PDF下载分享

[1]唐明婕,甘刚.基于改进的图注意机制模型的安卓恶意软件检测方法研究[J].成都信息工程大学学报,2025,40(01):21-28.[doi:10.16836/j.cnki.jcuit.2025.01.004]
　TANG Mingjie,GAN Gang.Research on Android Malware Detection Method based on the Improved Graph Attention Mechanism Model[J].Journal of Chengdu University of Information Technology,2025,40(01):21-28.[doi:10.16836/j.cnki.jcuit.2025.01.004]

点击复制

基于改进的图注意机制模型的安卓恶意软件检测方法研究

成都信息工程大学学报[ISSN:1006-6977/CN:61-1281/TN] 卷: 40 期数: 2025年01期页码: 21-28 栏目: 电子信息科学与技术出版日期: 2025-02-28

Title:: Research on Android Malware Detection Method based on the Improved Graph Attention Mechanism Model

文章编号:: 2096-1618(2025)01-0021-08

作者:: 唐明婕; 甘刚; (成都信息工程大学网络空间安全学院,四川成都 610225)

Author(s):: TANG Mingjie; GAN Gang; (College of Cybersecurity,Chengdu University of Information Technology,Chengdu 610225,China)

关键词:: API调用图; SDNE嵌入; 双向图注意力; 安卓恶意软件检测

Keywords:: API call graph; SDNE embedding; bidirectional graph attention; Android malware detection

分类号:: TP309.2

DOI:: 10.16836/j.cnki.jcuit.2025.01.004

文献标志码:: A

摘要:: 在当下恶意软件蔓延的背景下,恶意软件检测需求不断增加。提出一种基于改进的图注意机制模型的安卓恶意软件检测方法,通过静态分析提取API调用图,显示出应用程序的行为。通过使用SDNE图嵌入算法,从API调用图中进行结构特征和内容特征的学习。在模型学习的过程中,采用一种计算双向图注意力权重的策略,旨在提高对相似节点的保留,并增强节点属性之间的相似性。最后,借助自注意力卷积层生成权重自适应的表示,并在池化层中生成图嵌入表示,以用于检测任务。基于CICMalDroid 2020数据集显示,该方法在安卓恶意软件检测领域表现出较高的有效性,准确率达到97.90%。与原有的图注意力网络模型相比,准确率提升0.03%,验证了该方法的实用性和有效性。该研究成果显示出该方法在应对不断增长的恶意软件威胁方面具有潜力,可为安卓恶意软件检测提供更准确和可靠的解决方案。

Abstract:: In the context of the spread of malware, the demand for malware detection is increasing. This paper presents an Android malware detection method based on an improved graph attention mechanism model. The methodology involves extracting the API call graph through static analysis, which shows the behavior of the application. Subsequently, the structural features and content features are acquired from the API call graph by using the SDNE graph embedding algorithm. In the process of model learning, a strategy is adopted to calculate the bidirectional graph attention weights, aiming to improve the retention of similar nodes and enhance the similarity between node properties. Finally, a weight-adaptive representation is generated with the help of the self-attention convolution layer, and a graph embedding representation is generated in the pooling layer for use in the detection task. The experimental results are based on the CICMalDroid 2020 data set, showing that this method shows high effectiveness in the field of Android malware detection, with an accuracy of 97.90%. Compared with the original graph attention network model, it improves the accuracy by 0.03%, verifying the practicability and effectiveness of the proposed method. The results show the potential to deal with growing malware threats and to provide a more accurate and reliable solution for Android malware detection.

参考文献/References:

