基于行为特征和语义特征的多模态Android恶意软件检测方法

doi:10.16180/j.cnki.issn1007-7820.2024.05.010

Abstract

Abstract:

Existing methods for detecting Android malware only consider a single kind of features, which do not fully describe the features of Android software. In order to solve the above problems, this study presents a multimodal Android malware detection method based on the permissions, byte code probability matrix and function call graph. At the same time, in order to solve the problem of feature representation of function nodes, a new node feature generation method is presented in this study in the generation of function call graph. In order to enrich the semantic information of opcode, a byte probability matrix generation method based on 2-gram is presented. The experiment proves that the method described the characteristics of Android software more comprehensively than other methods, and the detection accuracy rate reached 95.2%. Compared with the existing methods, the accuracy of this method has been improved by 22% on average, effectively improving the detection ability of Android malware.

Key words: Android, feature fusion, permission, byte probability matrix, function call graph, convolution neural network, malware detection, multimodal

CLC Number:

TP183

ZHU Jinkai, FANG Lanting, JI Xiaowen, HUANG Jie. Multimodal Android Malware Detection Method Based on Behavioral and Semantic Characteristics[J].Electronic Science and Technology, 2024, 37(5): 71-78.

Figures/Tables 8

Figure 1.

Figure 2.

Figure 3.

Figure 4.

Table 1.

Table 2.

Table 3.

Table 4.

