融合CBAM的违法犯罪类安卓恶意软件检测与分类模型研究

doi:10.3778/j.issn.1002-8331.2311-0219

摘要/Abstract

摘要： 针对公安工作领域移动终端APP违法犯罪日益频发的情况，为解决Android恶意违法犯罪软件检测领域中相关数据集数量少、分类不清晰，识别Android恶违法软件可行性方法匮乏等情况，提出了一种基于安卓违法犯罪APP数据集，融合CBAM注意力机制的深度学习模型。收集6?181个违法犯罪类APP并整理划分为4个家族；对违法APP软件进行灰度图、RGB以及RGBA三种图像可视化处理；利用融合CBAM注意力机制的深度模型进行家族检测分类。在违法犯罪APP数据集上的实验表明，融合CBAM机制的Resnet18模型在RGBA图像上与未引入该机制的灰度图图像相比，准确度提升了4.04%，达到93.52%。融合CBAM机制的模型在公开Drebin数据集上进行了验证，引入CBAM深度学习模型VGG16在RGBA图像上取得了96.35%的准确率。

关键词: 违法犯罪, 安卓恶意软件, RGBA图像, 可视化处理, 卷积块注意力模块（CBAM）, 深度学习

Abstract: In response to the increasing frequency of illegal and criminal activities in mobile terminal APP in the field of public security work, a deep learning model based on the Android illegal and criminal APP dataset and integrating CBAM attention mechanism is proposed to address the issues of limited quantity and unclear classification of relevant datasets in the detection field of Android malicious illegal and criminal software, as well as the lack of feasible methods for identifying Android malicious and criminal software. Firstly, 6?181 illegal and criminal APPs are collected and organized into 4 families. Grayscale, RGB, and RGBA images are performed in visualization processing on illegal APP software. A deep model fused with CBAM attention mechanism is used for family detection and classification. Experiments on the illegal and criminal APP dataset show that the Resnet18 model fused with CBAM mechanism improves its accuracy by 4.04% on RGBA images compared with grayscale images without the mechanism, reaching 93.52%. The fused CBAM mechanism model is validated on the public Drebin dataset, and the introduction of the CBAM deep learning model VGG16 achieves an accuracy of 96.35% on RGBA images.

Key words: illegal and criminal activities, Android malware, RGBA image, visualization processing, convolutional block attention module (CBAM), deep learning

刘红玉, 高见. 融合CBAM的违法犯罪类安卓恶意软件检测与分类模型研究[J]. 计算机工程与应用, 2025, 61(6): 317-327.

LIU Hongyu, GAO Jian. Research on Detection and Classification Model of Illegal and Criminal Android Malware Integrating CBAM[J]. Computer Engineering and Applications, 2025, 61(6): 317-327.

