CN107103235A - A kind of Android malware detection method based on convolutional neural networks - Google Patents

A kind of Android malware detection method based on convolutional neural networks Download PDF

Info

Publication number
CN107103235A
CN107103235A CN201710107578.0A CN201710107578A CN107103235A CN 107103235 A CN107103235 A CN 107103235A CN 201710107578 A CN201710107578 A CN 201710107578A CN 107103235 A CN107103235 A CN 107103235A
Authority
CN
China
Prior art keywords
mrow
msub
malware
detection method
convolutional neural
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710107578.0A
Other languages
Chinese (zh)
Inventor
凌捷
王文冲
谢锐
龚怡
柳毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201710107578.0A priority Critical patent/CN107103235A/en
Publication of CN107103235A publication Critical patent/CN107103235A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a kind of Android malicious code detecting methods based on convolutional neural networks, this method obtains its dex file and is mapped as view data first to known Malware sample decompiling;Again using obtained view data as input value, and using 1 × n-tuple as output valve, be put into convolutional neural networks and be trained, make its meet with species Malware output valve deviation it is as small as possible, the output valve deviation of variety classes Malware is as big as possible.It is trained by using a large amount of known samples, obtains a grader that can be used for detecting unknown software.Then, each unknown software is that can determine whether whether it contains malicious code directly using the grader.Technical scheme of the present invention can accurately identify Malware generic, and can be effectively improved the accuracy of Malware sample classification.

