计算机工程与应用 ›› 2021, Vol. 57 ›› Issue (6): 74-80.DOI: 10.3778/j.issn.1002-8331.2002-0395

• 网络、通信与安全 • 上一篇    下一篇

Android恶意软件的人工自然杀伤细胞检测模型

张福良,梁意文,谭成予   

  1. 武汉大学 计算机学院,武汉 430072
  • 出版日期:2021-03-15 发布日期:2021-03-12

Artificial Natural Killer Cell Detection Model for Android Malware

ZHANG Fuliang, LIANG Yiwen, TAN Chengyu   

  1. School of Computer Science, Wuhan University, Wuhan 430072, China
  • Online:2021-03-15 Published:2021-03-12

摘要:

针对现有Android恶意软件检测方法中存在的特征分析单一和固定化、对未知和潜伏性强的恶意软件检测能力弱等问题,构建一种Android恶意软件的人工自然杀伤细胞(Natural Killer cell,NK)检测模型。对人工自然杀伤细胞模型和树突状细胞算法(Dendritic Cell Algorithm,DCA)进行了研究,结合软件静态权限申请特征和动态API调用特征,经数据预处理后形成模型的各类输入信号。人工NK细胞输出刺激因子与DCA危险信号融合,提高了DCA的危险信号显著性,优化了DCA的检测过程。实验包含从VirusTotal等数据集选取的多种分类恶意软件样本1 150个,良性软件样本1 093个。实验结果表明与DCA和[K]-means等检测方法相比人工NK细胞检测模型提高了准确率并且降低了误报率。

关键词: 人工自然杀伤细胞模型, 树突状细胞算法(DCA), 恶意软件

Abstract:

Aiming at the problems of single and immobilized characteristics in the existing detection methods of Android malware and weak detection ability against unknown and latent malware, a Natural Killer cell(NK) detection model of Android malware is constructed. The artificial natural killer cell model and Dendritic Cell Algorithm(DCA) are studied. Combining the characteristics of software static permission application and dynamic API call, various input signals of the model are formed after data preprocessing. The artificial NK cell output stimulating factor is fused with DCA danger signal, which improves the significance of DCA danger signal and optimizes the detection process of DCA. The experiment included 1,150 samples of various classified malware from VirusTotal and other data sets, and 1,093 samples of benign software. The experimental results show that compared with DCA and [k]-means, the detection model of artificial NK cells improves the accuracy and reduces the rate of false positives.

Key words: Artificial natural killer cell model, Dendritic Cell Algorithm(DCA), malware