基于值导数GRU的移动恶意软件流量检测方法

周翰逊; 陈晨; 冯润泽; 熊俊坤; 潘宏; 郭薇

doi:10.11959/j.issn.1000-436x.2020005

您当前的位置：

首页 >

文章列表页 >

基于值导数GRU的移动恶意软件流量检测方法

学术论文 | 更新时间：2024-06-05

- 基于值导数GRU的移动恶意软件流量检测方法
- Mobile malware traffic detection approach based on value-derivative GRU
- 通信学报 2020年41卷第1期页码：102-113
- 作者机构：
  
  1. 辽宁大学信息学院，辽宁沈阳 110036
  2. 辽宁大学数字经济研究院，辽宁沈阳 110036
  3. 沈阳航空航天大学计算机学院，辽宁沈阳 110135
- 作者简介：
  
  [ "周翰逊（1981- ），男，辽宁沈阳人，博士，辽宁大学副教授、硕士生导师，主要研究方向为网络安全、图像处理、深度学习、恶意代码分析" ]
  [ "陈晨（1995- ），女，辽宁鞍山人，辽宁大学硕士生，主要研究方向为网络安全、深度学习、恶意代码分析" ]
  [ "冯润泽（1994- ），男，山东临沂人，辽宁大学硕士生，主要研究方向为网络安全、深度学习、恶意代码分析" ]
  [ "熊俊坤（1996- ），男，湖北天门人，辽宁大学硕士生，主要研究方向为深度学习、网络安全" ]
  [ "潘宏（1979- ），男，辽宁盘锦人，博士，辽宁大学副教授，主要研究方向为数字经济、大数据、区块链、网络安全、深度学习等" ]
  [ "郭薇（1983- ），女，辽宁沈阳人，博士，沈阳航空航天大学副教授，主要研究方向为网络安全和图像处理" ]
- 基金信息：
  
  国家自然科学基金资助项目(61300233);国家自然科学基金资助项目(61402298);国家自然科学基金资助项目(61472169);国家自然科学基金资助项目(51704138);辽宁省教育厅基金资助项目(JYT19053);辽宁省自然科学基金资助项目(2019-MS-149)
- DOI：10.11959/j.issn.1000-436x.2020005
  中图分类号： TP393.4
- 网络出版日期：2020-01，
  
  纸质出版日期：2020-01-25
- 稿件说明：
移动端阅览
周翰逊, 陈晨, 冯润泽, 等. 基于值导数GRU的移动恶意软件流量检测方法[J]. 通信学报, 2020,41(1):102-113.

Hanxun ZHOU, Chen CHEN, Runze FENG, et al. Mobile malware traffic detection approach based on value-derivative GRU[J]. Journal on communications, 2020, 41(1): 102-113.
周翰逊, 陈晨, 冯润泽, 等. 基于值导数GRU的移动恶意软件流量检测方法[J]. 通信学报, 2020,41(1):102-113. DOI： 10.11959/j.issn.1000-436x.2020005.

Hanxun ZHOU, Chen CHEN, Runze FENG, et al. Mobile malware traffic detection approach based on value-derivative GRU[J]. Journal on communications, 2020, 41(1): 102-113. DOI： 10.11959/j.issn.1000-436x.2020005.

摘要

针对移动恶意软件数量和种类的急剧增加给移动用户的信息安全带来的巨大挑战，提出了一种基于值导数GRU的移动恶意软件流量检测方法，旨在解决基于RNN的移动恶意软件流量检测方法难以捕获网络异常流量的动态变化和关键信息的问题。值导数 GRU 算法通过引入“累计状态变化”的概念，可以同时描述移动网络恶意流量的低阶和高阶动态变化信息。此外，通过增设池化层使算法可以捕获移动恶意流量的关键信息。最后，通过仿真实验分析累计状态变化、隐藏层和池化层对于值导数GRU算法性能的影响。实验表明，基于值导数GRU的移动恶意软件流量检测方法拥有较高的检测准确率。

Abstract

For the dramatic increase in the number and variety of mobile malware had created enormous challenge for information security of mobile network users

a value-derivative GRU-based mobile malware traffic detection approach was proposed in order to solve the problem that it was difficult for a RNN-based mobile malware traffic detection approach to capture the dynamic changes and critical information of abnormal network traffic.The low-order and high-order dynamic change information of the malicious network traffic could be described by the value-derivative GRU approach at the same time by introducing the concept of “accumulated state change”.In addition

a pooling layer could ensure that the algorithm can capture key information of malicious traffic.Finally

simulation were performed to verify the effect of accumulated state changes

hidden layers

and pooling layers on the performance of the value-derivative GRU algorithm.Experiments show that the mobile malware traffic detection approach based on value-derivative GRU has high detection accuracy.