Description

A kind of Android malware detection method based on convolutional neural networks
Technical field
The present invention relates to Malicious Code Detection research field in Android platform, in order to preferably protect Android The security of platform user information, proposes a kind of Android malicious code samples classification and Detection side based on convolutional neural networks Method, this method can accurately identify Malware generic, so as to effectively realize the detection to Malware.
Background technology
In recent years, Malware had become one of key factor of menace network and information security.According to Symantec's 2016 annual internet securities threaten report to reveal, and newly-increased Malware quantity is directed to privacy and stolen up to 4.3 hundred million within 2015 The personal information for taking or leaking is more than 500,000,000.Due to the limitation of Malicious Code Detection technology, there are a large amount of malicious codes can not Effective killing.The malicious code of Code obfuscation and its emergence of mutation are particularly carried out, is Malicious Code Detection situation day Beneficial severe basic reason.Android platform is one of two big mobile-terminal platforms of current main-stream, Android mobile terminal Malicious code family constantly increases year by year, meanwhile, the mutation number also sharp increase of malicious code, this shows that malicious code is developed Personnel are more that prototype malicious code is made somewhat to change or repack and then derive new mutation and propagate.Therefore Need fast and effeciently detect the detection method of variant virus.
Malicious Code Detection technology can be divided into two classes, be respectively static Malicious Code Detection and dynamic malicious code inspection Survey.Static Malicious Code Detection is in the case of not operation code, using inverse compiling technique, using control flow analysis, data The method such as flow point analysis and semantic analysis carrys out the behavioural characteristic of recognition application.This method have the advantages that it is quick, efficient, but It is to be difficult to the protection techniques such as confrontation Code obfuscation.Dynamic Malicious Code Detection is then the row for focusing on application program actual motion For, by run application program to be detected in an executable environment and monitor in real time its system call, network access, text The behavior such as part operation and internal memory modification, to judge whether the application program has malicious act.With static Malicious Code Detection side Method is compared, and dynamic malicious code detecting method effectively can not audit to all codes, because some codes are needed in spy It can be just triggered under the conditions of different.In Malicious Code Detection field, substantial amounts of research work has been carried out in domestic and international many scholars Make.Wang Rui and Feng Dengguo (Wang Rui, Feng Deng-guo, Yang Yi, Su Pu-rui.An Malware detection method based on the semantic of feature extraction[J].Journal of Software, 2012,2:378-393) propose the detection method that a kind of static malicious code behavioural characteristic based on semantic analysis is extracted.Kong De (Kong De-guang, Tan Xiao-bin, Xi Hong-sheng, Gong Tao, the Shuai Jian- such as light and Tan little Bin mei.Lifting multidimensional characteristics testing confuse malicious code [J].Journal of Software,2011,3:522-533) propose from statistical property and with reference to function call in code And system call flow chart, family's malicious code is detected, these static detection methods have higher detection efficiency, but It is to not strong using the malicious code resistance of Code Obfuscation Security Technology.The Dinaburg of the georgia ,U.S.A Institute of Technology is proposed (Dinaburg A,Royal P,Sharif M,et al.Ether:malware analysis via hardware Virtualization extensions [C], Proceedings of the 15th ACM conference on Computer and communications security.ACM,2008:51-62) by setting up a virtual application journey Sequence performing environment the event such as calls to monitor internal memory operation during application program to be detected operation, the privileged level being related to, system, For these events come the malicious act of recognition application.Spain De Wusi give oneself airs learn Santos propose (Santos I, Brezo F,Nieves J,et al.Idea:Opcode-sequence-based malware detection [C], International Symposium on Engineering Secure Software and Systems.Springer Berlin Heidelberg,2010:The association in application program between each category feature 35-43) is calculated using method in information theory Degree, is maliciously gone by calculating contacting between application program to be detected and known Malware to determine if to have For.Burguera (Burguera I, the Zurutuza U, Nadjm-Tehrani of Montella tribute university of Spain S.Crowdroid:behavior-based malware detection system for android[C]// Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices.ACM,2011:15-26) propose that collector and detector are directly embedded into Android behaviour by one kind Make the method for system to collect the behavioural information of application program in users' mobile phone, detected beyond the clouds and by the knot of detection Fruit notifies user in time.Kevin (Allix K, Bissyand é T F, J é the rome Q, et of university of Luxembourg al.Empirical assessment of machine learning-based malware detectors for Android[J].Empirical Software Engineering,2016,21(1):183-211) utilize the side of machine learning Method extracts the feature of authority used in Android application programs, and for Malicious Code Detection.Taiwan University of Science and Technology Dong-Jie Wu scholars (Wu D J, Mao C H, Wei T E, et al.Droidmat:Android malware Detection through manifest and api calls tracing [C], Information Security (Asia JCIS),2012 Seventh Asia Joint Conference on.IEEE,2012:62-69) then with substantial amounts of sample number Based on, the feature with known malware is therefrom extracted, and using these features come for the detection to new samples.These Method is all that unknown software is identified by extracting the feature of Malware, due in practical application software it is various Property, easily there is the situation of flase drop.The present invention proposed by the mutation from Malware, using the thought of deep learning come Detect congener Malware.
