基于图核的Android恶意软件检测方法
|
摘要
Android恶意软件的爆发式增长已经给用户的生活和工作带来极大的危害。提出一种基于Weisfeiler-Lehman(WL)图核的Android恶意软件检测方法,将恶意软件检测问题转换成函数调用图的相似度分析问题,引入函数调用过程的API激活事件来增强函数调用图的节点标签,通过图核算法计算函数调用图的相似度来检测Android恶意软件。实验结果表明,使用API激活事件增强的WL图核方法在精确率和召回率上高于CWLK、NHGK与WLK三个图核方法和Drebin、Androguard两个检测方法。
The explosive growth of Android malware has caused great harm to users' lives and work. Proposes an Android malware detection method based on Weisfeiler-Lehman(WL) graph kernel, which converts malware detection problem into similarity analysis problem of function call graph, and introduces API activation event of function call procedure to enhance the node label of function call graph. Uses graph kernel to calculate the similarity of the function call graph and then detect the Android malware. The experimental results show that the WL kernel method using API activation event is higher than the three nuclear methods of CWLK, NHGK and WLK and the two detection methods of Drebin and Androguard in accuracy and recall rate.
The explosive growth of Android malware has caused great harm to users' lives and work. Proposes an Android malware detection method based on Weisfeiler-Lehman(WL) graph kernel, which converts malware detection problem into similarity analysis problem of function call graph, and introduces API activation event of function call procedure to enhance the node label of function call graph. Uses graph kernel to calculate the similarity of the function call graph and then detect the Android malware. The experimental results show that the WL kernel method using API activation event is higher than the three nuclear methods of CWLK, NHGK and WLK and the two detection methods of Drebin and Androguard in accuracy and recall rate.
引文
[1]2017年恶意软件专题报告.https://www.freebuf.com/articles/paper/164398.html.
[2]Li Y,Liu F,Du Z,et al.A Simhash-Based Integrative Features Extraction Algorithm for Malware Detection[J].Algorithms,2018,11(8):124.
[3]Faruki P,Ganmoor V,Laxmi V,et al.AndroSimilar:Robust Statistical Feature Signature for Android Malware Detection[C].Proceedings of the 6th International Conference on Security of Information and Networks.ACM,2013:152-159.
[4]Sheen S,Anitha R,Natarajan V.Android Based Malware Detection Using a Multifeature Collaborative Decision Fusion Approach[J].Neurocomputing,2015,151:905-912.
[5]Su X,Zhang D,Li W,et al.A Deep Learning Approach to Android Malware Feature Learning and Detection[C].Trustcom/BigDataSE/ISPA.IEEE,2016:244-251.
[6]Yerima S Y,Sezer S,Mcwilliams G,et al.A New Android Malware Detection Approach Using Bayesian Classification[C].2013 IEEE27th International Conference on Advanced Information Networking and Applications(AINA).IEEE,2013.
[7]Yang W,Xiao X,Andow B,et al.Appcontext:Differentiating Malicious and Benign Mobile App Behaviors Using Context[C].Proceedings of the 37th International Conference on Software Engineering-Volume 1.IEEE Press,2015:303-313.
[8]陈鹏,赵荣彩,单征,韩金,孟曦.基于动静结合的Android恶意代码行为相似性检测[J].计算机应用研究,2018,35(05):1534-1539.
[9]Gascon H,Yamaguchi F,Arp D,et al.Structural Detection of Android Malware Using Embedded Call Graphs[C].Proceedings of the2013 ACM Workshop on Artificial Intelligence and Security.ACM,2013:45-54.
[10]Kaspar R,Horst B.Graph Classification and Clustering Based on Vector Space Embedding[M].World Scientific,2010.
[11]Fu Y,Ma Y.Graph Embedding for Pattern Analysis[M].Springer Science&Business Media,2012.
[12]Shervashidze N,Schweitzer P,Leeuwen E J,et al.Weisfeiler-Lehman Graph Kernels[J].Journal of Machine Learning Research,2011,12(Sep):2539-2561.
[13]Hido S,Kashima H.A Linear-Time Graph Kernel[C].Data Mining,2009.ICDM'09.Ninth IEEE International Conference on.IEEE,2009:179-188.
[14]Narayanan,Annamalai,et al.Contextual Weisfeiler-Lehman Graph Kernel For Malware Detection.The 2016 International Joint Conference on Neural Networks(IJCNN).IEEE,2016.
[15]Navarin N,Sperduti A,Tesselli R.Extending Local Features with Contextual Information in Graph Kernels[C].International Conference on Neural Information Processing.Springer,Cham,2015:271-279.
