CN109657452A - A kind of mobile application behavior dynamic credible appraisal procedure and device - Google Patents
A kind of mobile application behavior dynamic credible appraisal procedure and device Download PDFInfo
- Publication number
- CN109657452A CN109657452A CN201811564015.5A CN201811564015A CN109657452A CN 109657452 A CN109657452 A CN 109657452A CN 201811564015 A CN201811564015 A CN 201811564015A CN 109657452 A CN109657452 A CN 109657452A
- Authority
- CN
- China
- Prior art keywords
- solution
- credible
- candidate
- markov model
- hidden markov
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
It includes S1 that the present invention, which provides a kind of mobile application behavior dynamic credible appraisal procedure and device, this method: being trained to hidden Markov model, and using the hidden Markov model after training as the input of tabu search algorithm;S2: judging whether the current iteration step number of tabu search algorithm is greater than preset maximum step number, if so, will currently solve as last solution, and corresponding hidden Markov model is exported, if it is not, then performing the next step;S3: generating the candidate disaggregation currently solved, calculates the target function value that candidate solution concentrates each candidate solution;S4: judging whether the target function value of each candidate solution meets aspiration level, if so, the candidate solution for meeting aspiration level is updated to currently solve, and re-executes S2, if it is not, then being updated to currently solve by the best candidate solution that do not avoided, and re-executes S2;S5: credible evaluation is carried out to application behavioral chain to be detected by hidden Markov model.The present invention, which is improved, assesses accuracy rate using behavior dynamic credible.
Description
Technical field
The present invention relates to mobile application security technical field more particularly to a kind of mobile application behavior dynamic credible assessment sides
Method and device.
Background technique
Trusted Computing Group (Trusted Computing Group, TCG) is determined from entity behavior angle credible
Justice: " if the behavior of an entity, always by way of expectations, reach the set goal, be then called believable ".Software
In the whole life cycle that credible feature is run through software, the credible evaluation of mobile application (APP) should also be comprehensively considered
The trusted status in each stage in application life cycles.Therefore, credible evaluation process not only need using staticametric mechanism come
Assess the credible evidence that mobile application is provided in development phase and presentation stage, it is also necessary to answer to assess using dynamic measurement mechanism
With credible evidence in the process of running.Credible evidence when mobile application is run refers to letter relevant to operating status is applied
Breath, these information include application behavior and the system trusted status as caused by behavior variation, application output and input
Deng.In mobile application operation in dynamic credible evaluation process, trusted resource when being important to notice that using operation and credible
The access of service and the variation for calling system trusted status caused by behavior and these behaviors.Monitoring agent mainly passes through hook
The access behavior of trusted resource and trusted service that function monitoring provides credible engine using actual moving process, and will monitoring
To behavior be pooled to the behavioral chain that action trail analyzer is recorded as application program, further according to the row provided in behavior pattern library
The good and evil property that behavior is applied in heuristic analysis judgement is carried out for mode.
Existing scheme is to carry out heuristic analysis to mobile application behavioral chain using hidden Markov model (HMM), is sentenced
Whether disconnected mobile application behavioral chain is credible.Dynamic behaviour credible evaluation in mobile application operational process is regarded as one by the program
A two-value classification problem, i.e., it is credible and insincere.Two points of classifiers are constructed using HMM to solve classification problem.
In practical application, there is also certain problems by HMM, for example model is inaccurate, robustness is poor, rate of false alarm
Compared with high, big to initial parameter dependence, and it is easy to cause during model training the dependence of initial parameter and falls into part
Optimal problem influences the overall performance of model.Baum-Welch algorithm (the abbreviation B-W used in traditional HMM training process
Algorithm) be the decline of a gradient optimization algorithm, result caused in this way be exactly model be not achieved during the training period it is optimal.Existing
It is clearly indicated that in some research, the initial parameter π and A of HMM is smaller on the influence of the overall performance of model in the training stage, can be right
The two stochastic parameter assignment either uniform value;And the initial value of parameter B during model training to the globality of model
There can be large effect.These problems seriously hinder HMM to extensive in mobile application behavioral chain progress heuristic analysis
Using, it is therefore necessary to it is optimized.
