基于电量消耗的Android平台恶意软件检测

删除或更新信息，请邮件至freekaoyan#163.com(#换成@)

清华大学辅仁网/2017-07-07

杨宏宇, 唐瑞文

中国民航大学计算机科学与技术学院, 天津 300300

Android malware detection based on the system power consumption

YANG Hongyu, TANG Ruiwen

School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China

摘要:

输出: BibTeX | EndNote (RIS)

摘要根据Android应用在运行期的耗电时序波形与声波信号类似的特点，该文提出了一种基于Mel频谱倒谱系数（Mel frequency cepstral coefficients，MFCC）的恶意软件检测算法。首先计算耗电时序波形的MFCC，根据MFCC的分布构建Gauss混合模型（Gaussian mixture model，GMM）。然后采用GMM对电量消耗进行分析，通过对应用软件的分类处理识别恶意软件。实验证明：应用软件的功能与电量消耗关系密切，并且基于软件的电量消耗信息分析可以较准确地对移动终端的恶意软件进行检测。

关键词 ：移动终端,电量消耗,Mel频谱倒谱系数,Gauss混合模型

Abstract：The power consumption sequential waveform of an Android application while running is similar to the acoustic signal. This paper presents a malware detection algorithm based on the Mel frequency cepstral coefficients (MFCC). The algorithm calculates the MFCC of the power consumption sequential waveform and constructs a Gaussian mixture model (GMM) from the MFCC distribution. Then, the GMM is used to analyze power consumption to identify malicious software through the application classification process. Tests show that the application software functionality and power consumption are closely related and that the software-based power consumption information analysis can accurately detect mobile terminal malware.

Key words：mobile terminal power consumption Mel frequency cepstral coefficients Gaussian mixture model

收稿日期: 2016-01-24 出版日期: 2017-01-20

ZTFLH:

TP309.1

引用本文:

杨宏宇, 唐瑞文. 基于电量消耗的Android平台恶意软件检测[J]. 清华大学学报（自然科学版）, 2017, 57(1): 44-49.
YANG Hongyu, TANG Ruiwen. Android malware detection based on the system power consumption. Journal of Tsinghua University(Science and Technology), 2017, 57(1): 44-49.

链接本文:

http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2017.21.009或 http://jst.tsinghuajournals.com/CN/Y2017/V57/I1/44

图表:

图1 应用软件的电池电量消耗时序图

图2 恶意软件检测模型结构

图3 MFCC计算流程

图4 iReader电池电量消耗MFCC特征分布

图5 iReader电池电量消耗GMM 模型

表1 典型应用的检测结果

表2 检测率统计

表3 不同GMM阶数下的检测结果

参考文献:

[6]	Jacoby G, Marchany R, Davis N. Battery-based intrusion detection a first line of defense[C]//Proceedings of the Fifth Annual IEEE SMC on Information Assurance Workshop. Piscataway, NJ, USA:IEEE Press, 2004:272-279.<br />
[1]	F-Secure Labs. Mobile threat report Q12014[R]. Helsinki, Finland:F-Secure Corporation, 2014.
[7]	Buennemeyer T, Nelson T, Clagett L, et al. Mobile device profiling and intrusion detection using smart batteries[C]//Proceedings of the 41st Annual International Conference on System Sciences. Piscataway, NJ, USA:IEEE Press, 2008:296-305.<br />
[2]	Zheng M, Sun M, Lui C. DroidTrace:A ptrace based Android dynamic analysis system with forward ution capability[C]//Proceedings of 2014 International Wireless Communications and Mobile Computing Conference. Piscataway, NJ, USA:IEEE Press, 2014:128-133.
[3]	Enck W, Gilbert P, et al. TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems, 2014, 32(2):393-407.
[8]	Kim H, Smith J, Shin K. Detecting energy-greedy anomalies and mobile malware variants[C]//Proceeding of the 6th International Conference on Mobile Systems, Applications and Services. New York, NY, USA:ACM Press, 2008:239-252.<br />
[9]	Reynolds D, Quatieri T, Dunn R. Speaker verification using adapted gaussian mixture models[J]. Digital Signal Processing, 2010, 10(1-3):19-41<br />
[4]	Zhang L, Tiwana B, Qian Z, et al. Accurate online power estimation and automatic battery behavior based power model generation for smartphones[C]//International Conference on Hardware/Software Codesign and System Synthesis. Piscataway, NJ, USA:IEEE Press, 2010:105-114.
[10]	Kumars G, Raju K, Cpvnj D, et al. Speaker recognition using GMM[J]. International Journal of Engineering Science and Technology, 2010, 2(6):2428-2436<br />
[5]	Curti M, Merlo A, Migliardi M, et al. Towards energy-aware intrusion detection systems on mobile devices[C]//Proceedings of the 2013 International Conference on High Performance Computing and Simulation. Piscataway, NJ, USA:IEEE Press, 2013:289-296.
[11]	Christleig V, Bernecker D, Honig F, et al. Writer identification and verification using GMM supervectors[C]//Proceedings of Winter Conference on Applications of Computer Vision. Piscataway, NJ, USA:IEEE Press, 2014:998-1005<br />
[6]	Jacoby G, Marchany R, Davis N. Battery-based intrusion detection a first line of defense[C]//Proceedings of the Fifth Annual IEEE SMC on Information Assurance Workshop. Piscataway, NJ, USA:IEEE Press, 2004:272-279.
[12]	JU Zhaojie, WANG Yuehui, ZENG Wei, et al. A modified EM algorithm for hand gesture segmentation in RGB-D data[C]//Proceedings of the 2014 International Conference on Fuzzy Systems. Piscataway, NJ, USA:IEEE Press, 2014:1736-1742.
[7]	Buennemeyer T, Nelson T, Clagett L, et al. Mobile device profiling and intrusion detection using smart batteries[C]//Proceedings of the 41st Annual International Conference on System Sciences. Piscataway, NJ, USA:IEEE Press, 2008:296-305.
[8]	Kim H, Smith J, Shin K. Detecting energy-greedy anomalies and mobile malware variants[C]//Proceeding of the 6th International Conference on Mobile Systems, Applications and Services. New York, NY, USA:ACM Press, 2008:239-252.
[9]	Reynolds D, Quatieri T, Dunn R. Speaker verification using adapted gaussian mixture models[J]. Digital Signal Processing, 2010, 10(1-3):19-41
[10]	Kumars G, Raju K, Cpvnj D, et al. Speaker recognition using GMM[J]. International Journal of Engineering Science and Technology, 2010, 2(6):2428-2436
[11]	Christleig V, Bernecker D, Honig F, et al. Writer identification and verification using GMM supervectors[C]//Proceedings of Winter Conference on Applications of Computer Vision. Piscataway, NJ, USA:IEEE Press, 2014:998-1005
[12]	JU Zhaojie, WANG Yuehui, ZENG Wei, et al. A modified EM algorithm for hand gesture segmentation in RGB-D data[C]//Proceedings of the 2014 International Conference on Fuzzy Systems. Piscataway, NJ, USA:IEEE Press, 2014:1736-1742.

[1]	肖熙, 王竞千. 基于网格的语音关键词检索算法改进[J]. 清华大学学报（自然科学版）, 2015, 55(5): 508-513.