融合多尺度语义与VMD-BiLSTM的恶意APP检测模型

许国良; 时磊; 邱思琦; 许宇

doi:10.11959/j.issn.1000-436x.TXXB260119

您当前的位置：

首页 >

文章列表页 >

融合多尺度语义与VMD-BiLSTM的恶意APP检测模型

更新时间：2026-04-10

- 融合多尺度语义与VMD-BiLSTM的恶意APP检测模型
- Malicious APP detection model integrating multi-scale semantics and VMD-BiLSTM
- 通信学报 2026年
- 作者机构：
  
  重庆邮电大学通信与信息工程学院，重庆 400065
- 作者简介：
  
  许国良，xugl@cqupt.edu.cn
- 基金信息：
- DOI：10.11959/j.issn.1000-436x.TXXB260119
  中图分类号： TP393.08
- 收稿：2026-03-11，
  
  修回：2026-04-09，
  
  录用：2026-04-10，
- 稿件说明：
移动端阅览
许国良, 时磊, 邱思琦, 等. 融合多尺度语义与VMD-BiLSTM的恶意APP检测模型[J/OL]. 通信学报, 2026.

Xu Guoliang, Shi Lei, Qiu Siqi, et al. Malicious APP detection model integrating multi-scale semantics and VMD-BiLSTM[J/OL]. Journal on Communications, 2026.
许国良, 时磊, 邱思琦, 等. 融合多尺度语义与VMD-BiLSTM的恶意APP检测模型[J/OL]. 通信学报, 2026. DOI： 10.11959/j.issn.1000-436x.TXXB260119.

Xu Guoliang, Shi Lei, Qiu Siqi, et al. Malicious APP detection model integrating multi-scale semantics and VMD-BiLSTM[J/OL]. Journal on Communications, 2026. DOI： 10.11959/j.issn.1000-436x.TXXB260119.

摘要

针对加密流量中恶意APP特征难提取、背景噪声大及模型缺乏透明度的问题，提出一种一种融合变分模态分解(VMD)、Attention-BiLSTM与SHAP机制的检测模型。首先，针对移动APP流量的多尺度特性，设计自适应多尺度窗口机制，动态提取并构建融合语义的高维时间序列；其次，为处理该结构化序列中交织的复杂环境噪声，引入变分模态分解(VMD)进行频域平稳化降噪，并利用结合焦点损失的Attention-BiLSTM网络精准捕获长程时序依赖；最后，引入SHAP机制量化特征的边际贡献，提供事后归因解释以辅助决策溯源。实验表明，该模型准确率达98.18%，在实现较高精度检测的同时，提升了模型判决的透明度与可信度。

Abstract

To address the challenges of difficult feature extraction

high background noise

and a lack of model transparency in identifying malicious applications within encrypted traffic

this paper proposes a novel detection model integrating Variational Mode Decomposition (VMD)

Attention-BiLSTM

and the SHAP mechanism. First

targeting the multi-scale characteristics of mobile APP traffic

an adaptive multi-scale window mechanism is designed to dynamically extract and construct semantic-driven high-dimensional time series. Second

to mitigate the complex environmental noise intertwined within these structured sequences

VMD is introduced for frequency-domain stationary denoising. Subsequently

an Attention-BiLSTM network coupled with Focal Loss is employed to accurately capture long-range temporal dependencies. Finally

the SHAP mechanism is incorporated to quantify the marginal contributions of features

providing post-hoc attribution explanations to facilitate decision traceability. Experimental results demonstrated that the proposed model achieved an accuracy of 98.18%

successfully realizing high-precision detection while simultaneously enhancing the transparency and credibility of the model's decision-making process.

关键词

Keywords

references

BRYNIELSSON J , SHARMA R . Detectability of low-rate HTTP server DoS attacks using spectral analysis [C ] // Proceedings of IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining . Piscataway : IEEE Press , 2015 : 954 - 961 .

CHENG M , LI Q , LV J M , et al . Multi-scale LSTM model for BGP anomaly classification [J ] . IEEE Transactions on Services Computing , 2021 , 14 ( 3 ): 765 - 778 .