Summary of the invention
The embodiment of the invention provides a kind of mobile application behavior dynamic credible appraisal procedure and devices, by hidden Ma Er
Can husband's model optimize, improve using behavior dynamic credible assess accuracy rate.
According to an aspect of the present invention, a kind of mobile application behavior dynamic credible appraisal procedure is provided, comprising:
S1: being trained hidden Markov model by Baum-Welch algorithm and training sequence, and will be after training
Input of the hidden Markov model as tabu search algorithm, wherein the solution of the tabu search algorithm is the hidden horse
The parameter set of Er Kefu model, the parameter set include parameter π, parameter A and parameter B;
S2: judging whether the current iteration step number of the tabu search algorithm is greater than preset maximum step number, if so, by current
Solution is used as last solution, and exports the corresponding hidden Markov model, if it is not, then performing the next step;
S3: the candidate disaggregation currently solved is generated, the target function value that the candidate solution concentrates each candidate solution is calculated;
S4: judging whether the target function value of each candidate solution meets aspiration level, if so, will meet described thirsty
The candidate solution of prestige level is updated to the current solution, and re-executes S2, if it is not, the best candidate that will then not avoided
Solution is updated to the current solution, and re-executes S2;
S5: credible evaluation is carried out to application behavioral chain to be detected by the hidden Markov model.
Preferably, the parameter π and parameter A is preset fixed value.
Preferably, whether the target function value for judging each candidate solution meets aspiration level specifically:
In all candidate solutions, the target function value for judging whether there is a candidate solution is optimal greater than history
The target function value of solution.
Preferably, whether the target function value for judging each candidate solution meets aspiration level, if so, will expire
The candidate solution of the foot aspiration level is updated to the current solution, and re-execute S2, if it is not, will then not avoided
Best candidate solution is updated to the current solution, and re-executes S2 specifically:
In all candidate solutions, the target function value for judging whether there is a candidate solution is optimal greater than history
The target function value of solution updates simultaneously if so, the candidate solution for meeting the aspiration level is updated to the current solution
History optimal solution and taboo list, and S2 is re-executed, if it is not, then the best candidate solution that do not avoided is updated to described current
Solution, while taboo list is updated, and re-execute S2.
Preferably, whether the current iteration step number for judging the tabu search algorithm is greater than preset maximum step number, if
It is that will currently solve as last solution, and export the corresponding hidden Markov model, if it is not, then performing the next step specific
Are as follows:
Judge whether the current iteration step number of the tabu search algorithm is greater than preset maximum step number, if so, will currently solve
As last solution, and the corresponding hidden Markov model is exported, while the last solution is stored in pattern base, if it is not,
Then perform the next step.
Preferably, the pattern base further include: the preset hidden short sequence sets of state and preset credible threshold value.
Preferably, described specific to application behavioral chain to be detected progress credible evaluation by the hidden Markov model
Include:
S51: acquisition is to be detected to apply behavioral chain, will be multiple behavior patterns using behavioral chain cutting;
S52: each behavior pattern is counted respectively by the viterbi algorithm in the hidden Markov model
It calculates, obtains the corresponding hidden short sequence of state of each behavior pattern;
S53: determining the number that all hidden short sequences of state are comprised in the preset hidden short sequence sets of state, if
The number is not less than preset credible threshold value, then credible using behavioral chain, if the number is less than preset credible threshold value, applies
Behavioral chain is insincere.
According to another aspect of the present invention, a kind of mobile application behavior dynamic credible assessment device is provided, comprising:
Training module, for being trained by Baum-Welch algorithm and training sequence to hidden Markov model, and
Using the hidden Markov model after training as the input of tabu search algorithm, wherein the solution of the tabu search algorithm
For the parameter set of the hidden Markov model, the parameter set includes parameter π, parameter A and parameter B;
First judgment module, for judging whether the current iteration step number of the tabu search algorithm is greater than preset maximum step
Number, if so, will currently solve as last solution, and exports the corresponding hidden Markov model, if it is not, then triggering generation mould
Block;
Generation module calculates the target that the candidate solution concentrates each candidate solution for generating the candidate disaggregation currently solved
Functional value;
Second judgment module, for judging whether the target function value of each candidate solution meets aspiration level, if so,
The candidate solution for meeting the aspiration level is then updated to the current solution, and retriggered first judgment module, if not
It is that the best candidate solution that do not avoided then is updated to the current solution, and retriggered first judgment module;
Evaluation module, for carrying out credible evaluation to application behavioral chain to be detected by the hidden Markov model.