[16]Costa F,Grave K D.Fast Neighborhood Subgraph Pairwise Distance Kernel[C].Proceedings of the 27th International Conference on International Conference on Machine Learning.Omnipress,2010:255-262.
[17]Desnos A.Androguard:Reverse Engineering,Malware and Goodware Analysis of Android Applications[J].code.google.com/p/androguard,2013:153.
[18]https://github.com/secure-software-engineering/FlowDroid/blob/master/soot-infoflow-android/Sources-AndSinks.txt
[19]卢正军,方勇,刘亮,张文杰,左政.基于上下文语境信息的Android恶意行为检测方法[J].计算机工程,2018,44(07):150-155.
[20]Chang,C.-J.Lin.LIBSVM:A Library For Support Vector Machines,2001.https://www.csie.ntu.edu.tw/~cjlin/libsvm/.
[21]Virus Share Malware Dataset.http://virusshare.com.
[22]Contagio Database.http://contagiominidump.blogspot.com/.
[2]Li Y,Liu F,Du Z,et al.A Simhash-Based Integrative Features Extraction Algorithm for Malware Detection[J].Algorithms,2018,11(8):124.
[3]Faruki P,Ganmoor V,Laxmi V,et al.AndroSimilar:Robust Statistical Feature Signature for Android Malware Detection[C].Proceedings of the 6th International Conference on Security of Information and Networks.ACM,2013:152-159.
[4]Sheen S,Anitha R,Natarajan V.Android Based Malware Detection Using a Multifeature Collaborative Decision Fusion Approach[J].Neurocomputing,2015,151:905-912.
[5]Su X,Zhang D,Li W,et al.A Deep Learning Approach to Android Malware Feature Learning and Detection[C].Trustcom/BigDataSE/ISPA.IEEE,2016:244-251.
[6]Yerima S Y,Sezer S,Mcwilliams G,et al.A New Android Malware Detection Approach Using Bayesian Classification[C].2013 IEEE27th International Conference on Advanced Information Networking and Applications(AINA).IEEE,2013.
[7]Yang W,Xiao X,Andow B,et al.Appcontext:Differentiating Malicious and Benign Mobile App Behaviors Using Context[C].Proceedings of the 37th International Conference on Software Engineering-Volume 1.IEEE Press,2015:303-313.
[8]陈鹏,赵荣彩,单征,韩金,孟曦.基于动静结合的Android恶意代码行为相似性检测[J].计算机应用研究,2018,35(05):1534-1539.
[9]Gascon H,Yamaguchi F,Arp D,et al.Structural Detection of Android Malware Using Embedded Call Graphs[C].Proceedings of the2013 ACM Workshop on Artificial Intelligence and Security.ACM,2013:45-54.
[10]Kaspar R,Horst B.Graph Classification and Clustering Based on Vector Space Embedding[M].World Scientific,2010.
[11]Fu Y,Ma Y.Graph Embedding for Pattern Analysis[M].Springer Science&Business Media,2012.
[12]Shervashidze N,Schweitzer P,Leeuwen E J,et al.Weisfeiler-Lehman Graph Kernels[J].Journal of Machine Learning Research,2011,12(Sep):2539-2561.
[13]Hido S,Kashima H.A Linear-Time Graph Kernel[C].Data Mining,2009.ICDM'09.Ninth IEEE International Conference on.IEEE,2009:179-188.
[14]Narayanan,Annamalai,et al.Contextual Weisfeiler-Lehman Graph Kernel For Malware Detection.The 2016 International Joint Conference on Neural Networks(IJCNN).IEEE,2016.
[15]Navarin N,Sperduti A,Tesselli R.Extending Local Features with Contextual Information in Graph Kernels[C].International Conference on Neural Information Processing.Springer,Cham,2015:271-279.
[16]Costa F,Grave K D.Fast Neighborhood Subgraph Pairwise Distance Kernel[C].Proceedings of the 27th International Conference on International Conference on Machine Learning.Omnipress,2010:255-262.
[17]Desnos A.Androguard:Reverse Engineering,Malware and Goodware Analysis of Android Applications[J].code.google.com/p/androguard,2013:153.
[18]https://github.com/secure-software-engineering/FlowDroid/blob/master/soot-infoflow-android/Sources-AndSinks.txt
[19]卢正军,方勇,刘亮,张文杰,左政.基于上下文语境信息的Android恶意行为检测方法[J].计算机工程,2018,44(07):150-155.
[20]Chang,C.-J.Lin.LIBSVM:A Library For Support Vector Machines,2001.https://www.csie.ntu.edu.tw/~cjlin/libsvm/.
[21]Virus Share Malware Dataset.http://virusshare.com.
[22]Contagio Database.http://contagiominidump.blogspot.com/.