References 35

[1]	潘建文, 崔展齐, 林高毅, 等. Android恶意应用静态检测方法研究综述[J]. 计算机研究与发展, 2023, 60(8):1875-1894.
	Pan Jianwen, Cui Zhanqi, Lin Gaoyi, et al. A review of static android malware detection methods[J]. Journal of Computer Research and Development, 2023, 60(8):1875-1894.
[2]	Wang C D. An Android malware dynamic detection method based on service call cooccurrence matrices[J]. Annals of Telecommunications, 2017, 72(9-10):607-615.
[3]	范铭, 刘烃, 刘均, 等. 安卓恶意软件检测方法综述[J]. 中国科学(信息科学), 2020, 50(8):1148-1177.
	Fan Ming, Liu Ting, Liu Jun, et al. Android malware detection:A survey[J]. Science in China(Information of S-ciences), 2020, 50(8):1148-1177.
[4]	王志文, 刘广起, 韩晓晖, 等. 基于机器学习的恶意软件识别研究综述[J]. 小型微型计算机系统, 2022, 43(12):2628-2637.
	Wang Zhiwen, Liu Guangqi, Han Xiaohui, et al. Survey on machine-learning-based malware identification research[J]. Journal of Chinese Computer Systems, 2022, 43(12):2628-2637.
[5]	瞿俊, 顾刘军. 基于朴素贝叶斯的安卓恶意软件检测研究[J]. 信息网络安全, 2020(S1):27-30.
	Qu Jun, Gu Liujun. Android malware detection research based on naive Bayesian[J]. Netinfo Security, 2020(S1):27-30.
[6]	Teufl P. Malware detection by applying knowledge discovery processes to application metadata on the Android market(Google Play)[J]. Security and Communication Networks, 2016, 9(5):389-419.
[7]	褚堃, 万良, 马丹, 等. 深度可分离卷积在Android恶意软件分类的应用研究[J]. 计算机应用研究, 2022, 39(5):1534-1540.
	Chu Kun, Wan Liang, Ma Dan, et al. Research on application of depthwise separable convolution in Android malware classification[J]. Application Research of Computers, 2022, 39(5):1534-1540.
[8]	张雪涛, 王金双, 孙蒙. 基于GCN的安卓恶意软件检测模型[J]. 软件导刊, 2020, 19(7):187-193.
	Zhang Xuetao, Wang Jinshuang, Sun Meng. GCN-based Android malware detection model[J]. Software Guide, 2020, 19(7):187-193.
[9]	李璐. 基于函数调用图的Android恶意软件检测[J]. 现代计算机, 2018, 19(12):28-33.
	Li Lu. Android malware detection based on function call graph[J]. Modern Computer, 2018, 19(12):28-33.
[10]	潘梦竹, 李千目, 邱天. 深度多模态表示学习的研究综述[J]. 计算机工程与应用, 2023, 59(2):48-64. doi: 10.3778/j.issn.1002-8331.2206-0145
	Pan Mengzhu, Li Qianmu, Qiu Tian. Survey of research on deep multimodal representation learning[J]. Computer Engineering and Applications, 2023, 59(2):48-64. doi: 10.3778/j.issn.1002-8331.2206-0145
[11]	Guen K T, Kang B J, Mina R, et al. A multimodal deep learning method for android malware detection using various features[J]. IEEE Transactions on Information Forensics and Security, 2019, 14(3):773-788.
[12]	Mohamed G, Abdelmalek A. A new wrapper-based feature selection technique with fireworks algorithm for Android malware detection[J]. International Journal of Software Science and Computational Intelligence, 2022, 14(1):1-19.
[13]	Íbrahim Doĝru A, Önder M. AppPerm analyzer:Malware detection system based on Android permissions and permission groups[J]. International Journal of Software Engineering and Knowledge Engineering, 2020, 30(3):24-30.
[14]	Altaher A, Barukab O M. Intelligent hybrid approach for Android malware detection based on permissions and API calls[J]. International Journal of Advanced Computer Science and Applications, 2017, 8(6):60-67.
[15]	Lu Y, Zulie P, Jingju L, et al. Android malware detectiontechnology based on improved Bayesian classification[C]. Shenyang: The Third International Conference on Instrumentation,Measurement,Computer,Communication and Control, 2013:112-130.
[16]	Khariwal K, Gupta R, Singh J, et al. R-MFDroid:Android malware detection using ranked manifest file components[J]. International Journal of Innovative Technology and Exploring Engineering, 2021, 10(7):55-64.
[17]	Wu D J, Mao C H, Wei H M, et al. DroidMat:Android malware detection through manifest and API calls tracing[C]. Tokyo: The Seventh Asia Joint Conference onInformation Security, 2012:172-180.
[18]	Thongsuwan S, Jaiyen S, Padcharoen A, et al. ConvXGB:A new deep learning model for classification problems based on CNN and XGBoost[J]. Nuclear Engineering and Technology, 2021, 53(2):522-531.