According to another aspect of the present invention, a kind of mobile application behavior dynamic credible assessment device, including processor are provided
And memory, computer program instructions are stored on the memory, are realized such as when described program instruction is executed by processor
Above-described mobile application behavior dynamic credible appraisal procedure.
According to another aspect of the present invention, a kind of computer readable storage medium is provided, calculating is stored on the medium
Machine program instruction realizes that mobile application behavior dynamic credible as described above is commented when described program instruction is executed by processor
Estimate method.
As can be seen from the above technical solutions, the embodiment of the present invention has the advantage that
It includes S1 that the present invention, which provides a kind of mobile application behavior dynamic credible appraisal procedure and device, this method: to hidden horse
Er Kefu model is trained, and using the hidden Markov model after training as the input of tabu search algorithm;S2: judgement is prohibited
Whether the current iteration step number for avoiding searching algorithm is greater than preset maximum step number, if so, will currently solve as last solution, and output pair
The hidden Markov model answered, if it is not, then performing the next step;S3: generating the candidate disaggregation currently solved, calculates candidate solution and concentrates
The target function value of each candidate solution;S4: judging whether the target function value of each candidate solution meets aspiration level, if so,
The candidate solution for meeting aspiration level is updated to currently solve, and re-executes S2, if it is not, the best candidate that will then not avoided
Solution is updated to currently solve, and re-executes S2;S5: application behavioral chain to be detected is carried out by hidden Markov model credible
Assessment.Since tabu search algorithm is for traditional optimization method, there is ability of climbing the mountain well, can be avoided and fall into
Local best points.For other optimization algorithms such as genetic algorithm, tabu search algorithm has faster convergence rate.Cause
This, present invention proposition optimizes HMM using tabu search algorithm, makes HMM that can reach global optimum during the training period, improves
The precision of HMM model improves the accuracy rate assessed using behavior dynamic credible.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other attached drawings according to these attached drawings.
Fig. 1 is that a kind of process of one embodiment of mobile application behavior dynamic credible appraisal procedure provided by the invention is shown
It is intended to;
Fig. 2 is a kind of process of another embodiment of mobile application behavior dynamic credible appraisal procedure provided by the invention
Schematic diagram;
Fig. 3 is that the structure of one embodiment that a kind of mobile application behavior dynamic credible provided by the invention assesses device is shown
It is intended to.
Specific embodiment
The embodiment of the invention provides a kind of mobile application behavior dynamic credible appraisal procedure and devices, by hidden Ma Er
Can husband's model optimize, improve using behavior dynamic credible assess accuracy rate.
In order to make the invention's purpose, features and advantages of the invention more obvious and easy to understand, below in conjunction with the present invention
Attached drawing in embodiment, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that disclosed below
Embodiment be only a part of the embodiment of the present invention, and not all embodiment.Based on the embodiments of the present invention, this field
Those of ordinary skill's all other embodiment obtained without making creative work, belongs to protection of the present invention
Range.
Referring to Fig. 1, a kind of one embodiment of mobile application behavior dynamic credible appraisal procedure provided by the invention, packet
It includes:
101, hidden Markov model is trained by Baum-Welch algorithm and training sequence, and will be after training
Input of the hidden Markov model as tabu search algorithm, wherein the solution of tabu search algorithm is hidden Markov model
Parameter set, parameter set include parameter π, parameter A and parameter B;
102, judge whether the current iteration step number of tabu search algorithm is greater than preset maximum step number, if so, will currently solve
As last solution, and corresponding hidden Markov model is exported, if it is not, then performing the next step;
103, the candidate disaggregation currently solved is generated, the target function value that candidate solution concentrates each candidate solution is calculated;
104, judge whether the target function value of each candidate solution meets aspiration level, if so, aspiration level will be met
Candidate solution be updated to currently solve, and 102 are re-executed, if it is not, being then updated to the best candidate solution that do not avoided currently
Solution, and re-execute 102;
105, credible evaluation is carried out to application behavioral chain to be detected by hidden Markov model.
