基于HTM算法的恶意Android应用检测  被引量：1

作　　者：仇慎健 张仕斌[1] 刘苹光 

机构地区：[1]成都信息工程大学信息安全工程学院,成都610225 [2]成都信息工程大学通信工程学院,成都610225

出　　处：《四川理工学院学报（自然科学版）》2015年第4期50-56,共7页Journal of Sichuan University of Science & Engineering(Natural Science Edition)

基　　金：四川省科技支撑计划项目(2013GZX0137;2014GZ0002);成都市科技攻关项目(2014-HM01-00108-SF);四川省科技创新研发专项(2014GZ0006)

摘　　要：随着互联网用户从传统PC端到移动端的转换,移动安全受到越来越多的关注。为了提高对未知恶意移动应用的检测效率,针对传统检测对引入多态和变形技术的恶意应用检测能力较差的问题,提出了一种基于HTM算法的恶意Android移动应用检测方法。该应用检测包含针对Android应用Dalvik指令特点的特征提取、采用信息增益的方式进行特征选择与融合,并利用HTM算法进行序列模式训练和推导,然后将测试样本特征提取与融合后的结果输入到完成训练的HTM网络中,达到检测恶意应用的目的。实验仿真表明,所设计的恶意应用检测方法的检测率接近100%,检测效率高,误报率0.08%。相较于其他算法,提出的恶意检测方法的检测率、误报率、分类准确率均更优,并能应用于不同类型的恶意应用,但训练和测试时间较长。With the Internet users' conversion from traditional PC to mobile terminal,the mobile security has been more and more concerned. In order to improve the detection efficiency of unknown malicious mobile application,aiming at the poor detection ability problem of traditional detection in detecting the malicious applications that introduces polymorphic and deformation techniques,a method to detect malicious Android mobile applications based on HTM algorithm is proposed,the application detection contains the feature extraction that aims at Android application Dalvik instructions characteristic and the feature selection and integration by using the information gain method,and the sequence mode is trained and deduced by HTM algorithm,then the feature extraction and fusion result of test sample is input into the HTM network that completes training,therefore,the purpose of detecting malicious applications is achieved. The experiment simulation show: the detection rate of designed malicious application detection method is nearly 100%,and has high detection efficiency; the false positive rate is 0. 08%. Compared to other algorithms,the detection rate,false positive rate and classification accuracy rate of proposed malicious detection method are better,and it can be applied to different types of malicious applications,but the training and testing time is longer.

关 键 词：移动安全 HTM算法 Dalvik指令 信息增益 恶意应用 检测 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]