基于电量消耗的Android平台恶意软件检测

doi:10.16511/j.cnki.qhdxxb.2017.21.009

摘要
图/表
参考文献
相关文章
Metrics

全文: PDF(1417 KB)
输出: BibTeX | EndNote (RIS)

摘要根据Android应用在运行期的耗电时序波形与声波信号类似的特点，该文提出了一种基于Mel频谱倒谱系数（Mel frequency cepstral coefficients，MFCC）的恶意软件检测算法。首先计算耗电时序波形的MFCC，根据MFCC的分布构建Gauss混合模型（Gaussian mixture model，GMM）。然后采用GMM对电量消耗进行分析，通过对应用软件的分类处理识别恶意软件。实验证明：应用软件的功能与电量消耗关系密切，并且基于软件的电量消耗信息分析可以较准确地对移动终端的恶意软件进行检测。

	服务

	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	RSS

	作者相关文章
	杨宏宇
	唐瑞文

关键词 ：移动终端, 电量消耗, Mel频谱倒谱系数, Gauss混合模型

Abstract：The power consumption sequential waveform of an Android application while running is similar to the acoustic signal. This paper presents a malware detection algorithm based on the Mel frequency cepstral coefficients (MFCC). The algorithm calculates the MFCC of the power consumption sequential waveform and constructs a Gaussian mixture model (GMM) from the MFCC distribution. Then, the GMM is used to analyze power consumption to identify malicious software through the application classification process. Tests show that the application software functionality and power consumption are closely related and that the software-based power consumption information analysis can accurately detect mobile terminal malware.

Key words： mobile terminal power consumption Mel frequency cepstral coefficients Gaussian mixture model

收稿日期: 2016-01-24 出版日期: 2017-01-15

ZTFLH:

TP309.1

引用本文:

杨宏宇, 唐瑞文. 基于电量消耗的Android平台恶意软件检测[J]. 清华大学学报（自然科学版）, 2017, 57(1): 44-49.
YANG Hongyu, TANG Ruiwen. Android malware detection based on the system power consumption. Journal of Tsinghua University(Science and Technology), 2017, 57(1): 44-49.

链接本文:

http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2017.21.009 或 http://jst.tsinghuajournals.com/CN/Y2017/V57/I1/44

图1 应用软件的电池电量消耗时序图

图2 恶意软件检测模型结构

图3 MFCC计算流程

图4 iReader电池电量消耗MFCC特征分布

图5 iReader电池电量消耗GMM 模型

表1 典型应用的检测结果

表2 检测率统计

表3 不同GMM阶数下的检测结果

[6]	Jacoby G, Marchany R, Davis N. Battery-based intrusion detection a first line of defense[C]//Proceedings of the Fifth Annual IEEE SMC on Information Assurance Workshop. Piscataway, NJ, USA:IEEE Press, 2004:272-279.<br />
[1]	F-Secure Labs. Mobile threat report Q12014[R]. Helsinki, Finland:F-Secure Corporation, 2014.
[7]	Buennemeyer T, Nelson T, Clagett L, et al. Mobile device profiling and intrusion detection using smart batteries[C]//Proceedings of the 41st Annual International Conference on System Sciences. Piscataway, NJ, USA:IEEE Press, 2008:296-305.<br />
[2]	Zheng M, Sun M, Lui C. DroidTrace:A ptrace based Android dynamic analysis system with forward ution capability[C]//Proceedings of 2014 International Wireless Communications and Mobile Computing Conference. Piscataway, NJ, USA:IEEE Press, 2014:128-133.
[3]	Enck W, Gilbert P, et al. TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems, 2014, 32(2):393-407.
[8]	Kim H, Smith J, Shin K. Detecting energy-greedy anomalies and mobile malware variants[C]//Proceeding of the 6th International Conference on Mobile Systems, Applications and Services. New York, NY, USA:ACM Press, 2008:239-252.<br />
[9]	Reynolds D, Quatieri T, Dunn R. Speaker verification using adapted gaussian mixture models[J]. Digital Signal Processing, 2010, 10(1-3):19-41<br />
[4]	Zhang L, Tiwana B, Qian Z, et al. Accurate online power estimation and automatic battery behavior based power model generation for smartphones[C]//International Conference on Hardware/Software Codesign and System Synthesis. Piscataway, NJ, USA:IEEE Press, 2010:105-114.
[10]	Kumars G, Raju K, Cpvnj D, et al. Speaker recognition using GMM[J]. International Journal of Engineering Science and Technology, 2010, 2(6):2428-2436<br />
[5]	Curti M, Merlo A, Migliardi M, et al. Towards energy-aware intrusion detection systems on mobile devices[C]//Proceedings of the 2013 International Conference on High Performance Computing and Simulation. Piscataway, NJ, USA:IEEE Press, 2013:289-296.
[11]	Christleig V, Bernecker D, Honig F, et al. Writer identification and verification using GMM supervectors[C]//Proceedings of Winter Conference on Applications of Computer Vision. Piscataway, NJ, USA:IEEE Press, 2014:998-1005<br />
[6]	Jacoby G, Marchany R, Davis N. Battery-based intrusion detection a first line of defense[C]//Proceedings of the Fifth Annual IEEE SMC on Information Assurance Workshop. Piscataway, NJ, USA:IEEE Press, 2004:272-279.
[12]	JU Zhaojie, WANG Yuehui, ZENG Wei, et al. A modified EM algorithm for hand gesture segmentation in RGB-D data[C]//Proceedings of the 2014 International Conference on Fuzzy Systems. Piscataway, NJ, USA:IEEE Press, 2014:1736-1742.
[7]	Buennemeyer T, Nelson T, Clagett L, et al. Mobile device profiling and intrusion detection using smart batteries[C]//Proceedings of the 41st Annual International Conference on System Sciences. Piscataway, NJ, USA:IEEE Press, 2008:296-305.
[8]	Kim H, Smith J, Shin K. Detecting energy-greedy anomalies and mobile malware variants[C]//Proceeding of the 6th International Conference on Mobile Systems, Applications and Services. New York, NY, USA:ACM Press, 2008:239-252.
[9]	Reynolds D, Quatieri T, Dunn R. Speaker verification using adapted gaussian mixture models[J]. Digital Signal Processing, 2010, 10(1-3):19-41
[10]	Kumars G, Raju K, Cpvnj D, et al. Speaker recognition using GMM[J]. International Journal of Engineering Science and Technology, 2010, 2(6):2428-2436
[11]	Christleig V, Bernecker D, Honig F, et al. Writer identification and verification using GMM supervectors[C]//Proceedings of Winter Conference on Applications of Computer Vision. Piscataway, NJ, USA:IEEE Press, 2014:998-1005
[12]	JU Zhaojie, WANG Yuehui, ZENG Wei, et al. A modified EM algorithm for hand gesture segmentation in RGB-D data[C]//Proceedings of the 2014 International Conference on Fuzzy Systems. Piscataway, NJ, USA:IEEE Press, 2014:1736-1742.

[1]	谢海明, 林成涛, 刘涛, 田光宇, 黄勇. 增程式城市客车能量的分段跟踪优化方法[J]. 清华大学学报（自然科学版）, 2017, 57(5): 476-482.
[2]	肖熙, 王竞千. 基于网格的语音关键词检索算法改进[J]. 清华大学学报（自然科学版）, 2015, 55(5): 508-513.

Viewed

Full text

Abstract

Cited

Shared

Discussed