Since tabu search algorithm is for traditional optimization method, there is ability of climbing the mountain well, can be avoided
Fall into local best points.For other optimization algorithms such as genetic algorithm, tabu search algorithm has faster convergence speed
Degree.Therefore, present invention proposition optimizes HMM using tabu search algorithm, and the overall situation can be reached most by making HMM during the training period
It is excellent, the precision of HMM model is improved, the accuracy rate assessed using behavior dynamic credible is improved.
The above are a kind of one embodiment of mobile application behavior dynamic credible appraisal procedure, to carry out in particular
It is bright, a kind of another embodiment of mobile application behavior dynamic credible appraisal procedure is provided below, referring to Fig. 2, the present invention mentions
A kind of another embodiment of the mobile application behavior dynamic credible appraisal procedure supplied, comprising:
201, hidden Markov model is trained by Baum-Welch algorithm and training sequence, and will be after training
Input of the hidden Markov model as tabu search algorithm, wherein the solution of tabu search algorithm is hidden Markov model
Parameter set, parameter set include parameter π, parameter A and parameter B;
In the present embodiment, by Baum-Welch algorithm and training sequence (characterization applies normal behaviour) to original hidden
Markov model is trained, the model λ=input of (π, A, B) as tabu search algorithm after training.It is understood that
, solution space of the model as tabu search algorithm after training, a proud solution indicates the parameter π of HMM in solution space,
A and B.
For tabu search algorithm, greatest iteration step number can be preset in advance, and taboo list is set as empty set in advance.It is right
In Xie Eryan, coding mode is floating-point code, one n sequences is arranged, the value range of each element is in sequence
(0,1), n=N × N+N+M × N, wherein N indicates the number of hidden status switch, and M indicates the number of observation value sequence, every in sequence
The value range of one element is (0,1).Preceding N × N+N element remains unchanged in coded sequence, this is because λ=(π, A,
B in), the first two parameter corresponds to preceding N × N+N of coded sequence, and parameter π and A have been generated properly via B-W algorithm
Value (i.e. preset fixed value), no longer need to do and optimize, it is mobile to be not involved in subsequent field.And parameter B corresponds to coded sequence
M N-bit afterwards, emphasis of the embodiment of the present invention optimize parameter B.
Taboo list is for preventing from recycling in search process, this Tabu search algorithm is dimensioned to 25 for taboo list,
Taboo list is usually noted newly received 25 movements, forbids being accessed again within 25 times;It has crossed after 25 times, these shiftings
It is dynamic to be exited from taboo list, and can be accessed again.
202, judge whether the current iteration step number of tabu search algorithm is greater than preset maximum step number, if so, will currently solve
As last solution, and corresponding hidden Markov model is exported, while last solution is stored in pattern base, if it is not, under then executing
One step;
In the present embodiment, after judging that the current iteration step number of tabu search algorithm is greater than preset maximum step number, then will work as
Preceding solution is used as last solution, and corresponding hidden Markov model is the model optimized, can be used as the model of credible evaluation.
If being not more than, enter in the loop iteration of parameter B optimization, i.e. step 203.
Pattern base includes: last solution i.e. λnew=(πnew,Anew,Bnew), the short sequence sets of observed value (normal use behavior mould
Formula) corresponding preset hidden short sequence sets of state and differentiate the whether believable preset credible threshold value of sequence to be detected.Wherein, using dimension
Spy finds out than algorithm and the short sequence sets of the most matched hidden state of the short sequence sets of training, preset as the preset hidden short sequence sets of state
Credible threshold value is set according to historical behavior.
203, the candidate disaggregation currently solved is generated, the target function value that candidate solution concentrates each candidate solution is calculated;
Movement is that the approach of new explanation is generated from current solution, this tabu search algorithm uses the movement rule of switch type two-by-two,
All mobile composition fields that can be carried out from current solution.Search each time is all based on the candidate disaggregation currently solved.At this
Candidate disaggregation is the proper subclass in field in inventive embodiments, i.e., scans a part in field only to constitute candidate disaggregation, this algorithm
Candidate disaggregation is sized to 15.Target function value is P (O | λ) value of a certain solution of solution space.