参考文献

[1] 于兴崭, 芦天亮, 杜彦辉, 等. 基于合成图像和Xception改进模型的安卓恶意家族分类方法[J]. 计算机科学, 2023, 50(4): 351-358.
YU X Z, LU T L, DU Y H, et al. Android malware family classification method based on synthetic image and Xception improved model[J]. Computer Science, 2023, 50(4): 351-358.
[2] 范铭, 刘烃, 刘均, 等. 安卓恶意软件检测方法综述[J]. 中国科学: 信息科学, 2020, 50(8): 1148-1177.
FAN M, LIU T, LIU J, et al. Android malware detection: a survey[J]. Scientia Sinica (Informationis), 2020, 50(8): 1148-1177.
[3] ENCK W, ONGTANG M, MCDANIEL P. On lightweight mobile phone application certification[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009: 235-245.
[4] AU K W Y, ZHOU Y F, HUANG Z, et al. Pscout: analyzing the Android permission specification[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security, 2012: 217-228.
[5] AAFER Y, DU W, YIN H. DroidAPIMiner: mining API-Level features for robust malware detection in Android[C]//Proceedings of the International Conference on Security and Privacy in Communication Networks. Sydney: Springer International Publishing, 2013: 86-103.
[6] GORLA A, TAVECCHIA I, GROSS F, et al. Checking APP behavior against APP descriptions[C]//Proceedings of the 36th International Conference on Software Engineering, 2014: 1025-1035.
[7] ENCK W, GILBERT P, HAN S, et al. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems, 2014, 32(2): 1-29.
[8] HORNYACK P, HAN S, JUNG J, et al. These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications[C]//Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), Chicago, 2011.
[9] 乐洪舟. Android应用隐私泄露若干问题的研究[D]. 西安: 西安电子科技大学, 2017.
LE H Z. Research on some problems of privacy leakage of Android application[D]. Xi’an: Xidian University, 2017.
[10] ARZT S, RASTHOFER S, FRITZ C, et al. Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps[J]. ACM Sigplan Notices, 2014, 49(6): 259-269.
[11] PANDITA R, XIAO X S, YANG W, et al. WHYPER: towards automating risk assessment of mobile applications[C]//Proceedings of the USENIX Security Symposium, Washington, 2013.
[12] GASCON H, YAMAGUCHI F, ARP D, et al. Structural detection of Android malware using embedded call graphs[C]//Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, 2013: 45-54.
[13] ZHANG M, DUAN Y, YIN H, et al. Semantics-aware Android malware classification using weighted contextual API dependency graphs[C]//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014: 1105-1116.
[14] HOU S, YE Y, SONG Y, et al. Hindroid: an intelligent Android malware detection system based on structured heterogeneous information network[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2017: 1507-1515.
[15] ZHOU W, ZHOU Y, GRACE M, et al. Fast, scalable detection of “piggybacked” mobile applications[C]//Proceedings of the Third ACM Conference on Data and Application Security and Privacy, 2013: 185-196.
[16] DESHOTELS L, NOTANI V, LAKHOTIA A. Droidlegacy: automated familial classification of Android malware[C]//Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014, 2014: 1-12.
[17] KUMAR A, SAGAR K P, KUPPUSAMY K S, et al. Machine learning based malware classification for Android applications using multimodal image representations[C]// Proceedings of the 2016 10th International Conference on Intelligent Systems and Control (ISCO), 2016: 1-6.
[18] YEN Y S, SUN H M. An Android mutation malware detection based on deep learning using visualization of importance from codes[J]. Microelectronics Reliability, 2019, 93: 109-114.
[19] HAN K, KANG B, IM E G, et al. Malware analysis using visualized image matrices[J]. The Scientific World, 2014, 2014: 1-15.
[20] SENANAYAKE J, KALUTARAGE H, AL-KADRI M O. Android mobile malware detection using machine learning: a systematic review[J]. Electronics, 2021, 10(13): 1606.
[21] 彭廷鑫. 基于深度学习的Android恶意软件家族判别[D]. 北京: 北京交通大学, 2020.
PENG T X. Identification of Android malware family based on deep learning[D]. Beijing: Beijing Jiaotong University, 2020.
[22] ZHU H J, YOU Z H, ZHU Z X, et al. DroidDet: effective and robust detection of Android malware using static analysis along with rotation forest model[J]. Neurocomputing, 2018, 272: 638-646.
[23] 程章. 基于异构图特征的安卓恶意软件检测研究[D]. 武汉: 华中科技大学, 2022.
CHENG Z. Research on heterogeneous graph feature based android malware detection[D]. Wuhan: Huazhong University of Science and Technology, 2022.
[24] 杨吉云, 陈钢, 鄢然, 等. 一种基于系统行为序列特征的Android恶意代码检测方法[J]. 重庆大学学报, 2020, 43(9): 54-63.
YANG J Y, CHEN G, YAN R, et al. An Android malware detection method based on system behavior sequences[J]. Journal of Chongqing University, 2020, 43(9): 54-63.
[25] 陈颖, 林雨衡, 王志强, 等. 基于Transformer的安卓恶意软件多分类模型[J]. 信息安全研究, 2023, 9(12): 1138-1144.
CHEN Y, LIN Y H, WANG Z Q, et al. Android malware multi-classification model based on Transformer[J]. Journal of Information Security Research, 2023, 9(12): 1138-1144.

编辑推荐 0

Metrics

阅读次数

全文

HTML			PDF

最新录用	在线预览	正式出版	最新录用	在线预览	正式出版
0	0	0	0	0	43

	来源	本网站

	次数	43
	比例	100%

摘要

最新录用	在线预览	正式出版

0	0	28

	来源	本网站

	次数	29
	比例	100%