基于特征生成方法的Android惡意軟件檢測方法
2020年信息技術與網(wǎng)絡安全第11期
馮 垚,王金雙,張雪濤
陸軍工程大學 指揮控制工程學院,江蘇 南京210001
摘要: 針對傳統(tǒng)特征工程中需要大量專家經(jīng)驗和人力的不足,研究了基于特征生成方法的Android惡意軟件檢測方法?;赨C Berkeley的ExploreKit自動特征生成方法,通過對原始特征計算獲得大量候選特征,根據(jù)候選特征的元特征預測其性能并進行評估排序,使用貪心算法從中選出能夠提升模型性能的新特征。從APK中提取了敏感API、危險權限等多種特征,在根據(jù)信息增益對特征進行篩選后,輸入到特征生成框架中,使用C4.5、SVM和隨機森林等作為分類模型。實驗證明,該方法使錯誤率平均降低了24.6%,準確率達到了96.5%,曲線下面積(Area Under Curve,AUC)達到了0.99。
中圖分類號: TP393
文獻標識碼: A
DOI: 10.19358/j.issn.2096-5133.2020.11.002
引用格式: 馮垚,王金雙,張雪濤. 基于特征生成方法的Android惡意軟件檢測方法[J].信息技術與網(wǎng)絡安全,2020,39(11):8-13.
文獻標識碼: A
DOI: 10.19358/j.issn.2096-5133.2020.11.002
引用格式: 馮垚,王金雙,張雪濤. 基于特征生成方法的Android惡意軟件檢測方法[J].信息技術與網(wǎng)絡安全,2020,39(11):8-13.
Android malware detection based on feature generation method
Feng Yao,Wang Jinshuang,Zhang Xuetao
Institute of Command Control Engineering,Army Engineering University,Nanjing 210001,China
Abstract: Considering the expert experience and manpower required in traditional feature engineering, a detection method based on feature generation was proposed in this paper. ExploreKit was adopted as the automated feature generation method, which can improve Android malware detection model performance by generating and selecting new features. A large of candidate features are obtaioned by calculating the initial features. According to the meta-features of the candidate features, their performance is predicted and evaluated. New features that will improve the performance of the model are selected by greedy algorithms. The time spent on feature generation is reduced by filtering the initial features input to ExploreKit and limiting the number of generated features. Many features were extracted from APK, such as sensitive API and dangerous permission. By using C4.5, SVM and random forest as the classification models, our experiments show that the error rate of Android malware detection decreases 24.6% on average, the accuracy reaches 96.5%, and the AUC reaches 0.99.
Key words : malware detection;feature engineering;feature generation;ExploreKit
0 引言
機器學習在Android惡意軟件檢測中得到廣泛應用,特征工程是基于機器學習的Android惡意軟件檢測的關鍵環(huán)節(jié)。目前使用的特征主要包括靜態(tài)特征和動態(tài)特征。但特征工程的過程嚴重依賴于專家經(jīng)驗,反復試驗調(diào)優(yōu)才能確定候選特征集合。
針對傳統(tǒng)特征工程需要大量專家經(jīng)驗和人力的不足,本文提出了基于特征生成方法的Android惡意軟件檢測方法。該方法提取了多類特征,基于UC Berkeley的ExploreKit[1]方法進行自動化特征生成計算,篩選得到能夠提升模型性能的新特征,得到了良好的檢測性能。
本文詳細內(nèi)容請下載:http://theprogrammingfactory.com/resource/share/2000003054
作者信息:
馮 垚,王金雙,張雪濤
(陸軍工程大學 指揮控制工程學院,江蘇 南京210001)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權禁止轉載。