204, in all candidate solutions, the target function value for judging whether there is a candidate solution is greater than history optimal solution
Target function value, if so, the candidate solution for meeting aspiration level is updated to currently solve, while more new historical optimal solution and taboo
Table, and 202 are re-executed, if it is not, then being updated to currently solve by the best candidate solution that do not avoided, while taboo list is updated,
And re-execute 202;
In embodiments of the present invention, aspiration level refers under the conditions of certain specific, regardless of whether some movement is being prohibited
Avoid in table, all receive this movement, and update current solution and history optimal solution, meets the specified conditions of this movement.Specifically,
In all candidate solutions, the target function value for judging whether there is a candidate solution is greater than the target function value of history optimal solution,
If so, the candidate solution for meeting aspiration level is updated to currently solve, while more new historical optimal solution and taboo list, and hold again
Row 202 if it is not, then being updated to currently solve by the best candidate solution that do not avoided, while updating taboo list, and re-execute
202。
After such loop iteration, the optimization to parameter B can be completed, export final hidden Markov model.
205, acquisition is to be detected applies behavioral chain, will be multiple behavior patterns using behavioral chain cutting;
After obtaining application behavioral chain to be detected, it is handled using sliding window, is a series of width by its cutting
Degree is the behavior pattern of k.
206, each behavior pattern is respectively calculated by the viterbi algorithm in hidden Markov model, is obtained each
The corresponding hidden short sequence of state of a behavior pattern;
Each behavior pattern is respectively calculated by the viterbi algorithm in hidden Markov model, obtains each row
For the corresponding optimal hidden short sequence of state of mode, and gather all short sequences of hidden state as one.
207, the number that all short sequences of hidden state are comprised in the preset short sequence sets of hidden state is determined, if number is not small
It is in preset credible threshold value, then credible using behavioral chain, it is insincere using behavioral chain if number is less than preset credible threshold value.
In the short arrangement set of hidden state that step 206 obtains, determination is comprised in the preset short sequence sets of hidden state
The number of the hidden short sequence of state, if the number is not less than preset credible threshold value, credible using behavioral chain, mobile application is after reforwarding
Row, it is insincere using behavioral chain if the number is less than preset credible threshold value, terminate application operation.
It is the detailed description carried out to a kind of mobile application behavior dynamic credible appraisal procedure provided by the invention above, with
Lower structure and connection relationship by a kind of mobile application behavior dynamic credible assessment device provided by the invention is illustrated, and is asked
Refering to Fig. 3, a kind of one embodiment of mobile application behavior dynamic credible assessment device provided by the invention, comprising:
Training module 301, for being trained by Baum-Welch algorithm and training sequence to hidden Markov model,
And using the hidden Markov model after training as the input of tabu search algorithm, wherein the Xie Weiyin horse of tabu search algorithm
The parameter set of Er Kefu model, parameter set include parameter π, parameter A and parameter B;
First judgment module 302, for judging whether the current iteration step number of tabu search algorithm is greater than preset maximum step
Number, if so, will currently solve as last solution, and exports corresponding hidden Markov model, if it is not, then triggering generation module
303;
Generation module 303 calculates the target letter that candidate solution concentrates each candidate solution for generating the candidate disaggregation currently solved
Numerical value;
Second judgment module 304, for judging whether the target function value of each candidate solution meets aspiration level, if so,
Then the candidate solution for meeting aspiration level is updated to currently solve, and retriggered first judgment module 302, if it is not, then will not
The best candidate solution avoided is updated to currently solve, and retriggered first judgment module 302;
Evaluation module 305, for carrying out credible evaluation to application behavioral chain to be detected by hidden Markov model.
Further, parameter π and parameter A is preset fixed value.