[19]	Fang W, Zhang L, Wang C, et al. AMC-MDL:A novel approach of Android malware classification using multimodel deep learning[C]. Calgary: IEEE International Conference on Dependable,Autonomic and Secure Computing,International Conference on Pervasive Intelligence and Computing,International Conference on Cloud and Big Data Computing,International Conference on Cyber Science and Technology Congress, 2020:108-127.
[20]	Jerome Q, Allix K, State R, et al. Using opcode-sequences to detect malicious Android applications[C]. New South Wales: IEEE International Conference on Communications, 2014:76-90.
[21]	Ding Y, Hu J, Xu W, et al. A deep feature fusion method for Android malware detection[C]. Kobe: International Conference on Machine Learning and Cybernetics IEEE, 2019:1121-1134.
[22]	Yan J P, Qi Y, Rao Q F. LSTM-based hierarchical denoising network for Android malware detection[J]. Security and Communication Networks, 2018, 20(8):1-18.
[23]	Amin M, Tanveer T A, Tehseen M, et al. Static malware detection and attribution in android bytecode throughan end-to-end deep system[J]. Future Generation Computer Systems, 2020, 10(2):112-126.
[24]	Shikha B, Sunil K M. GENDroid:A graph-based ensemble classifier for detecting Android malware[J]. International Journal of Information and Computer Security, 2022, 18(3-4):327-347.
[25]	Cai M, Jiang Y, Gao C, et al. Learning features from enhanced function call graphs for Android malware detection[J]. Neurocomputing, 2021, 42(3):301-307.
[26]	杨铭, 张健. 基于图像识别的恶意软件静态检测模型[J]. 信息网络安全, 2021, 21(10):25-32.
	Yang Ming, Zhang Jian. Static detection model based on image recognition[J]. Netinfo Security, 2021, 21(10):25-32.
[27]	朱斌, 刘子龙. 基于新型初始模块的卷积神经网络图像分类方法[J]. 电子科技, 2021, 34(2):52-56.
	Zhu Bin, Liu Zilong. Image classification method using convolutional neural network based on new initial module[J]. Electronic Science and Technology, 2021, 34(2):52-56.
[28]	程俊华, 曾国辉, 刘瑾. 基于深度学习的复杂背景图像分类方法研[J]. 电子科技, 2020, 33(12):59-66.
	Cheng Junhua, Zeng Guohui, Liu Jin. Research on complex background image classification method based on deep learning[J]. Electronic Science and Technology, 2020, 33(12):59-66.
[29]	张锐, 杨吉云. 基于权限相关性的Android恶意软件检测[J]. 计算机应用, 2014, 34(5):1322-1325. doi: 10.11772/j.issn.1001-9081.2014.05.1322
	Zhang Rui, Yang Jiyun. Android malware detection based on permission correlation[J]. Journal of Computer Applications, 2014, 34(5):1322-1325. doi: 10.11772/j.issn.1001-9081.2014.05.1322
[30]	王思远, 张仰森, 曾健荣, 等. Android恶意软件检测方法综述[J]. 计算机应用与软件, 2021, 38(9):1-9.
	Wang Siyuan, Zhang Yangsen, Zeng Jianrong, et al. Overview of Android malware detection methods[J]. Computer Applications and Software, 2021, 38(9):1-9.
[31]	李剑, 朱月俊. 基于权限的安卓恶意软件检测方法[J]. 信息安全研究, 2017, 3(9):817-822.
	Li Jian, Zhu Yuejun. Detection method of Android malware by using permission[J]. Journal of Information Security Research, 2017, 3(9):817-822.
[32]	张雪涛, 孙蒙, 王金双. 基于操作码的安卓恶意代码多粒度快速检测方法[J]. 网络与信息安全学报, 2019, 5(6):85-94.
	Zhang Xuetao, Sun Meng, Wang Jinshuang. Multigranularity Android malware fast detection based on opcode[J]. Chinese Journal of Network and Information Security, 2019, 5(6):85-94.
[33]	陈铁明, 徐志威. 基于API调用序列的Android恶意代码检测方法研究[J]. 浙江工业大学学报, 2018, 46(2):147-154.
	Chen Tieming, Xu Zhiwei. Research on detection of Android malicious code based on API call sequence[J]. Journal of Zhejiang University of Technology, 2018, 46(2):147-154.
[34]	陈铁明, 项彬彬, 吕明琪, 等. 基于字节码图像和深度学习的Android恶意应用检测[J]. 电信科学, 2019, 35(1):9-17. doi: 10.11959/j.issn.1000-0801.2019022
	Chen Tieming, Xiang Binbin, Lv Mingqi, et al. Android malware detection method based on bytecode image and deep learning[J]. Telecommunications Science, 2019, 35(1):9-17. doi: 10.11959/j.issn.1000-0801.2019022
[35]	李自清. 基于函数调用图的Android恶意代码检测方法研究[J]. 计算机测量与控制 2017, 25(10):198-201,205.
	Li Ziqing. Android malicious code detection method based on function call graph[J]. Computer Measurement and Control, 2017, 25(10):198-201,205.