The content of the invention
The present invention is for Malware sample radix in current Android platform is big, the present situation more than number of varieties, proposes a kind of The method that same kind Malware in Android platform can be quickly and efficiently detected, frame diagram is as shown in 1.The party Method combination convolutional neural networks, the automatic classification to Malware sample is realized by deep learning, is known with good classification Other effect.
The present invention is on the basis of great amount of samples data are possessed, to extract dex files in each APK application packages, And the corresponding view data of each APK bag is generated using both hash algorithms of SimHash and Djb2.Again by these View data through having divided classification in advance utilizes a large amount of known class other style as input value, and using the vector of n × 1 as output Notebook data is trained to convolutional neural networks.It can be used for one will be obtained after excessive wheel repetitive exercise to new maliciously soft Part carries out the grader of Classification and Identification, is designated as CN.For each new unknown software, method generation pair as above is utilized The view data answered, is designated as X.The view data is calculated into corresponding output as the classification CN trained input value again Value Y=CN (X), wherein Y are 1 × n vector, the distance between the vector and known vector are calculated using Euclidean distance, when this When the vectorial Euclidean distance between a certain classification is less than threshold epsilon, then it represents that new samples belong to the category, also indicate that and detect The Malware of known class.
Compared with prior art, the invention has the advantages that:
This method utilizes the thought of deep learning, and Malware is classified, and is recognized again according to classification, with other detections Method is compared, with simple to operate, and recognition accuracy is high and the characteristics of fast detection speed.This method is only needed to substantial amounts of malice Software sample is gathered as training, through for repetitive exercise being excessively that can obtain good grader.Carried out to new Malware During identification, the grader directly trained with this can be calculated.
Brief description of the drawings
Fig. 1 Malware classifying and identifying system frame diagrams.Come first with the Android malware Sample Storehouse of known class In training, figure shown in numbering 1;Unknown software is detected with the obtained Malware grader of training again, numbering 2 in figure It is shown.
Fig. 2 apk file translations are view data flow figure.
Fig. 3 convolutional neural networks structure charts.
Embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings, but the implementation of the present invention is not limited to this.
Referring to Fig. 2, it is necessary first to Apk bags are converted into view data, comprised the following steps that:
Using inverse compiling technique, the dex files in Apk bags are extracted, and are divided into n groups, each group of size is M/ N, wherein M represent the length of dex files, and n is the quantity of packet.By each data group is Lai a long-living pixel.
Pixel position is calculated, is designated as (x, y).16bit cryptographic Hash is produced by using SimHash algorithms, And using preceding 8bit as x values, rear 8bit is used as y values.
The RGB color of each point is calculated, is designated as (r, g, b).32bit Hash is produced by using djb2 algorithms Value, and using 24~17bit as r values, 16~9bit is used as b values as g values, 8~1bit.
Carry out each packet of cycle calculations using 2,3 steps, you can each dex file is separately converted to 256 × 256 Rgb image data.
After view data is obtained, the sample data of substantial amounts of known class is trained to convolutional neural networks, As shown in Figure 3.
It is set during the training to meet the Euclidean distance of output valve between same kind of apk as small as possible, it is different The Euclidean distance of output valve is as big as possible between the apk of species.Object function is set to:
Wherein, G represents the set of identical type apk output valves in convolutional neural networks, and G ' is represented in convolutional neural networks The set of variety classes apk output valves, dis () represents two vectorial Euclidean distances.β is each several part weighted value, passes through actual test As a result it is adjusted.
Finally, unknown software is detected using the grader CN trained, and calculates the unknown software in process The minimum range between output vector and each known class Malware after classifier calculated, formula is as follows:
Wherein CN represents the grader trained, and p represents the view data that unknown software is changed into,Represent i-th All malicious applications are in the vectorial average value obtained after CN classifier calculateds in classification, and n represents known malice The categorical measure of software.
When e is less than threshold epsilon, then it represents that new samples belong to the category, then it represents that detect the Malware of known class.
The specific embodiment of the present invention is described above.It is to be appreciated that the invention is not limited in above-mentioned Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow Ring the substantive content of the present invention.