Further, the second judgment module 304 is also used in all candidate solutions, judges whether there is a candidate solution
Target function value be greater than history optimal solution target function value, if so, the candidate solution for meeting aspiration level is updated to work as
Preceding solution, and retriggered first judgment module 302, if it is not, then be updated to currently solve by the best candidate solution that do not avoided, and
Retriggered first judgment module 302.
Further, the second judgment module 304 is also used in all candidate solutions, judges whether there is a candidate solution
Target function value be greater than history optimal solution target function value, if so, the candidate solution for meeting aspiration level is updated to work as
Preceding solution, while more new historical optimal solution and taboo list, and retriggered first judgment module 302, if it is not, will not then be avoided
Best candidate solution be updated to currently solve, while updating taboo list, and retriggered first judgment module 302.
Further, first judgment module 302 is also used to judge whether the current iteration step number of tabu search algorithm is big
In preset maximum step number, if so, will currently solve as last solution, and corresponding hidden Markov model is exported, while will be final
Solution deposit pattern base, if it is not, then performing the next step.
Further, pattern base further include: the preset hidden short sequence sets of state and preset credible threshold value.
Further, evaluation module 305 specifically includes:
Acquiring unit, it is to be detected using behavioral chain for obtaining, it will be multiple behavior patterns using behavioral chain cutting;
Computing unit, based on being carried out respectively by the viterbi algorithm in hidden Markov model to each behavior pattern
It calculates, obtains the corresponding hidden short sequence of state of each behavior pattern;
Assessment unit, the number being comprised in the preset short sequence sets of hidden state for determining all short sequences of hidden state,
It is credible using behavioral chain if number is not less than preset credible threshold value, if number is less than preset credible threshold value, apply behavioral chain
It is insincere.
A kind of another embodiment of mobile application behavior dynamic credible assessment device provided by the invention, including processor
And memory, computer program instructions are stored on memory, are realized when program instruction is executed by processor as previously discussed
Mobile application behavior dynamic credible appraisal procedure.
The invention further relates to a kind of computer readable storage medium, computer program instructions are stored on medium, work as program
Instruction realizes mobile application behavior dynamic credible appraisal procedure as described above when being executed by processor.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the present invention
Portion or part steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-
OnlyMemory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various to deposit
Store up the medium of program code.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although referring to before
Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding
Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these
It modifies or replaces, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.
Claims (10)
1. a kind of mobile application behavior dynamic credible appraisal procedure characterized by comprising
S1: being trained hidden Markov model by Baum-Welch algorithm and training sequence, and will be described in after training
Input of the hidden Markov model as tabu search algorithm, wherein the solution of the tabu search algorithm is the hidden Ma Erke
The parameter set of husband's model, the parameter set include parameter π, parameter A and parameter B;
S2: judging whether the current iteration step number of the tabu search algorithm is greater than preset maximum step number, if so, work will be solved currently
For last solution, and the corresponding hidden Markov model is exported, if it is not, then performing the next step;
S3: the candidate disaggregation currently solved is generated, the target function value that the candidate solution concentrates each candidate solution is calculated;
S4: judging whether the target function value of each candidate solution meets aspiration level, if so, will meet the serious hope water
The flat candidate solution is updated to the current solution, and re-executes S2, if it is not, then more by the best candidate solution that do not avoided
It is newly the current solution, and re-executes S2;
S5: credible evaluation is carried out to application behavioral chain to be detected by the hidden Markov model.
2. mobile application behavior dynamic credible appraisal procedure according to claim 1, which is characterized in that the parameter π and
The parameter A is preset fixed value.
3. mobile application behavior dynamic credible appraisal procedure according to claim 1, which is characterized in that the judgement is each
Whether the target function value of the candidate solution meets aspiration level specifically:
In all candidate solutions, the target function value for judging whether there is a candidate solution is greater than history optimal solution
Target function value.
4. mobile application behavior dynamic credible appraisal procedure according to claim 3, which is characterized in that the judgement is each
Whether the target function value of the candidate solution meets aspiration level, if so, the candidate solution that will meet the aspiration level
It is updated to the current solution, and re-executes S2, if it is not, being then updated to the best candidate solution that do not avoided described current
Solution, and re-execute S2 specifically:
In all candidate solutions, the target function value for judging whether there is a candidate solution is greater than history optimal solution
Target function value, if so, the candidate solution for meeting the aspiration level is updated to the current solution, while more new historical
Optimal solution and taboo list, and S2 is re-executed, if it is not, the best candidate solution that do not avoided then is updated to the current solution,
Taboo list is updated simultaneously, and re-executes S2.
