【摘要】：針對傳統(tǒng)安卓惡意程序檢測技術(shù)檢測準(zhǔn)確率低,對采用了重打包和代碼混淆等技術(shù)的安卓惡意程序無法成功識別等問題,設(shè)計并實(shí)現(xiàn)了DeepDroid算法。首先,提取安卓應(yīng)用程序的靜態(tài)特征和動態(tài)特征,結(jié)合靜態(tài)特征和動態(tài)特征生成應(yīng)用程序的特征向量;然后,使用深度學(xué)習(xí)算法中的深度置信網(wǎng)絡(luò)(DBN)對收集到的訓(xùn)練集進(jìn)行訓(xùn)練,生成深度學(xué)習(xí)網(wǎng)絡(luò);最后,利用生成的深度學(xué)習(xí)網(wǎng)絡(luò)對待測安卓應(yīng)用程序進(jìn)行檢測。實(shí)驗(yàn)結(jié)果表明,在使用相同測試集的情況下,DeepDroid算法的正確率比支持向量機(jī)(SVM)算法高出3.96個百分點(diǎn),比樸素貝葉斯(Naive Bayes)算法高出12.16個百分點(diǎn),比K最鄰近(KNN)算法高出13.62個百分點(diǎn)。DeepDroid算法結(jié)合了安卓應(yīng)用程序的靜態(tài)特征和動態(tài)特征,采用了動態(tài)檢測和靜態(tài)檢測相結(jié)合的檢測方法,彌補(bǔ)了靜態(tài)檢測代碼覆蓋率不足和動態(tài)檢測誤報率高的缺點(diǎn),在特征識別的部分采用DBN算法使得網(wǎng)絡(luò)訓(xùn)練速度得到保證的同時還有很高的檢測正確率。
[Abstract]:Aiming at the low detection accuracy of traditional malware detection technology of Android, the DeepDroid algorithm is designed and implemented to solve the problem that malware can not be recognized successfully by using repackaging and code confusion techniques. First, the static and dynamic features of Android applications are extracted, and the feature vectors are generated by combining static and dynamic features. The depth confidence network (DBN) in the depth learning algorithm is used to train the collected training set to generate the deep learning network. Finally, the generated depth learning network is used to detect the Android testing application. The experimental results show that the accuracy of DeepDroid algorithm is 3.96% higher than that of support vector machine (SVM) algorithm and 12.16% higher than that of naive Bayesian (Naive Bayes) algorithm under the same test set. This algorithm is 13.62 percentage points higher than K's nearest neighbor (KNN) algorithm. DeepDroid algorithm combines the static and dynamic features of Android application, and adopts the combination of dynamic detection and static detection. It makes up for the deficiency of the static detection code coverage and the high false alarm rate of dynamic detection. In the part of feature recognition, the DBN algorithm is used to ensure the network training speed and the detection accuracy is also very high.
【作者單位】： 數(shù)學(xué)工程與先進(jìn)計算國家重點(diǎn)實(shí)驗(yàn)室;
【基金】：國家自然科學(xué)基金資助項(xiàng)目(61271252)~~
【分類號】：TP309;TP316
，

本文編號：2208273