓恶意应用通信机制及流量特征提取研究[D].长沙:湖南大学,2014.
[23] LI Z,SUN J,YAB Q,et al.GranDroid:Graph-based Detection of Malicious Network Behaviors in Android Applications[J].SecureComm,2018(254):264-280.
[24] ROBERTO J,KUMAR S,SANTANU K D,et al.Transcend:Detecting Concept Drift in Malware Classification Models[C]//Proc of USENIX Security Symposium,Vancourver,2017:625-642.
[25] ROSSOW C,DIETRICH C J,GRIER C,et al.Prudent Practices for Designing Malware Experiments:Status Quo and Outlook[C]// Proceedings of IEEE Security & Privacy (Oakland),IEEE,2012.
[26] ERIK V D K,DENNIS A,HERBERT B,et al.Benchmarking Crimes:An Emerging Threat in Systems Security[J].arXiv Preprint,2018:1-17.
[27] ALLIX K,BISSYANDé T F,JACQUES K,et al.Are Your Training Datasets Yet Relevant?[J].Engineering Secure Software and Systems,2015(8978):51-67.
基本信息:
中图分类号:TP309;TP311.5
引用信息:
[1]王澍玮,张林杰,贾哲,等.基于网络流量的安卓恶意软件识别[J].无线电工程,2020,50(07):612-618.
基金信息:
国家重点研发计划基金资助项目(2016YFB0800305)~~
2020-06-18
2020-06-18