5. mobile application behavior dynamic credible appraisal procedure according to claim 1, which is characterized in that described in the judgement
Whether the current iteration step number of tabu search algorithm is greater than preset maximum step number, if so, will currently solve as last solution, and exports
The corresponding hidden Markov model, if it is not, then performing the next step specifically:
Judge whether the current iteration step number of the tabu search algorithm is greater than preset maximum step number, if so, conduct will be solved currently
Last solution, and the corresponding hidden Markov model is exported, while the last solution is stored in pattern base, if it is not, then holding
Row is in next step.
6. mobile application behavior dynamic credible appraisal procedure according to claim 5, which is characterized in that the pattern base is also
It include: the short sequence sets of preset hidden state and preset credible threshold value.
7. mobile application behavior dynamic credible appraisal procedure according to claim 6, which is characterized in that described by described
Hidden Markov model carries out credible evaluation to application behavioral chain to be detected and specifically includes:
S51: acquisition is to be detected to apply behavioral chain, will be multiple behavior patterns using behavioral chain cutting;
S52: each behavior pattern is respectively calculated by the viterbi algorithm in the hidden Markov model, is obtained
To the corresponding hidden short sequence of state of each behavior pattern;
S53: the number that all hidden short sequences of state are comprised in the preset hidden short sequence sets of state is determined, if described
Number is not less than preset credible threshold value, then credible using behavioral chain, if the number is less than preset credible threshold value, applies behavior
Chain is insincere.
8. a kind of mobile application behavior dynamic credible assesses device characterized by comprising
Training module, for being trained by Baum-Welch algorithm and training sequence to hidden Markov model, and will instruction
Input of the hidden Markov model as tabu search algorithm after white silk, wherein the Xie Weisuo of the tabu search algorithm
The parameter set of hidden Markov model is stated, the parameter set includes parameter π, parameter A and parameter B;
First judgment module, for judging whether the current iteration step number of the tabu search algorithm is greater than preset maximum step number,
If so, will currently solve as last solution, and the corresponding hidden Markov model is exported, if it is not, then triggering generation module;
Generation module calculates the objective function that the candidate solution concentrates each candidate solution for generating the candidate disaggregation currently solved
Value;
Second judgment module, for judging whether the target function value of each candidate solution meets aspiration level, if so, will
The candidate solution for meeting the aspiration level is updated to the current solution, and retriggered first judgment module, if it is not, then
The best candidate solution that do not avoided is updated to the current solution, and retriggered first judgment module;
Evaluation module, for carrying out credible evaluation to application behavioral chain to be detected by the hidden Markov model.
9. a kind of mobile application behavior dynamic credible assesses device, which is characterized in that including processor and memory, the storage
It is stored with computer program instructions on device, is realized when described program instruction is executed by processor as claim 1 to right is wanted
Mobile application behavior dynamic credible appraisal procedure described in asking any one of 7.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer program instructions on the medium, work as institute
State the mobile application behavior realized as described in any one of claim 1 to claim 7 when program instruction is executed by processor
Dynamic credible appraisal procedure.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811564015.5A CN109657452A (en) | 2018-12-20 | 2018-12-20 | A kind of mobile application behavior dynamic credible appraisal procedure and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811564015.5A CN109657452A (en) | 2018-12-20 | 2018-12-20 | A kind of mobile application behavior dynamic credible appraisal procedure and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109657452A true CN109657452A (en) | 2019-04-19 |
Family
ID=66115982