Claims (8)

1. a kind of Android malware detection method based on convolutional neural networks, it is characterised in that:
Step 1: APK bags are converted into image data file;
Step 2: obtaining after view data, the sample data of known class is trained to convolutional neural networks;
Step 3: being detected using the grader CN trained to unknown software.
2. detection method according to claim 1, it is characterised in that:The step one is to utilize SimHash and Djb2 two Plant hash algorithm and APK bags are converted into image data file.
3. detection method according to claim 1, it is characterised in that:The step 2 is specifically:Utilize deep learning Method, with the greatly target as far as possible of Euclidean distance between Euclidean distance between same species Apk bags as far as possible small, variety classes Apk bags Function, is trained.
4. detection method according to claim 3, it is characterised in that:The object function is set to:
<mrow> <mi>f</mi> <mrow> <mo>(</mo> <mi>y</mi> <mo>,</mo> <mi>&amp;beta;</mi> <mo>)</mo> </mrow> <mo>=</mo> <mrow> <mo>(</mo> <mn>1</mn> <mo>-</mo> <mi>&amp;beta;</mi> <mo>)</mo> </mrow> <munder> <mo>&amp;Sigma;</mo> <mrow> <msub> <mi>t</mi> <mi>i</mi> </msub> <mo>&amp;Element;</mo> <mi>G</mi> </mrow> </munder> <mi>d</mi> <mi>i</mi> <mi>s</mi> <mrow> <mo>(</mo> <mi>y</mi> <mo>-</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>+</mo> <mi>&amp;beta;</mi> <mfrac> <mn>1</mn> <mrow> <msub> <mo>&amp;Sigma;</mo> <mrow> <msub> <mi>t</mi> <mi>i</mi> </msub> <mo>&amp;Element;</mo> <msup> <mi>G</mi> <mo>&amp;prime;</mo> </msup> </mrow> </msub> <mi>d</mi> <mi>i</mi> <mi>s</mi> <mrow> <mo>(</mo> <mi>y</mi> <mo>-</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> </mrow> </mfrac> </mrow>
Wherein, G represents the set of identical type apk output valves in convolutional neural networks, and G ' represents different in convolutional neural networks The set of species apk output valves, dis () represents two vectorial Euclidean distances, and β is each several part weighted value, and y, ti represents each respectively The corresponding output vector of apk bags.
5. detection method according to claim 1, it is characterised in that:The step 3 includes:Utilize the classification trained Device CN detects to unknown software, and calculate the unknown software the output vector after classifier calculated with it is each known Minimum range between classification Malware, formula is as follows:
<mrow> <mi>e</mi> <mo>=</mo> <munder> <mrow> <mi>m</mi> <mi>i</mi> <mi>n</mi> </mrow> <mrow> <mi>i</mi> <mo>=</mo> <mn>1...</mn> <mi>n</mi> </mrow> </munder> <mo>{</mo> <mi>d</mi> <mi>i</mi> <mi>s</mi> <mrow> <mo>(</mo> <mi>C</mi> <mi>N</mi> <mo>(</mo> <mi>p</mi> <mo>)</mo> <mo>,</mo> <msub> <mover> <mi>g</mi> <mo>&amp;OverBar;</mo> </mover> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>}</mo> </mrow>
Wherein CN represents the grader trained, and p represents the view data that unknown software is changed into,Represent the i-th classification In all malicious applications in the vectorial average value obtained after CN classifier calculateds, n represents known Malware Categorical measure;
When e is less than threshold epsilon, then it represents that new samples belong to the category, then it represents that detect the Malware of known class.
6. detection method according to claim 1, it is characterised in that:Disliked using the sample data of known class to unknown Meaning software is detected, and finds out mutation Malware.
7. detection method according to claim 2, it is characterised in that:Using the characteristic of SimHash hash algorithms, to calculate The each decile data block of file is produced to be generated pixel position corresponding to image.
8. detection method according to claim 2, it is characterised in that:Generation file is calculated using Djb2 hash algorithms every First-class divided data block to be generated the RGB color of pixel corresponding to image.
CN201710107578.0A 2017-02-27 2017-02-27 A kind of Android malware detection method based on convolutional neural networks Pending CN107103235A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710107578.0A CN107103235A (en) 2017-02-27 2017-02-27 A kind of Android malware detection method based on convolutional neural networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710107578.0A CN107103235A (en) 2017-02-27 2017-02-27 A kind of Android malware detection method based on convolutional neural networks

Publications (1)

Publication Number Publication Date
CN107103235A true CN107103235A (en) 2017-08-29

Family

ID=59675540

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710107578.0A Pending CN107103235A (en) 2017-02-27 2017-02-27 A kind of Android malware detection method based on convolutional neural networks

Country Status (1)

Country Link
CN (1) CN107103235A (en)

