0


HinDroid:基于结构化异构信息网络的智能Android恶意软件检测系统

HinDroid: An Intelligent Android Malware Detection System Based on Structured Heterogeneous Information Network
课程网址: http://videolectures.net/kdd2017_ye_intelligent_android/  
主讲教师: 叶艳芳
开课单位: 西弗吉尼亚大学
开课时间: 2017-10-09
课程语种: 英语
中文简介:
随着Android恶意软件的爆炸性增长及其对智能手机用户造成的严重损害,Android恶意软件的检测已成为网络安全中日益重要的课题。Android 恶意软件日益复杂,需要新的防御技术,这些技术更难以规避,并且能够保护用户免受新威胁。在本文中,为了检测Android恶意软件,我们不只是使用应用程序编程接口(API)调用,而是进一步分析它们之间的不同关系并创建更高级别的语义,这需要攻击者付出更多努力来逃避检测。我们将 Android 应用程序 (app)、相关 API 及其丰富的关系表示为结构化异构信息网络 (HIN)。然后,我们使用基于元路径的方法来表征应用程序和 API 的语义相关性。我们使用每个元路径来制定 Android 应用程序的相似性度量,并使用多内核学习聚合不同的相似性。然后,学习算法自动对每个元路径进行加权以进行预测。据我们所知,这是使用结构化 HIN 进行 Android 恶意软件检测的剩余工作。对 Comodo 云安全中心的真实样本集合进行了全面的实验,以比较各种恶意软件检测方法。有希望的实验结果表明,我们开发的系统 HinDroid 系统优于其他替代 Android 恶意软件检测技术。HinDroid已经被纳入Comodo Mobile Security产品的扫描工具中。
课程简介: With explosive growth of Android malware and due to the severity of its damages to smart phone users, the detection of Android malware has become an increasingly important topic in cyber security. The increasing sophistication of Android malware calls for new defensive techniques that are harder to evade, and are capable of protecting users against novel threats. In this paper, to detect Android malware, instead of using Application Programming Interface (API) calls only, we further analyze the different relationships between them and create higher-level semantics which require more efforts for attackers to evade the detection. We represent the Android applications (apps), related APIs, and their rich relationships as a structured heterogeneous information network (HIN). Then we use a meta-path based approach to characterize the semantic relatedness of apps and APIs. We use each meta-path to formulate a similarity measure over Android apps, and aggregate different similarities using multi-kernel learning. Then each meta-path is automatically weighted by the learning algorithm to make predictions. To the best of our knowledge, this is the rest work to use structured HIN for Android malware detection. Comprehensive experiments on real sample collections from Comodo Cloud Security Center are conducted to compare various malware detection approaches. Promising experimental results demonstrate that our developed system HinDroid system outperforms other alternative Android malware detection techniques. HinDroid has already been incorporated into the scanning tool of Comodo Mobile Security product.
关 键 词: 软件检测系统; 信息网络; 数据挖掘
课程来源: 视频讲座网
数据采集: 2023-12-25:wujk
最后编审: 2023-12-25:wujk
阅读次数: 21