关键词

Keywords

references

HE D , CHAN S , GUIZANI M . Mobile application security:malware threats and defenses [J ] . IEEE Wireless Communications , 2015 , 22 ( 1 ): 138 - 144 .

冯勇 , 张丽颖 , 顾兆旭 , 等 . 面向高校多源异构数据环境的元数据集成方法 [J ] . 辽宁大学学报(自然科学版) , 2019 , 46 ( 2 ): 135 - 141 .

FENG Y , ZHANG L Y , GU Z X , et al . A metadata integration method for multi-source heterogeneous data environment in universities [J ] . Journal of Liaoning University:Natural Science , 2019 , 46 ( 2 ): 135 - 141 .

SAYYAR S , . Enhanced TWOACK based AODV protocol for intrusion detection system [C ] // International Conference on Computing,Mathematics and Engineering Technologies . 2018 : 1 - 4 .

MIMURA M , TANAKA H . Long-term performance of a generic intrusion detection method using Doc2vec [C ] // 2017 Fifth International Symposium on Computing and Networking (CANDAR) . 2017 : 456 - 462 .

KHATRI V , ABENDROTH J . Mobile guard demo:network based malware detection [C ] // IEEE International Conference on Trust,Security and Privacy in Computing and Communications . 2015 : 1177 - 1179 .

ADEEL M , TOKARCHUK L N . Analysis of mobile P2P malware detection framework through cabir ＆ commwarrior families [C ] // IEEE Third International Conference on Privacy,Security,Risk and Trust . 2011 : 1335 - 1343 .

MOGHADDAM S H , . Sensitivity analysis of static features for Android malware detection [C ] // 22nd Iranian Conference on Electrical Engineering . 2014 : 920 - 924 .

TRIPP O , PISTOIA M , FERRARA P , et al . Pinpointing mobile malware using code analysis [C ] // IEEE/ACM International Conference on Software Engineering and Systems . 2016 : 275 - 276 .

NGUYEN TRI-HAI , YOO M . A behavior-based mobile malware detection model in software-defined networking [C ] // International Conference on Information Science and Communications Technologies . 2017 : 1 - 3 .

LI D F , WANG Z G , XUE Y B . Fine-grained Android malware detection based on deep learning [C ] // IEEE Conference on Communications and Network Security . 2018 : 1 - 2 .

YUAN Z L , LU Y Q , XUE Y B . Droiddetector:Android malware characterization and detection using deep learning [J ] . Tsinghua Science and Technology , 2016 , 22 ( 1 ): 114 - 123 .

KIM T G , KANG B J , RHO M , et al . A multimodal deep learning method for Android malware detection using various features [J ] . IEEE Transactions on Information Forensics and Security , 2019 , 14 ( 3 ): 773 - 788 .

SU X , ZHANG D F , LI W J , et al . A deep learning approach to Android malware feature learning and detection [C ] // IEEE International Conference on Trust,Security and Privacy in Computing and Communications . 2016 : 244 - 251 .

CHEN Z X , YAN Q B , HAN H B . Machine learning based mobile malware detection using highly imbalanced network traffic [C ] // IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing . 2017 : 588 - 595 .

ZHANG L , FAN X P . A fusion financial prediction strategy based on RNN and representative pattern discovery [C ] // International Conference on Parallel and Distributed Computing,Applications and Technologies . 2017 : 92 - 97 .

BENGIO Y . Learning long-term dependencies with gradient descent is difficult [J ] . IEEE Transactions on Neural Networks , 2002 , 5 ( 2 ): 157 - 166 .

BEAUFAYS S S . Long short-term memory recurrent neural network architectures for large scale acoustic modeling [J ] . Computer Science , 2014 , 15 ( 3 ): 338 - 342 .

CHO K , MERRIENBOER VAN B , GULCEHRE C . Learning phrase representations using RNN encoder-decoder for statistical machine translation [J ] . Computer Science , 2014 , 12 ( 1 ): 236 - 248 .

浏览量

721

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于改进马尔可夫链的高效域名生成算法

基于信誉的域间路由选择机制的研究与实现

基于空间感知的多级损失目标跟踪对抗攻击方法

基于威胁情报的网络安全态势感知模型

移动设备加密流量的用户信息探测研究展望