序号	危险权限名称
1	CAMERA
2	READ_CONTACTS
3	GET_ACCOUNTS
4	RECORD_AUDIO
5	READ_SMS
6	USE_SIP

方法	准确率	精准率	召回率	F1分数
基于权限的方法^[31]	0.626	0.650	0.596	0.623
基于操作码的方法^[32]	0.749	0.761	0.758	0.760
基于API调用序列的方法^[33]	0.669	0.642	0.657	0.649
基于字节码图像的方法^[34]	0.843	0.866	0.793	0.828
基于函数调用图的方法^[35]	0.867	0.871	0.864	0.868
本文方法	0.952	0.964	0.950	0.957

方法	准确率	精准率	召回率	F1分数
GCN	0.866	0.871	0.864	0.868
GAT	0.870	0.862	0.871	0.867
GraphSAGE	0.883	0.896	0.861	0.878

特征	准确率	精准率	召回率	F1分数
A+B	0.908	0.897	0.905	0.901
A+C	0.926	0.929	0.913	0.921
B+C	0.941	0.940	0.937	0.939
A+B+C	0.952	0.964	0.950	0.957

Multimodal Android Malware Detection Method Based on Behavioral and Semantic Characteristics

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 35

Related Articles 15

Metrics

Comments

Recommended 0

[1]	PANG Jiangfei, SUN Zhanquan. Multi-Encoder Transformer for End-to-End Speech Recognition [J]. Electronic Science and Technology, 2024, 37(4): 1-7.
[2]	QIN Xiaofei, HE Wen, BAN Dongxian, GUO Hongyu, YU Jing. Research on Fast 3D Hand Keypoint Detection Algorithm Based on Anchor [J]. Electronic Science and Technology, 2024, 37(4): 77-86.
[3]	MA Wenjie, ZHANG Xuanxiong. Research on Blind Roads and Obstacle Recognition Algorithm Based on Deep Learning [J]. Electronic Science and Technology, 2024, 37(3): 75-83.
[4]	TIAN Zhixin,XU Zhen,MAO Jian,LIN Binbin,LIAO Wei. Classification Method of Steel Surface Defects Based on Multi-Scale Feature Fusion [J]. Electronic Science and Technology, 2024, 37(2): 87-95.
[5]	ZHA Junwei,ZHANG Hongyan. Dynamic Receptive Field Feature Selection Dehazing Network [J]. Electronic Science and Technology, 2023, 36(7): 56-63.
[6]	CUI Zhuodong,CHEN Wei,YIN Zhong. Helmet Wearing Detection Based on Enhanced Feature Fusion Network [J]. Electronic Science and Technology, 2023, 36(4): 44-51.
[7]	WANG Qiao,HU Chunyan,LI Feifei. Scene Recognition Algorithm Based on Deep Transfer Learning and Multi-Scale Feature Fusion [J]. Electronic Science and Technology, 2023, 36(11): 19-27.
[8]	BI Jiazhen,SHEN Tuo,ZHANG Xuanxiong. A Research on Distance Measurement Between Trains in Rail Transit Based on Machine Vision [J]. Electronic Science and Technology, 2022, 35(9): 37-43.
[9]	DENG Yuan,SHI Yiping,JIANG Yueying,ZHU Yamei,LIU Jin. Infant Expression Recognition Algorithm Based on MobileNetV2 and LBP Feature Fusion [J]. Electronic Science and Technology, 2022, 35(8): 47-52.
[10]	SUN Kang,XUAN Xuyang,LIU Penghui,ZHAO Laijun,LONG Jie. Partial Discharge Pattern Recognition of Cable Based on CNN-DCGAN under Small Data [J]. Electronic Science and Technology, 2022, 35(7): 7-13.
[11]	SHEN Ningjing,YUAN Jian. Crowd Counting Algorithm Based on Residual Dense Connection and Attention Fusion [J]. Electronic Science and Technology, 2022, 35(6): 6-12.
[12]	Lingyu JI,Yongbin GAO,Chenglu ZHAO,Xianhua TANG,Kaicheng XU,Jiacheng XU. CTA Segmentation Algorithm of Abdominal Artery Based on 3D Fully Convolutional Network [J]. Electronic Science and Technology, 2022, 35(3): 38-44.
[13]	SU Bo,CHAI Ziqiang,WANG Li,CUI Shuaihua. Eight-Section Brocade Sequence Action Recognition and Evaluation Based on Pose Estimation [J]. Electronic Science and Technology, 2022, 35(12): 84-90.
[14]	ZHAO Chong,CHI Mengmeng,CHU Cong,ZHANG Peng. Research on Motion Simulation and Visual Recognition Algorithm of Guide Dog Walking Mechanism [J]. Electronic Science and Technology, 2021, 34(9): 66-72.
[15]	MA Lixin,DOU Chenfei,SONG Chencan,YANG Tianxiao. Insulator Nondestructive Testing Based on Feature Fusion CNN [J]. Electronic Science and Technology, 2021, 34(7): 26-30.