基于异质信息网络的安卓虚拟化程序检测方法  被引量：2

作　　者：张威楠 孟昭逸 熊焰[1,2] 黄文超[2] 包象琳 Zhang Weinan;Meng Zhaoyi;Xiong Yan;Huang Wenchao;Bao Xianglin(School of Cyber Science&Technology,University of Science&Technology of China,Hefei 230027,China;School of Computer Science&Technology,University of Science&Technology of China,Hefei 230027,China;School of Computer Science&Technology,University of Anhui,Hefei 230601,China;School of Computer&Information,Anhui Polytechnic University,Wuhu Anhui 241000,China)

机构地区：[1]中国科学技术大学网络空间安全学院,合肥230027 [2]中国科学技术大学计算机科学与技术学院,合肥230027 [3]安徽大学计算机科学与技术学院,合肥230601 [4]安徽工程大学计算机与信息学院,安徽芜湖241000

出　　处：《计算机应用研究》2023年第6期1764-1770,共7页Application Research of Computers

基　　金：国家自然科学基金资助项目(62102385);安徽省自然科学基金资助项目(2108085QF262,2108085QF264)。

摘　　要：考虑到安卓应用虚拟化技术的功能特性,精确检测安卓虚拟化程序是识别其隐藏安全风险的基础和必要前提。为此,提出了基于异质信息网络的安卓虚拟化程序检测方法,并实现了原型系统Aiplugin。根据安卓虚拟化程序的特点,提取四类静态程序特征,并将程序特征映射到异质信息网络上,以元路径的形式将不同程序关联起来。采用异质图注意力网络表征算法和OC-SVM算法,融合不同视图的程序语义信息,实现对安卓虚拟化程序的表征和分类。实验结果表明,相较于当前的代表性工具VAhunt,Aiplugin可有效检测包括平行空间等更多类型的安卓虚拟化程序。Considering the functional characteristics of Android application virtualization technology,accurate detection of Android virtualization programs is the basis and necessary prerequisite for identifying hidden security risks.Therefore,this paper proposed a method to detect Android virtualization programs based on heterogeneous information networks,and implemented the prototype system Aiplugin.According to the characteristics of Android virtualization programs,the system extracted four types of static program features and mapped program features to heterogeneous information networks.Aiplugin associated different programs in the form of meta paths.It used heterogeneous graph attention network representation algorithm and OC-SVM algorithm and integrated program semantic information from different views to realize the representation and classification of Android virtualization programs.The experimental results show that Aiplugin can detect more types of Android virtuali-zation programs,including parallel space,compared with the current representative tool VAhunt.

关 键 词：异质信息网络 安卓虚拟化程序 安卓安全 软件工程 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]