| 融合MAML和CBAM的安卓恶意应用家族分类模型 |
| |
| 引用本文: | 苏庆,林佳锐,黄海滨,黄剑锋.融合MAML和CBAM的安卓恶意应用家族分类模型[J].计算机工程与应用,2023,59(2):271-279. |
| |
| 作者姓名: | 苏庆 林佳锐 黄海滨 黄剑锋 |
| |
| 作者单位: | 广东工业大学 计算机学院,广州 510006 |
| |
| 基金项目: | 国家自然科学基金(618002072);;广东省自然科学基金(2018A030313389);;教育部产学合作协同育人项目(202002182022); |
| |
| 摘 要: | 为满足对新兴安卓恶意应用家族的快速检测需求,提出一种融合MAML(model-agnostic meta-learning)和CBAM(convolutional block attention module)的安卓恶意应用家族分类模型MAML-CAS。将安卓恶意应用样本集中的DEX文件可视化为灰度图,并构建任务集;融合混合域注意力机制CBAM,设计两个具有同等结构的卷积神经网络,分别作为基学习器和元学习器,这两个学习器在自动提取任务集中样本特征的同时,可从通道和空间两个维度来增强关键特征表达;利用元学习方法 MAML对两个学习器进行训练,其中基学习器完成特定恶意家族分类任务的属性学习,元学习器则学习不同任务的共性;在两个学习器训练完成后,MAML-CAS将获得初始化参数,在面对新的安卓恶意应用家族分类任务时,不需要重新训练,只需要少量样本就可以快速迭代;利用训练完成的基学习器提取安卓恶意应用家族特征,并利用SVM进行恶意家族分类。实验结果表明,MAML-CAS模型对新兴小样本安卓恶意应用家族具有良好的检测效果,检测速度较快,并具有较好的稳定性。
|
| 关 键 词: | 安卓恶意应用家族分类 MAML CBAM 卷积神经网络 支持向量机 |
Android Malicious Application Family Classification Model Incorporating MAML and CBAM |
| |
| SU Qing,LIN Jiarui,HUANG Haibin,HUANG Jianfeng.Android Malicious Application Family Classification Model Incorporating MAML and CBAM[J].Computer Engineering and Applications,2023,59(2):271-279. |
| |
| Authors: | SU Qing LIN Jiarui HUANG Haibin HUANG Jianfeng |
| |
| Affiliation: | School of Computers, Guangdong University of Technology, Guangzhou 510006, China |
| |
| Abstract: | To meet the demand for fast detection of emerging Android malicious application families, it proposes a classification model MAML-CAS that fuses MAML(model-agnostic meta-learning) and CBAM(convolutional block attention module) for Android malicious application families. The DEX files in the sample set of Android malicious apps are visualized as grayscale maps and a task set is constructed; then two convolutional neural networks with equal structure are designed as the base learner and meta-learner respectively by fusing CBAM, which can enhance the key feature representation in both channel and space dimensions while automatically extracting the sample features in the task set; then the meta-learning method is used to MAML is used to train the two learners, where the base learner learns the attributes of a specific malicious family classification task and the meta-learner learns the commonalities of different tasks; after the training of the two learners is completed, MAML-CAS will obtain the initialization parameters, and when faced with a new Android malicious app family classification task, no retraining is required, and only a small number of samples are needed for fast iteration; finally, using the trained base learner is finally used to extract Android malicious app family features and perform malicious family classification using SVM. The experimental results show that the MAML-CAS model has good detection effect on emerging small-sample Android malicious application families, with faster detection speed and better stability. |
| |
| Keywords: | Android malicious application family classification model-agnostic meta-learning convolutional block attention module convolutional neural network support vector machine |
|
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