[1] Chen H M,JiangCun H U.Static Detection Method of Android Malware[C].Computer Systems & Applications,2018.
[2] 秦中元,徐毓青,梁彪,等.一种Android平台恶意软件静态检测方法[J].东南大学学报(自然科学版),2013,43(6):1162-1167.
[3] 张锐.Android环境下恶意软件静态检测方法研究[D].重庆:重庆大学,2014.
[4] 王站.Android平台恶意代码静态检测技术的研究与实现[D].成都:电子科技大学,2014.
[5] 王军,庄毅,潘家晔.一种Android恶意软件多标签检测方法[J].小型微型计算机系统,2017,38(10):2307-2311.
[6] Tian K,Yao D,Ryder B G,et al.Detection of Repackaged Android Malware with Code-Heterogeneity Features[J].IEEE Transactions on Dependable and Secure Computing,2020,17(1):64-77.
[7] Fan M,Liu J,Wang W,et al.DAPASA: Detecting Android Piggybacked Apps Through Sensitive Subgraph Analysis[J].IEEE Transactions on Information Forensics and Security,2017,12(8):1772-1785.
[8] Jamalpur S,Navya Y S,Raja P,et al.Dynamic Malware Analysis Using Cuckoo Sandbox[C].Second International Conference on Inventive Communication & Computational Technologies,2018:1056-1060.
[9] Gianazza A,Maggi F,Fattori A,et al.PuppetDroid: A User-Centric UI Exerciser for Automatic Dynamic Analysis of Similar Android Applications[EB/OL].Https://arxiv.org/abs/1402.4826,2014.
[10] Shabtai A,Kanonov U,Elovici Y,et al."Andromaly": a behavioral malware detection framework for android devices[J].Journal of Intelligent Information Systems,2012,38(1):161-190.
[11] Saracino A,Scandurra D,Dini G,et al.MADAM: Effec-tive and efficient behavior-based Android malware detectionand prevention[J].IEEE Transactions on Dependable andSecure Computing,2018,15(1):83-97.
[12] 彭守镇.基于模糊神经网络的恶意APP软件动态检测技术研究[J].现代电子技术,2020,43(2):49-52.
[13] Enck W,Gilbert P,Cox L P,et al.TaintDroid: An Information Flow Tracking System for Real-Time Privacy Monitoring on Smartphones[J].Communications of the ACM,2014,57(3):99-106.
[14] Zhang Y,Yang M,Xu B,et al.Vetting undesirable behaviors in android apps with permission use analysis[C].Computer and Communications Security.ACM,2013.
[15] Platzer C,Lindorfer M,Neugschwandtner M,et al.ANDRUBIS-1,000,000 Apps Later: A View on Current Android Malware Behaviors[C].Third International Workshop on Building Analysis Datasets & Gathering Experience Returns for Security,IEEE,2016.
[16] F Scarselli,M Gori,A C Tsoi,et al.The Graph Neural Network Model[J].IEEE Transactions on Neural Networks,2009,20(1):61-80.
[17] Kipf T N,Welling M.Semi-Supervised Classification with Graph Convolutional Networks[EB/OL].Https://arxiv.org/abs/1609.02907,2016.
[18] Petar Veli kovi,Guillem Cucurull,Arantxa Casanova,et al.Graph Attention Networks[EB/OL].Https://arxiv.org/abs/1710.10903,2017.
[19] Busch J,Kocheturov A,Tresp V,et al.NF-GNN: Network Flow Graph Neural Networks for Malware Detectionand Classification[EB/OL].Https://arxiv.org/abs/2103.03939,2021.
[20] Feng P,Ma J,Li T,et al.Android Malware Detection via Graph Representation Learning[J].Mobile Information Systems.2021; 2021(6):1-14.
[21] Li S,Zhou Q,Zhou R,et al.Intelligent malware detection based on graph convolutional network[J].The Journal of Supercomputing,2021; 78(4): 4182-4198.
[22] Wu Q,Zhang H,Gao X,et al.Dual Graph Attention Networks for Deep Latent Representation of Multifaceted Social Effects in Recommender Systems[EB/OL].Https://arxiv.org/abs/1903.10433,2019.
[23] Wang H,Zhao W,Li Z,et al.A Weighted Graph Attention Network Based Method for Multi-label Classification of Electrocardiogram Abnormalities[C].2020 42nd Annual International Conference of the IEEE Engineering in Medicine and Biology Society(EMBC)in conjunction with the 43rd Annual Conference of the Canadian Medical and Biological Engineering Society.IEEE,2020.
[24] Qiu L,Li H,Wang M,et al.Gated Graph Attention Network for Cancer Prediction[J].Sensors,2021,21(6): 1938.
[25] Perozzi B,AlFRfou R,Skiena S.Deepwalk: online learning of social representations[C].Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining.New York: ACM,2014.
[26] Grover A,Leskovec J.Node2vec: scalable feature learning for networks[C].Proceedings of the 22nd ACM SIGKDD International conference on Knowledge discovery and data mining.San Francisco: ACM,2016.
[27] Wang D,Peng C,Zhu W.Structural deep network embedding[C].Proceedings of the 22nd ACM SIGKDD international conference on Knowledge discovery and data mining.San Francisco: ACM,2016.
[28] Garcia J,Sillero A,Montes M,et al.CICMALDROID2020:a benchmark dataset for Android malware detection based on mimicry and evasion techniques[J].Future Generation Computer Systems,2020,109:420-435.
[29] Xiao X,Zhang S,Mercaldo F,etal.Android malware detection based on system call sequences and LSTM[J].Multimed Tools Appl,2019,78:3979.
[30] Catal C,Gunduz H,Ozcan A.Malware detection based on graph attention networks for intelligent transportation systems[J].Electronics,2021,10(20): 2534.
[31] Yue Z W,Fang Y,Zhang.Android malware detection based on graph attention networks[J].J Sichuan Univ:Nat Sci Ed,2022,59:053002.

备注/Memo

收稿日期:2023-09-13
基金项目:四川省科技计划资助项目(23ZDYF0380、2021ZYD0011)
通信作者:甘刚.Email:test_me@cuit.edu.cn

更新日期/Last Update: 2025-02-28