Android Malware Detection Based on Power Consumption Analysis
-
摘要: 该文提出一种基于电量分析的恶意软件检测方法。首先获取移动终端的耗电状态并利用Mel频谱倒谱系数(MFCC)构建高斯混合模型(GMM)。然后采用GMM模型对电量消耗状态进行分析,进而通过对应用软件的分类处理识别恶意软件。实验证明应用软件的功能与电量消耗关系密切,表明基于软件的电量消耗信息分析可以较准确地检测出移动终端的恶意应用。Abstract: This paper proposes a malicious software detection method based on power consumption. Firstly, the mobile terminal's power consumption status is obtained, and the Gaussian mixture model (GMM) is built by using Mel frequency cepstral coefficients (MFCC). Then the GMM is used to analyze power consumption, and then identify malicious applications through the application software classification processing. Experiments show that an application software function and its power consumption have a close relationship, and some malicious applications in mobile terminals can be detected accurately through analyzing software power consumption information.
-
-
表 1 特征提取算法的基本参数
参数 值 预加重 1-0.95z-1 采样率/kHz 8 量化/bit 8 加窗 海明窗 帧长 256 帧移 128 特征向量 32维MFCC GMM 12 表 2 软件检测结果
类别 结果 游戏 浏览器 音乐播放 恶意软件 游戏 78 9 3 10 浏览器 12 72 7 9 音乐播放 16 11 65 8 恶意软件 3 7 11 79 表 3 检测率统计
类别 统计 恶意检查率/% 良性检测率/% 正确率/% 游戏 10 90 78 浏览器 9 91 72 音乐播放 8 92 65 恶意软件 79 21 79 -
[1] F-Secure Labs. Mobile threat report Q12014[R]. Helsinki, Finland:F-Secure Corporation, 2014.
[2] 吕晓庆. Android软件动态行为监测系统的设计和实现[D].北京:北京邮电大学, 2013. LV Xiao-qing. Design and implementation of malware detecting system based on android platform[D]. Beijing:Beijing University of Posts and Telecommunications, 2013.
[3] HOFFMA J, NEUMANN S, HOLZ T. Mobile malware detection based on energy fingerprints-a dead end[C]//Lecture Notes in Computer Science.[S.l.]:Springer, 2013, 8145:348-368.
[4] ZHANG L, TIWANA B, QIAN Z, et al. Accurate online power estimation and automatic battery behavior based power model generation for smartphones[C]//Proceedings of the IEEE IHardware/Software Codesign and System Synthesis. New Jersey, USA:IEEE, 2010:105-114.
[5] CURTI M, MERLO A, MIGLIARDI M, et al. Towards energy-aware intrusion detection systems on mobile devices[C]//Proceedings of the 2013 International Conference on High Performance Computing and Simulation. New Jersey, USA:IEEE, 2013:289-296.
[6] JACOBY G, MARCHANY R, DAVIS N. Battery-based intrusion detection a first line of defense[C]//Proceedings of the 5th Annual IEEE SMC on Information Assurance Workshop. New Jersey, USA:IEEE, 2004:272-279.
[7] BUENNEMEYER T, NELSON T, CLAGETT L, et al. Mobile device profiling and intrusion detection using smart batteries[C]//Proceedings of the 41st Annual International Conference on System Sciences. New Jersey, USA:IEEE, 2008:296.
[8] KIM H, SMITH J, SHIN K. G. Detecting energy-greedy anomalies and mobile malware variants[C]//Proceeding of the 6th International Conference On Mobile Systems, Applications and Services. New York:ACM, 2008:239-252.
[9] REYNOLDS D, QUATIERI T, DUNN R. Speaker verification using adapted gaussian mixture models[J]. Digital Signal Processing, 2010, 10(1-3):19-41 http://www.docin.com/p-324332391.html
[10] KUMAR S G, PRASAD R K, RAO M, et al. Speaker recognition using GMM[J]. International Journal of Engineering Science and Technology, 2010, 2(6):2428-2436. https://www.researchgate.net/publication/50282047_SPEAKER_RECOGNITION_USING_GMM
[11] CHRISTLEIG V, BERNECKER D, HONIG F, et al. Writer identification and verification using GMM supervectors[C]//Proceedings of Winter Conference on Applications of Computer Vision. New Jersey, USA:IEEE, 2014:998-1005.
[12] JU Z, WANG Y, ZENG W, et al. A modified EM algorithm for hand gesture segmentation in RGB-D data[C]//Proceedings of the 2014 International Conference on Fuzzy Systems. New Jersey, USA:IEEE, 2014:1736-1742.
-
期刊类型引用(1)
1. 蒋厚明,胡牧,曹海涛. 基于硬件运行时间的Android应用非线性能耗模型. 计算机与现代化. 2017(10): 116-120 . 百度学术
其他类型引用(1)