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811564015.5A Pending CN109657452A (en) | 2018-12-20 | 2018-12-20 | A kind of mobile application behavior dynamic credible appraisal procedure and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109657452A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110071931A (en) * | 2019-04-29 | 2019-07-30 | 广东电网有限责任公司 | Mimicry honey jar evolution method, device, equipment and computer readable storage medium |
CN113268270A (en) * | 2021-06-07 | 2021-08-17 | 中科计算技术西部研究院 | Acceleration method, system and device for paired hidden Markov models |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103617393A (en) * | 2013-11-28 | 2014-03-05 | 北京邮电大学 | Method for mobile internet malicious application software detection based on support vector machines |
CN105528286A (en) * | 2015-09-28 | 2016-04-27 | 北京理工大学 | System call-based software behavior assessment method |
CN106339322A (en) * | 2016-09-13 | 2017-01-18 | 哈尔滨工程大学 | Method for software behavior prediction based on HMM-ACO |
CN107153789A (en) * | 2017-04-24 | 2017-09-12 | 西安电子科技大学 | The method for detecting Android Malware in real time using random forest grader |
-
2018
- 2018-12-20 CN CN201811564015.5A patent/CN109657452A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103617393A (en) * | 2013-11-28 | 2014-03-05 | 北京邮电大学 | Method for mobile internet malicious application software detection based on support vector machines |
CN105528286A (en) * | 2015-09-28 | 2016-04-27 | 北京理工大学 | System call-based software behavior assessment method |
CN106339322A (en) * | 2016-09-13 | 2017-01-18 | 哈尔滨工程大学 | Method for software behavior prediction based on HMM-ACO |
CN107153789A (en) * | 2017-04-24 | 2017-09-12 | 西安电子科技大学 | The method for detecting Android Malware in real time using random forest grader |
Non-Patent Citations (1)
Title |
---|
刘江华 等: "基于一种改进禁忌搜索算法优化离散隐马尔可夫模型", 计算机工程与应用, no. 20, pages 92 - 94 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110071931A (en) * | 2019-04-29 | 2019-07-30 | 广东电网有限责任公司 | Mimicry honey jar evolution method, device, equipment and computer readable storage medium |
CN113268270A (en) * | 2021-06-07 | 2021-08-17 | 中科计算技术西部研究院 | Acceleration method, system and device for paired hidden Markov models |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11074161B2 (en) | Optimized test case selection for quality assurance testing of video games | |
Wang et al. | An imperfect software debugging model considering log-logistic distribution fault content function | |
TW201941058A (en) | Anomaly detection method and device | |
KR20190041912A (en) | System for detecting security vulnerability based on binary, method and program thereof | |
Feyzi et al. | Inforence: effective fault localization based on information-theoretic analysis and statistical causal inference | |
CN109657452A (en) | A kind of mobile application behavior dynamic credible appraisal procedure and device | |
CN109063483B (en) | Vulnerability detection method and system based on path tracking | |
CN106339322A (en) | Method for software behavior prediction based on HMM-ACO | |
Zighed et al. | Comparative analysis of object-oriented software maintainability prediction models | |
EP3416345A1 (en) | Process for estimating a mean time for an attacker to compromise a vulnerability (mtacv) of a computer system | |
CN115514614B (en) | Cloud network anomaly detection model training method based on reinforcement learning and storage medium | |
Hayakawa et al. | A novel approach to address external validity issues in fault prediction using bandit algorithms | |
US20230126258A1 (en) | Machine learning device, method for generating learning models, and program | |
CN111949530B (en) | Test result prediction method and device, computer equipment and storage medium | |
CN114662116A (en) | Service operation vulnerability searching method based on big data and cloud deep learning system | |
CN114840857A (en) | Intelligent contract fuzzy testing method and system based on deep reinforcement learning and multi-level coverage strategy | |
Mirhosseini et al. | A Search-Based Test Data Generation Method for Concurrent Programs | |
CN114238992A (en) | Threat vulnerability mining method based on big information security data and information security system | |
JP2018190130A (en) | Analyzer, analysis method, and analysis program | |
JP2022138758A (en) | Information processing apparatus, information processing method, and program | |
CN108563950B (en) | Android malicious software detection method based on SVM | |
Yang et al. | Methods of sequential test optimization in dynamic environment | |
Liang et al. | Rlf: Directed fuzzing based on deep reinforcement learning | |
CN113094709B (en) | Detection method, device and server for risk application | |
JP2000132535A (en) | Estimation method for optimum combination of parameters, recording medium recording program of the estimation method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |