一种基于深度学习的强对抗性Android恶意代码检测方法

doi:10.3969/j.issn.0372-2112.2020.08.007

电子学报 ›› 2020, Vol. 48 ›› Issue (8): 1502-1508.DOI: 10.3969/j.issn.0372-2112.2020.08.007

一种基于深度学习的强对抗性Android恶意代码检测方法

李鹏伟, 姜宇谦, 薛飞扬, 黄佳佳, 徐超

南京审计大学信息工程学院, 江苏南京 211815

收稿日期:2019-03-03 修回日期:2020-05-15 出版日期:2020-08-25 发布日期:2020-08-25
作者简介:李鹏伟 男,1987年7月出生于山西省五寨县.现工作于南京审计大学信息工程学院.主要研究方向为系统安全和软件安全. E-mail:pwli@nau.edu.cn;姜宇谦 男,1998年出生于上海.现为南京审计大学计算机科学与技术专业在读本科生.主要研究方向为网络与信息安全. E-mail:jyq9898@163.com
基金资助:
国家自然科学基金（No.61802194，No.61902190）；江苏省高等学校自然科学研究（No.17KJB520015，No.19KJB520040）；审计信息与工程协同创新中心资助项目（No.18CICA06）

A Robust Approach for Android Malware Detection Based on Deep Learning

LI Peng-wei, JIANG Yu-qian, XUE Fei-yang, HUANG Jia-jia, XU Chao

School of Information Engineering, Nanjing Audit University, Nanjing, Jiangsu 211815, China

Received:2019-03-03 Revised:2020-05-15 Online:2020-08-25 Published:2020-08-25

摘要/Abstract

摘要： 针对现有Android恶意代码检测方法容易被绕过的问题，提出了一种强对抗性的Android恶意代码检测方法.首先设计实现了动静态分析相结合的移动应用行为分析方法，该方法能够破除多种反分析技术的干扰，稳定可靠地提取移动应用的权限信息、防护信息和行为信息.然后，从上述信息中提取出能够抵御模拟攻击的能力特征和行为特征，并利用一个基于长短时记忆网络（Long Short-Term Memory，LSTM）的神经网络模型实现恶意代码检测.最后通过实验证明了本文所提出方法的可靠性和先进性.

关键词: 恶意代码, 静态分析, 动态分析, 深度学习, 长短时记忆网络

Abstract: Conventional Android malware detection method can easily be evaded.In this study,we propose a detection method of Android malicious code based on short-term memory network(LSTM),which makes malware more difficult to evade from detection.In this method,a program analysis framework that combines static and dynamic analysis is proposed at first to get the permission information,protection information and behavior information.Secondly,entrenched features such as ability features and behavior features are extracted from the information that provided by the program analysis framework.With the entrenched features,we design a malware detection method based on LSTM model to distinguish benign applications from the malicious ones.Experimental results demonstrate that our approach is more effective and robust in Android malware detection than the state-of-the-art methods.

Key words: android malware, static analysis, dynamic analysis, deep learning, LSTM

中图分类号:

TP391

李鹏伟, 姜宇谦, 薛飞扬, 黄佳佳, 徐超. 一种基于深度学习的强对抗性Android恶意代码检测方法[J]. 电子学报, 2020, 48(8): 1502-1508.

LI Peng-wei, JIANG Yu-qian, XUE Fei-yang, HUANG Jia-jia, XU Chao. A Robust Approach for Android Malware Detection Based on Deep Learning[J]. Acta Electronica Sinica, 2020, 48(8): 1502-1508.

参考文献

[1] 腾讯移动安全实验室.2019年上半年手机安全报告[OL].https://m.qq.com/security_lab/news_detail_517.html,2019-07-18/2020-03-01.
[2] Naway A,Li Y.A review on the use of deep learning in android malware detection[J].International Journal of Computer Science and Mobile Computing,2018,7(10):42-58.
[3] Huang H,Cong Z,Zeng J,et al.Android malware development on public malware scanning platforms:A large-scale data-driven study[A].Proceedings of the IEEE International Conference on Big Data[C].Washington D.C:IEEE,2016.1090-1099.
[4] Yang W,Zhang Y,Li J,et al.Appspear:Bytecode decrypting and dex reassembling for packed android malware[A].International Workshop on Recent Advances in Intrusion Detection[C].Cham:Springer,2015.359-381.
[5] 乐洪舟,张玉清,王文杰,等.Android 动态加载与反射机制的静态污点分析研究[J].计算机研究与发展,2017,54(2):313-327. Yue Hongzhou,Zhang Yuqing,Wang Wenjie,et al.Android static taint analysis of dynamic loading and reflection mechanism[J].Journal of Computer Research and Development,2017,54(2):313-327.(in Chinese)
[6] Wang X,Zhu S,Zhou D,et al.Droid-AntiRM:Taming control flow anti-analysis to support automated dynamic analysis of android malware[A].Proceedings of the 33rd Annual Computer Security Applications Conference[C].USA:ACM,2017.350-361.
[7] Hoffmann J,Ussath M,Holz T,et al.Slicing droids:Program slicing for smali code[A].Proceedings of the 28th Annual ACM Symposium on Applied Computing[C].USA:ACM,2013.1844-1851.
[8] Arzt S,Rasthofer S,Fritz C,et al.Flowdroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for android Apps[J].ACM SIGPLAN Notices,2014,49(6):259-269.
[9] Li L,Bartel A,Klein J,et al.I know what leaked in your pocket:Uncovering privacy leaks on android apps with static taint analysis[J].arXiv Preprint,2014,arXiv:1404.7431.
[10] Enck W,Gilbert P,Han S,et al.TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems(TOCS),2014,32(2):5.
[11] Arp D,Spreitzenbarth M,Hubner M,et al.DREBIN:Effective and explainable detection of android malware in your pocket[A].Proceedings of the Network and Distributed System Security Symposiu[C].SanDiego:ISOC,2014.1-12.
[12] Feizollah A,Anuar N B,Salleh R,et al.AndroDialysis:Analysis of android intent effectiveness in malware detection[J].Computers & Security,2017,65:121-134.
[13] Pengwei LI,Jianming FU,Chao XU,et al.Differentiating malicious and benign android App operations using second-step behavior features[J].Chinese Journal of Electronics,2019,28(5):944-952.
[14] 王兆国,李城龙,张洛什,等.一种基于行为链的 Android 应用隐私窃取检测方法[J].电子学报,2015,43(9):1750-1755. WANG Zhao-guo,LI Cheng-long,ZHANG Luo-shi,et al.A privacy stealing detection method based on behavior-chain for android applications[J].Acta Electronica Sinica,2015,43(9):1750-1755.(in Chinese)
[15] 张鹏,牛少彰,黄如强.基于资源签名的 Android 应用相似性快速检测方法[J].电子学报,47(9):1913-1918. ZHANG Peng,NIU Shao-zhang,HUANG Ru-qiang.A fast and resource-based detection approach of similar android application[J].Acta Electronica Sinica,2019,47(9):1913-1918.(in Chinese)
[16] 王蕊,苏璞睿,杨轶,等.一种抗混淆的恶意代码变种识别系统[J].电子学报,2011,39(10):2322-2330. WANG Rui,SU Purui,YANG Yi,et al.An anti obfuscation malware variants identification system[J].Acta Electronica Sinica,2011,39(10):2322-2330.(in Chinese)
[17] Mclaughlin N,Rincon J M D,Kang B J,et al.Deep android malware detection[A].Proceedings of the ACM Conference on Data & Application Security & Privacy[C].Scottsdale,AZ:ACM,2017.301-308.
[18] Zhenlong,Yuan,Yongqiang,et al.Droid detector:Android malware characterization and detection using deep learning[J].Tsinghua Science & Technology,2016,21(1):114-123.
[19] Desnos A.Androguard:Reverse Engineering,Malware and Goodware Analysis of Android Applications and More[OL].https://code.google.com/p/androguard/,2013-03-26/2020-03-01.
[20] UI/Application Exerciser[OL].http://Monkey.developer.android.com/guide/developing/tools/monkey.html,2020-03-01.
[21] Li Y,Yang Z,Guo Y,et al.Droidbot:A lightweight UI-guided test input generator for android[A].IEEE/ACM 39th International Conference on Software Engineering Companion(ICSE-C)[C].USA:IEEE,2017.23-26.
[22] Seveniruby.基于appium的app自动遍历工具[OL].https://github.com/seveniruby/AppCrawler,2020-03-01.
[23] Jonathan.Appium:Mobile App Automation Made Awesome[OL].http://appium.io/,2020-03-01.
[24] Li B,Zhang Y,Li J,et al.AppSpear:Automating the hidden-code extraction and reassembling of packed android malware[J].Journal of Systems and Software,2018,140:3-16.
[25] Alex Black.Deep Learning for Java,Scala & Clojure on Hadoop,Spark & GPUs [OL].https://github.com/eclipse/deeplearning4j,2020-03-01.
[26] Arash Habibi Lashkari,Andi Fitriah A Kadir,Hugo Gonzalez,et al.Towards a network based framework for android malware detection and characterization[A].Proceedings of the 15th International Conference on Privacy,Security and Trust[C].Calgary:IEEE,2017.233-234.
[27] Jiang X,Zhou Y.Dissecting android malware:Characterization and evolution[A].Proceedings of the IEEE Symposium on Security and Privacy[C].San Francisco’Bay Area:IEEE,2012.95-109.
[28] Wei F,Li Y,Roy S,et al.Deep ground truth analysis of current android malware[A].Proceedings of the International Conference on Detection of Intrusions and Malware,And Vulnerability Assessment[C].Bonn:SIDAR,2017.252-276.
[29] Shiqi L,Shengwei T,Long Y,et al.Android malicious code classification using deep belief network[J].KSII Trans on Internet Inf Syst,2018,12(1):454-475.
[30] Martinelli F,Marulli F,Mercaldo F.Evaluating convolutional neural network for effective mobile malware detection[J].Procedia Comput Sci,2017,1(112):2372-2381.
[31] Alshahrani H,Mansourt H,Thorn S,et al.DDefender:Android application threat detection using static and dynamic analysis[A].Proceedings of the International Conference on Consumer Electronics[C].Las Vegas:IEEE,2018.1-6.
[32] Vinayakumar R,Soman K P,Poornachandran P,Sachin Kumar S.Detecting Android malware using Long Short-term Memory(LSTM)[J].J Intell Fuzzy Syst,2018,34(3):1277-1288.

