Computer Engineering and Applications ›› 2018, Vol. 54 ›› Issue (18): 125-132.DOI: 10.3778/j.issn.1002-8331.1706-0007

Previous Articles     Next Articles

Android malware detection approach based on deep belief network

ZHAO Wei1,4, WANG Nan2, SU Xin3,4, ZHANG Boyun1   

  1. 1.Hunan Provincial Key Laboratory of Network Investigational Technology, Hunan Police Academy, Changsha 410138, China
    2.College of Mechatronic Engineering and Automation, National University of Defense Technology, Changsha 410073, China
    3.Key Laboratory of Network Crime Investigation of Hunan Provincial Colleges, Hunan Police Academy, Changsha 410138, China
    4.Department of Information Technology, Hunan Police Academy, Changsha 410138, China
  • Online:2018-09-15 Published:2018-10-16


赵  薇1,4,王  楠2,苏  欣3,4,张波云1   

  1. 1.湖南警察学院 网络侦查技术湖南省重点实验室,长沙 410138
    2.国防科技大学 机电工程与自动化学院,长沙 410073
    3.湖南警察学院 网络犯罪侦查湖南省普通高校重点实验室,长沙 410138
    4.湖南警察学院 信息技术系,长沙 410138

Abstract: Because traditional machine learning algorithm cannot select distinct behavioral characteristics from huge amount of characteristics to detect unknown Android malware. To address these limitations, this paper proposes DBNSel, a malware detection approach for the Android platform based on the deep belief network model. To implement this, five types of features are extracted from the static analysis of Android apps. Then, the deep belief network model is built to learn features from Android apps. Finally, the learned features are used to detect unknown Android malware. In an experiment with 3, 986 benign apps and 3, 986 malware, DBNSel outperforms several existing malware detection approaches and achieves 99.4% detection accuracy. Moreover, DBNSel can achieve a remarkable run-time efficiency which makes it very easy to adapt to a larger scale of real-world Android malware detection.

Key words: Android malware, deep belief network, security, static analysis

摘要: 传统的机器学习算法无法有效地从海量的行为特征中选择出有本质的行为特征来对未知的Android恶意应用进行检测。为了解决这个问题,提出DBNSel,一种基于深度信念网络模型的Android恶意应用检测方法。为了实现该方法,首先通过静态分析方法从Android应用中提取5类不同的属性。其次,建立深度信念网络模型从提取到的属性中进行选择和学习。最后,使用学习到的属性来对未知类型的Android恶意应用进行检测。在实验阶段,使用一个由3 986个Android正常应用和3 986个Android恶意应用组成的数据集来验证DBNSel的有效性。实验结果表明,DBNSel的检测结果要优于其他几种已有的检测方法,并可以达到99.4%的检测准确率。此外,DBNSel具有较低的运行开销,可以适应于更大规模的真实环境下的Android恶意应用检测。

关键词: Android恶意应用, 深度信念网络, 安全, 静态分析