基于耗电分析的Android平台恶意软件检测

杨宏宇, 唐瑞文

杨宏宇, 唐瑞文. 基于耗电分析的Android平台恶意软件检测[J]. 电子科技大学学报, 2016, 45(6): 981-985. DOI: 10.3969/j.issn.1001-0548.2016.06.018
引用本文: 杨宏宇, 唐瑞文. 基于耗电分析的Android平台恶意软件检测[J]. 电子科技大学学报, 2016, 45(6): 981-985. DOI: 10.3969/j.issn.1001-0548.2016.06.018
YANG Hong-yu, TANG Rui-wen. Android Malware Detection Based on Power Consumption Analysis[J]. Journal of University of Electronic Science and Technology of China, 2016, 45(6): 981-985. DOI: 10.3969/j.issn.1001-0548.2016.06.018
Citation: YANG Hong-yu, TANG Rui-wen. Android Malware Detection Based on Power Consumption Analysis[J]. Journal of University of Electronic Science and Technology of China, 2016, 45(6): 981-985. DOI: 10.3969/j.issn.1001-0548.2016.06.018

基于耗电分析的Android平台恶意软件检测

基金项目: 

国家自然科学基金 60776807

国家自然科学基金 61179045

国家科技重大专项基金 2012ZX03002002

中国民航科技基金 MHRD201009

中国民航科技基金 MHRD201205

中央高校基本科研业务费专项 3122014D033

详细信息
    作者简介:

    杨宏宇(1969-), 男, 博士, 教授, 主要从事网络与信息安全方面的研究

  • 中图分类号: TP393

Android Malware Detection Based on Power Consumption Analysis

  • 摘要: 该文提出一种基于电量分析的恶意软件检测方法。首先获取移动终端的耗电状态并利用Mel频谱倒谱系数(MFCC)构建高斯混合模型(GMM)。然后采用GMM模型对电量消耗状态进行分析,进而通过对应用软件的分类处理识别恶意软件。实验证明应用软件的功能与电量消耗关系密切,表明基于软件的电量消耗信息分析可以较准确地检测出移动终端的恶意应用。
    Abstract: This paper proposes a malicious software detection method based on power consumption. Firstly, the mobile terminal's power consumption status is obtained, and the Gaussian mixture model (GMM) is built by using Mel frequency cepstral coefficients (MFCC). Then the GMM is used to analyze power consumption, and then identify malicious applications through the application software classification processing. Experiments show that an application software function and its power consumption have a close relationship, and some malicious applications in mobile terminals can be detected accurately through analyzing software power consumption information.
  • 图  1   恶意软件检测模型结构

    图  2   应用软件的电量消耗时序图

    图  3   MFCC计算流程

    图  4   iReader电池电量消耗MFCC特征分布

    图  5   ireader电池电量消耗GMM模型

    表  1   特征提取算法的基本参数

    参数
    预加重 1-0.95z-1
    采样率/kHz 8
    量化/bit 8
    加窗 海明窗
    帧长 256
    帧移 128
    特征向量 32维MFCC
    GMM 12
    下载: 导出CSV

    表  2   软件检测结果

    类别 结果
    游戏 浏览器 音乐播放 恶意软件
    游戏 78 9 3 10
    浏览器 12 72 7 9
    音乐播放 16 11 65 8
    恶意软件 3 7 11 79
    下载: 导出CSV

    表  3   检测率统计

    类别 统计
    恶意检查率/% 良性检测率/% 正确率/%
    游戏 10 90 78
    浏览器 9 91 72
    音乐播放 8 92 65
    恶意软件 79 21 79
    下载: 导出CSV
  • [1]

    F-Secure Labs. Mobile threat report Q12014[R]. Helsinki, Finland:F-Secure Corporation, 2014.

    [2] 吕晓庆. Android软件动态行为监测系统的设计和实现[D].北京:北京邮电大学, 2013.

    LV Xiao-qing. Design and implementation of malware detecting system based on android platform[D]. Beijing:Beijing University of Posts and Telecommunications, 2013.

    [3]

    HOFFMA J, NEUMANN S, HOLZ T. Mobile malware detection based on energy fingerprints-a dead end[C]//Lecture Notes in Computer Science.[S.l.]:Springer, 2013, 8145:348-368.

    [4]

    ZHANG L, TIWANA B, QIAN Z, et al. Accurate online power estimation and automatic battery behavior based power model generation for smartphones[C]//Proceedings of the IEEE IHardware/Software Codesign and System Synthesis. New Jersey, USA:IEEE, 2010:105-114.

    [5]

    CURTI M, MERLO A, MIGLIARDI M, et al. Towards energy-aware intrusion detection systems on mobile devices[C]//Proceedings of the 2013 International Conference on High Performance Computing and Simulation. New Jersey, USA:IEEE, 2013:289-296.

    [6]

    JACOBY G, MARCHANY R, DAVIS N. Battery-based intrusion detection a first line of defense[C]//Proceedings of the 5th Annual IEEE SMC on Information Assurance Workshop. New Jersey, USA:IEEE, 2004:272-279.

    [7]

    BUENNEMEYER T, NELSON T, CLAGETT L, et al. Mobile device profiling and intrusion detection using smart batteries[C]//Proceedings of the 41st Annual International Conference on System Sciences. New Jersey, USA:IEEE, 2008:296.

    [8]

    KIM H, SMITH J, SHIN K. G. Detecting energy-greedy anomalies and mobile malware variants[C]//Proceeding of the 6th International Conference On Mobile Systems, Applications and Services. New York:ACM, 2008:239-252.

    [9]

    REYNOLDS D, QUATIERI T, DUNN R. Speaker verification using adapted gaussian mixture models[J]. Digital Signal Processing, 2010, 10(1-3):19-41 http://www.docin.com/p-324332391.html

    [10]

    KUMAR S G, PRASAD R K, RAO M, et al. Speaker recognition using GMM[J]. International Journal of Engineering Science and Technology, 2010, 2(6):2428-2436. https://www.researchgate.net/publication/50282047_SPEAKER_RECOGNITION_USING_GMM

    [11]

    CHRISTLEIG V, BERNECKER D, HONIG F, et al. Writer identification and verification using GMM supervectors[C]//Proceedings of Winter Conference on Applications of Computer Vision. New Jersey, USA:IEEE, 2014:998-1005.

    [12]

    JU Z, WANG Y, ZENG W, et al. A modified EM algorithm for hand gesture segmentation in RGB-D data[C]//Proceedings of the 2014 International Conference on Fuzzy Systems. New Jersey, USA:IEEE, 2014:1736-1742.

  • 期刊类型引用(1)

    1. 蒋厚明,胡牧,曹海涛. 基于硬件运行时间的Android应用非线性能耗模型. 计算机与现代化. 2017(10): 116-120 . 百度学术

    其他类型引用(1)

图(5)  /  表(3)
计量
  • 文章访问数:  5791
  • HTML全文浏览量:  2034
  • PDF下载量:  148
  • 被引次数: 2
出版历程
  • 收稿日期:  2015-06-07
  • 修回日期:  2016-02-21
  • 刊出日期:  2016-10-31

目录

    /

    返回文章
    返回