Cited By (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107665307A (en) * 2017-09-13 2018-02-06 北京金山安全软件有限公司 Application identification method and device, electronic equipment and storage medium
CN107703186A (en) * 2017-09-26 2018-02-16 电子科技大学 Hardware Trojan horse detection method based on chip temperature field-effect
CN108038374A (en) * 2017-12-26 2018-05-15 郑州云海信息技术有限公司 It is a kind of to detect the method threatened in real time
CN108304540A (en) * 2018-01-29 2018-07-20 腾讯科技(深圳)有限公司 A kind of text data recognition methods, device and relevant device
CN108647518A (en) * 2018-03-16 2018-10-12 广东工业大学 A kind of Android platform malware detection method based on deep learning
CN108829607A (en) * 2018-07-09 2018-11-16 华南理工大学 A kind of Software Defects Predict Methods based on convolutional neural networks
CN108924090A (en) * 2018-06-04 2018-11-30 上海交通大学 A kind of shadowsocks flow rate testing methods based on convolutional neural networks
CN108985361A (en) * 2018-07-02 2018-12-11 北京金睛云华科技有限公司 A kind of malicious traffic stream detection implementation method and device based on deep learning
CN109002715A (en) * 2018-07-05 2018-12-14 东北大学秦皇岛分校 A kind of Malware recognition methods and system based on convolutional neural networks
CN109165510A (en) * 2018-09-04 2019-01-08 中国民航大学 Android malicious application detection method based on binary channels convolutional neural networks
CN109165688A (en) * 2018-08-28 2019-01-08 暨南大学 A kind of Android Malware family classification device construction method and its classification method
CN109284370A (en) * 2018-08-20 2019-01-29 中山大学 A kind of mobile application description and permission fidelity determination method and device based on deep learning
CN109492395A (en) * 2018-10-31 2019-03-19 厦门安胜网络科技有限公司 A kind of method, apparatus and storage medium detecting rogue program
CN109583567A (en) * 2018-11-29 2019-04-05 四川大学 A kind of Web autoscanner fingerprint recognition model based on CNN
CN109636792A (en) * 2018-12-14 2019-04-16 易思维(杭州)科技有限公司 A kind of defect of lens detection method based on deep learning
CN109684072A (en) * 2017-10-18 2019-04-26 卡巴斯基实验室股份制公司 The system and method for being used to detect the computing resource of malicious file based on machine learning model management
CN109711160A (en) * 2018-11-30 2019-05-03 北京奇虎科技有限公司 Application program detection method, device and nerve network system
CN109784056A (en) * 2019-01-02 2019-05-21 大连理工大学 A kind of malware detection method based on deep learning
CN109800797A (en) * 2018-12-29 2019-05-24 360企业安全技术(珠海)有限公司 File black and white judgment method, device and equipment based on AI
CN110096878A (en) * 2019-04-26 2019-08-06 武汉智美互联科技有限公司 A kind of detection method of Malware
CN110427756A (en) * 2019-06-20 2019-11-08 中国人民解放军战略支援部队信息工程大学 Android malware detection method and device based on capsule network
CN110532772A (en) * 2018-05-23 2019-12-03 深信服科技股份有限公司 File test method, model, equipment and computer readable storage medium
CN110647747A (en) * 2019-09-05 2020-01-03 四川大学 False mobile application detection method based on multi-dimensional similarity
CN110765458A (en) * 2019-09-19 2020-02-07 浙江工业大学 Malicious software detection method and device based on deep learning
CN111386526A (en) * 2018-01-24 2020-07-07 赫尔实验室有限公司 System for continuous authentication and protection of mobile applications
CN112329016A (en) * 2020-12-31 2021-02-05 四川大学 Visual malicious software detection device and method based on deep neural network
CN108062478B (en) * 2018-01-04 2021-04-02 北京理工大学 Global feature visualization and local feature combined malicious code classification method
CN113378163A (en) * 2020-03-10 2021-09-10 四川大学 Android malicious software family classification method based on DEX file partition characteristics
CN114021122A (en) * 2021-11-02 2022-02-08 北京航空航天大学 Interactive enhanced malicious variation detection method based on time sequence network
CN114579970A (en) * 2022-05-06 2022-06-03 南京明博互联网安全创新研究院有限公司 Convolutional neural network-based android malicious software detection method and system
CN115062303A (en) * 2022-05-31 2022-09-16 四川大学 Android malicious software classification method based on original payload and deep learning
EP3918500B1 (en) * 2019-03-05 2024-04-24 Siemens Industry Software Inc. Machine learning-based anomaly detections for embedded software applications

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105989288A (en) * 2015-12-31 2016-10-05 武汉安天信息技术有限责任公司 Deep learning-based malicious code sample classification method and system
CN106096411A (en) * 2016-06-08 2016-11-09 浙江工业大学 A kind of Android malicious code family classification method based on bytecode image clustering
US20170017793A1 (en) * 2015-07-15 2017-01-19 Cylance Inc. Malware detection

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170017793A1 (en) * 2015-07-15 2017-01-19 Cylance Inc. Malware detection
CN105989288A (en) * 2015-12-31 2016-10-05 武汉安天信息技术有限责任公司 Deep learning-based malicious code sample classification method and system
CN106096411A (en) * 2016-06-08 2016-11-09 浙江工业大学 A kind of Android malicious code family classification method based on bytecode image clustering

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KYOUNGSOO HAN,BOOJOONG KANG,EUL GYU IM: "Malware Analysis Using Visualized Image Matrices", 《PROCEEDINGS OF THE 2013 RESEARCH IN ADAPTIVE AND CONVERGENT SYSTEMS》 *

