摘要
近年来,针对Android平台的恶意软件急剧增加,给反恶意软件领域带来了巨大挑战。尽管目前基于机器学习的检测方法为弥补传统检测技术的不足提供了新方向,但这些检测方法往往是基于单个模型或组合的相似模型构建的,很难从多个视角提取不同层次的语义信息,最终限制了检测效果。针对这一问题,文章提出了一种基于多视角多任务学习的Android恶意软件检测模型。首先,系统调用信息被输入梯度提升树模型以挖掘频次视角信息,然后调用信息还会被转化为灰度图并输入到基于视觉图神经网络、卷积神经网络的学习器以学习共现和关联特征。最后,文章还引入了基于层次标签的多任务学习方法完成模型训练,实现了针对Android恶意软件的多视角特征提取和分析。在来自UNB的细粒度公开数据集上的实验结果表明,该方法总体上优于传统基于单视角的检测方法,具备较好的准确率和可靠性。
In recent years,there is a dramatic increase in malware targeting the Android platform,which brings great challenges to the anti-malware field.Although the current detection methods based on machine learning provide a new direction to make up for the shortcomings of traditional detection technology.These methods are often based on an individual model or a combination of similar models.It is difficult to extract semantic information at different levels from multi-view which ultimately limits the detection effect.To address this vulnerability,this paper proposed an Android malware detection model based on multi-view and multi-task learning.First of all,the system call information was input into the gradient boosting decision tree model to mine the frequency view features.Then,the system call information was also transformed into a grayscale image and input to the learner based on a vision graph neural network and a convolutional neural network to learn co-occurrence and association features.Finally,the paper also introduced a multi-task learning method based on hierarchical labeling to complete model training,and achieved multi-view feature extraction and analysis for Android malware.Experimental results on the fine-grained public dataset from UNB show that this method is generally superior to the traditional method based on a single view,with better accuracy and reliability.
作者
仝鑫
金波
王靖亚
杨莹
TONG Xin;JIN Bo;WANG Jingya;YANG Ying(School of Information Network Security,People's Public Security University of China,Beijing 10003&China;The Third Research Institute of the Ministry of Public Security,Shanghai 200031,China)
出处
《信息网络安全》
CSCD
北大核心
2022年第10期1-7,共7页
Netinfo Security
基金
国家重点研发计划[2021YFB3101405]
国家社会科学基金重点项目[20AZD114]
国家重点研发计划[2022YFC3300800]。