一种基于深度学习的强对抗性Android恶意代码检测方法

A Robust Approach for Android Malware Detection Based on Deep Learning

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	廖勇, 李玉杰. 一种轻量化低复杂度的FDD大规模MIMO系统CSI反馈方法[J]. 电子学报, 2022, 50(5): 1211-1217.
[2]	冀振燕, 韩梦豪, 宋晓军, 冯其波. 面向激光光条图像修复的循环相似度映射网络[J]. 电子学报, 2022, 50(5): 1234-1242.
[3]	潘敏婷, 王韫博, 朱祥明, 高思宇, 龙明盛, 杨小康. 基于无标签视频数据的深度预测学习方法综述[J]. 电子学报, 2022, 50(4): 869-886.
[4]	杨曦, 张鑫, 郭浩远, 王楠楠, 高新波. 基于不变特征的多源遥感图像舰船目标检测算法[J]. 电子学报, 2022, 50(4): 887-899.
[5]	张浩, 胡昌华, 杜党波, 裴洪, 张建勋. 多状态影响下基于Bi‑LSTM网络的锂电池剩余寿命预测方法[J]. 电子学报, 2022, 50(3): 619-624.
[6]	崔亚奇, 何友, 唐田田, 熊伟. 一种深度学习航迹关联方法[J]. 电子学报, 2022, 50(3): 759-763.
[7]	骈纬国, 吴映波, 陈蒙, 蔡俊鹏. 一种基于时空动态图注意力网络的共享出行需求预测方法[J]. 电子学报, 2022, 50(2): 432-439.
[8]	李居朋, 王颖慧, 李刚. 医学图像关键点检测深度学习方法研究与挑战[J]. 电子学报, 2022, 50(1): 226-237.
[9]	张聿远, 张立民, 闫文君. 基于深度多级残差网络的低信噪比下空频分组码识别方法[J]. 电子学报, 2022, 50(1): 79-88.
[10]	席亮, 刘涵, 樊好义, 张凤斌. 基于深度对抗学习潜在表示分布的异常检测模型[J]. 电子学报, 2021, 49(7): 1257-1265.
[11]	谢佳龙, 张波涛, 吕强. 一种基于双流融合3D卷积神经网络的动态头势识别方法[J]. 电子学报, 2021, 49(7): 1363-1369.
[12]	罗会兰, 袁璞, 童康. 基于深度学习的显著性目标检测方法综述[J]. 电子学报, 2021, 49(7): 1417-1427.
[13]	程旭, 宋晨, 史金钢, 周琳, 张毅锋, 郑钰辉. 基于深度学习的通用目标检测研究综述[J]. 电子学报, 2021, 49(7): 1428-1438.
[14]	廖勇, 田肖懿, 蔡志镕, 花远肖, 韩庆文. 面向C-V2I的基于边缘计算的智能信道估计[J]. 电子学报, 2021, 49(5): 833-842.
[15]	王辉, 欧阳缮, 廖可非, 晋良念. 基于深度学习的GPR B-SCAN图像双曲线检测方法[J]. 电子学报, 2021, 49(5): 953-963.