Cited By (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107665307A (en) * 2017-09-13 2018-02-06 北京金山安全软件有限公司 Application identification method and device, electronic equipment and storage medium
CN107703186A (en) * 2017-09-26 2018-02-16 电子科技大学 Hardware Trojan horse detection method based on chip temperature field-effect
CN109684072A (en) * 2017-10-18 2019-04-26 卡巴斯基实验室股份制公司 The system and method for being used to detect the computing resource of malicious file based on machine learning model management
CN109684072B (en) * 2017-10-18 2023-06-27 卡巴斯基实验室股份制公司 System and method for managing computing resources for detecting malicious files based on a machine learning model
CN108038374A (en) * 2017-12-26 2018-05-15 郑州云海信息技术有限公司 It is a kind of to detect the method threatened in real time
CN108062478B (en) * 2018-01-04 2021-04-02 北京理工大学 Global feature visualization and local feature combined malicious code classification method
CN111386526A (en) * 2018-01-24 2020-07-07 赫尔实验室有限公司 System for continuous authentication and protection of mobile applications
CN111386526B (en) * 2018-01-24 2024-02-06 赫尔实验室有限公司 System for continuous authentication and protection of mobile applications
CN108304540A (en) * 2018-01-29 2018-07-20 腾讯科技(深圳)有限公司 A kind of text data recognition methods, device and relevant device
CN108647518A (en) * 2018-03-16 2018-10-12 广东工业大学 A kind of Android platform malware detection method based on deep learning
CN110532772B (en) * 2018-05-23 2024-01-02 深信服科技股份有限公司 File detection method, model, device and computer readable storage medium
CN110532772A (en) * 2018-05-23 2019-12-03 深信服科技股份有限公司 File test method, model, equipment and computer readable storage medium
CN108924090A (en) * 2018-06-04 2018-11-30 上海交通大学 A kind of shadowsocks flow rate testing methods based on convolutional neural networks
CN108924090B (en) * 2018-06-04 2020-12-11 上海交通大学 Method for detecting traffics of shadowsocks based on convolutional neural network
CN108985361B (en) * 2018-07-02 2021-06-18 北京金睛云华科技有限公司 Malicious traffic detection implementation method and device based on deep learning
CN108985361A (en) * 2018-07-02 2018-12-11 北京金睛云华科技有限公司 A kind of malicious traffic stream detection implementation method and device based on deep learning
CN109002715A (en) * 2018-07-05 2018-12-14 东北大学秦皇岛分校 A kind of Malware recognition methods and system based on convolutional neural networks
CN109002715B (en) * 2018-07-05 2020-09-15 东北大学秦皇岛分校 Malicious software identification method and system based on convolutional neural network
CN108829607B (en) * 2018-07-09 2021-08-10 华南理工大学 Software defect prediction method based on convolutional neural network
CN108829607A (en) * 2018-07-09 2018-11-16 华南理工大学 A kind of Software Defects Predict Methods based on convolutional neural networks
CN109284370A (en) * 2018-08-20 2019-01-29 中山大学 A kind of mobile application description and permission fidelity determination method and device based on deep learning
CN109284370B (en) * 2018-08-20 2022-05-06 中山大学 Mobile application description and permission fidelity determination method and device based on deep learning
CN109165688A (en) * 2018-08-28 2019-01-08 暨南大学 A kind of Android Malware family classification device construction method and its classification method
CN109165510A (en) * 2018-09-04 2019-01-08 中国民航大学 Android malicious application detection method based on binary channels convolutional neural networks
CN109165510B (en) * 2018-09-04 2021-03-26 中国民航大学 Android malicious application program detection method based on two-channel convolutional neural network
CN109492395A (en) * 2018-10-31 2019-03-19 厦门安胜网络科技有限公司 A kind of method, apparatus and storage medium detecting rogue program
CN109583567A (en) * 2018-11-29 2019-04-05 四川大学 A kind of Web autoscanner fingerprint recognition model based on CNN
CN109711160B (en) * 2018-11-30 2023-10-31 北京奇虎科技有限公司 Application program detection method and device and neural network system
CN109711160A (en) * 2018-11-30 2019-05-03 北京奇虎科技有限公司 Application program detection method, device and nerve network system
CN109636792A (en) * 2018-12-14 2019-04-16 易思维(杭州)科技有限公司 A kind of defect of lens detection method based on deep learning
CN109636792B (en) * 2018-12-14 2020-05-22 易思维(杭州)科技有限公司 Lens defect detection method based on deep learning
CN109800797A (en) * 2018-12-29 2019-05-24 360企业安全技术(珠海)有限公司 File black and white judgment method, device and equipment based on AI
CN109784056A (en) * 2019-01-02 2019-05-21 大连理工大学 A kind of malware detection method based on deep learning
EP3918500B1 (en) * 2019-03-05 2024-04-24 Siemens Industry Software Inc. Machine learning-based anomaly detections for embedded software applications
CN110096878A (en) * 2019-04-26 2019-08-06 武汉智美互联科技有限公司 A kind of detection method of Malware
CN110427756A (en) * 2019-06-20 2019-11-08 中国人民解放军战略支援部队信息工程大学 Android malware detection method and device based on capsule network
CN110427756B (en) * 2019-06-20 2021-05-04 中国人民解放军战略支援部队信息工程大学 Capsule network-based android malicious software detection method and device
CN110647747A (en) * 2019-09-05 2020-01-03 四川大学 False mobile application detection method based on multi-dimensional similarity
CN110765458A (en) * 2019-09-19 2020-02-07 浙江工业大学 Malicious software detection method and device based on deep learning
CN113378163A (en) * 2020-03-10 2021-09-10 四川大学 Android malicious software family classification method based on DEX file partition characteristics
CN112329016A (en) * 2020-12-31 2021-02-05 四川大学 Visual malicious software detection device and method based on deep neural network
CN114021122A (en) * 2021-11-02 2022-02-08 北京航空航天大学 Interactive enhanced malicious variation detection method based on time sequence network
CN114021122B (en) * 2021-11-02 2024-05-03 北京航空航天大学 Interactive enhancement type malicious variety detection method based on time sequence network
CN114579970B (en) * 2022-05-06 2022-07-22 南京明博互联网安全创新研究院有限公司 Convolutional neural network-based android malicious software detection method and system
CN114579970A (en) * 2022-05-06 2022-06-03 南京明博互联网安全创新研究院有限公司 Convolutional neural network-based android malicious software detection method and system
CN115062303A (en) * 2022-05-31 2022-09-16 四川大学 Android malicious software classification method based on original payload and deep learning
CN115062303B (en) * 2022-05-31 2024-04-05 四川大学 Android malicious software classification method based on original payload and deep learning