WANG J Y , WANG Z , LI J F , et al . Multilevel wavelet decomposition network for interpretable time series analysis [C ] // Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining . New York : ACM Press , 2018 : 2437 - 2446 .

FOULADI R F , ERMIŞ O , ANARIM E . A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN [J ] . Computer Networks , 2022 , 214 : 109140 .

ALBAHAR M A . Recurrent neural network model based on a new regularization technique for real-time intrusion detection in SDN environments [J ] . Security and Communication Networks , 2019 , 2019 : 1 - 9 .

PEI J M , ZHONG K Y , JAN M A , et al . Personalized federated learning framework for network traffic anomaly detection [J ] . Computer Networks , 2022 , 209 : 108906 .

ZONG B , SONG Q , MIN M R , et al . Deep autoencoding gaussian mixture model for unsupervised anomaly detection [C ] // Proceedings of International Conference on Learning Representations . Vancouver : ICLR Press , 2018 : 1 - 19 .

GEIGER A , LIU D Y , ALNEGHEIMISH S , et al . TadGAN: time series anomaly detection using generative adversarial networks [C ] // Proceedings of IEEE International Conference on Big Data (Big Data) . Piscataway : IEEE Press , 2020 : 33 - 43 .

PATIL R , BIRADAR R , RAVI V , et al . Network traffic anomaly detection using PCA and BiGAN [J ] . Internet Technology Letters , 2022 , 5 ( 1 ): e235 .

邹福泰 , 谭越 , 王林 , 等 . 基于生成对抗网络的僵尸网络检测 [J ] . 通信学报 , 2021 , 42 ( 7 ): 95 - 106 .

CHEN X H , DENG L W , HUANG F T , et al . DAEMON: unsupervised anomaly detection and interpretation for multivariate time series [C ] // Proceedings of IEEE 37th International Conference on Data Engineering . Piscataway : IEEE Press , 2021 : 2225 - 2230 .

麻文刚 , 张亚东 , 郭进 . 基于 LSTM 与改进残差网络优化的异常流量检测方法 [J ] . 通信学报 , 2021 , 42 ( 5 ): 23 - 40 .

CHOUHAN N , KHAN A , KHAN H U R . Network anomaly detection using channel boosted and residual learning based deep convolutional neural network [J ] . Applied Soft Computing , 2019 , 83 : 105612 .

YANG S . Anomaly traffic detection based on LSTM [C ] // Proceedings of IEEE 10th Joint International Information Technology and Artificial Intelligence Conference . Piscataway : IEEE Press , 2022 : 667 - 670 .

ULLAH I , MAHMOUD Q H . Design and development of RNN anomaly detection model for IoT networks [J ] . IEEE Access , 2022 , 10 : 62722 - 62750

WANG S , YAN Q , CHEN Z , et al . TextDroid: Semantics-based detection of mobile malware using network flows [C ] // 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) . IEEE , 2017 : 18 - 23 .

ZAMAN M , SIDDIQUI T , AMIN R , et al , 2015 . Malware detection in Android by network traffic analysis [C ] // Proceedings of 2015 International Conference on Networking Systems and Security , NSysS 2015 : 1 - 5 .

AL OGAILI R R N , RAHEEM O A , ABDKHALEQ M H G , et al . AntDroidNet cybersecurity model: A hybrid integration of ant colony optimization and deep neural networks for android malware detection [J ] . Mesopotamian Journal of CyberSecurity , 2025 , 5 ( 1 ): 104 - 120 .

ŞAFAK E , DOĞRU İ A , BARIŞÇI N , et al . BlockDroid: detection of Android malware from images using lightweight convolutional neural network models with ensemble learning and blockchain for mobile devices [J ] . PeerJ Computer Science , 2025 , 11 : e2918 .

ANSORI D B , SLAMET J , GHUFRON M Z , et al . Android malware classification using gain ratio and ensembled machine learning [J ] . International Journal of Safety and Security Engineering , 2024 , 14 ( 1 ): 259 - 266 .

DJÈ BI DJÈ G G , DIAKO D J , KANGA K , et al . Innovation in cyber threat detection: transformer-based approach [J ] . International Journal of Advanced Research , 2024 , 12 ( 11 ): 1375 - 1389 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据