###

计算机系统应用英文版:2022,31(12):29-40

View/Add Comment 过刊浏览高级检索 HTML

←前一篇 | 后一篇→

码上扫一扫！

下载全文

基于可解释性的Android恶意软件检测

黄海彬¹, 万良², 褚堃¹

(1.贵州大学计算机科学与技术学院, 贵阳 550025;2.贵州大学计算机软件与理论研究所, 贵阳 550025)

Interpretability-based Android Malware Detection

HUANG Hai-Bin¹, WAN Liang², CHU Kun¹

(1.College of Computer Science and Technology, Guizhou University, Guiyang 550025, China;2.Institute of Computer Software and Theory, Guizhou University, Guiyang 550025, China)

摘要

图/表

参考文献

相似文献

本文已被：浏览 817次下载 1934次
Received:March 06, 2022 Revised:April 02, 2022

中文摘要: 针对Android恶意软件检测, 通常仅有检测结果缺乏对其检测结果的可解释性. 基于此, 从可解释性的角度分析Android恶意软件检测, 综合利用多层感知机和注意力机制提出一种可解释性的Android恶意软件检测方法(multilayer perceptron attention-method, MLP_At). 通过提取Android恶意软件的应用权限和应用程序接口(application programming interface, API)特征来进行数据预处理生成特征信息, 采用多层感知机对特征学习. 最后, 利用BP算法对学习到的数据进行分类识别. 在多层感知机中引入注意力机制, 以捕获敏感特征, 根据敏感特征生成描述来解释应用的核心恶意行为. 实验结果表明所提方法能有效检测恶意软件, 与SVM、RF、XGBoost相比准确率分别提高了3.65%、3.70%和2.93%, 并能准确地揭示软件的恶意行为. 此外, 该方法还可以解释样本被错误分类的原因.

中文关键词: Android 恶意软件检测多层感知机可解释性注意力机制 BP算法

Abstract:As the detection result lacks interpretability, the Android malware detection is analyzed in terms of interpretability. This study proposes an interpretable Android malware detection method (multilayer perceptron attention method, MLP_At) comprehensively using the multilayer perceptron and attention mechanism. By extracting permissions and application programming interface (API) features from Android malware, it performs data preprocessing on the proposed features to generate feature information, and multilayer perceptrons are utilized for learning features. Finally, the learned data is classified by the BP algorithm. The attention mechanism is introduced in the multilayer perceptron to capture sensitive features and generate descriptions based on the sensitive features to explain the core malicious behavior of the application. The experimental results show that the proposed method can effectively detect malware and the accuracy is improved by 3.65%, 3.70%, and 2.93% compared with that of SVM, RF and XGBoost, respectively. The method can accurately reveal the malicious behavior of the software and can also explain the reasons why samples are misclassified.

keywords: Android malware detection multilayer perceptron interpretability attention mechanism BP algorithm

文章编号： 中图分类号： 文献标志码：

基金项目:国家自然科学基金(62062020)

Author Name	Affiliation	E-mail
HUANG Hai-Bin	College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
WAN Liang	Institute of Computer Software and Theory, Guizhou University, Guiyang 550025, China	lwan@gzu.edu.cn
CHU Kun	College of Computer Science and Technology, Guizhou University, Guiyang 550025, China

Author Name	Affiliation	E-mail
HUANG Hai-Bin	College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
WAN Liang	Institute of Computer Software and Theory, Guizhou University, Guiyang 550025, China	lwan@gzu.edu.cn
CHU Kun	College of Computer Science and Technology, Guizhou University, Guiyang 550025, China

引用文本：
黄海彬,万良,褚堃.基于可解释性的Android恶意软件检测.计算机系统应用,2022,31(12):29-40
HUANG Hai-Bin,WAN Liang,CHU Kun.Interpretability-based Android Malware Detection.COMPUTER SYSTEMS APPLICATIONS,2022,31(12):29-40