Similar Documents

Publication Publication Date Title
CN107103235A (en) A kind of Android malware detection method based on convolutional neural networks
Shabtai et al. Applying behavioral detection on android-based devices
Ceschin et al. The need for speed: An analysis of brazilian malware classifiers
CN106778268A (en) Malicious code detecting method and system
CN108595955A (en) A kind of Android mobile phone malicious application detecting system and method
Darus et al. Android malware detection using machine learning on image patterns
CN106599688A (en) Application category-based Android malicious software detection method
Tufan et al. Anomaly-based intrusion detection by machine learning: A case study on probing attacks to an institutional network
CN110263538A (en) A kind of malicious code detecting method based on system action sequence
CN105426762A (en) Static detection method for malice of android application programs
Zhang et al. SaaS: A situational awareness and analysis system for massive android malware detection
CN107392021B (en) A kind of Android malicious application detection method based on multiclass feature
CN110392013A (en) A kind of Malware recognition methods, system and electronic equipment based on net flow assorted
CN112422531A (en) CNN and XGboost-based network traffic abnormal behavior detection method
Kedziora et al. Malware detection using machine learning algorithms and reverse engineering of android java code
CN105072214A (en) C&amp;C domain name identification method based on domain name feature
CN105224600A (en) A kind of detection method of Sample Similarity and device
Yuan et al. IoT malware classification based on lightweight convolutional neural networks
US20230418943A1 (en) Method and device for image-based malware detection, and artificial intelligence-based endpoint detection and response system using same
CN106713293A (en) Cloud platform malicious behavior detecting system and method
Darwaish et al. Rgb-based android malware detection and classification using convolutional neural network
Mpanti et al. A graph-based model for malicious software detection exploiting domination relations between system-call groups
Dehkordy et al. DroidTKM: Detection of trojan families using the KNN classifier based on manhattan distance metric
Zou et al. IMCLNet: A lightweight deep neural network for Image-based Malware Classification
Harbola et al. Improved intrusion detection in DDoS applying feature selection using rank & score of attributes in KDD-99 data set

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170829