【摘要】 针对传统Android恶意程序检测方法无法解决的伪装及实时检测问题，提出了一种基于异构信息网络的Android恶意程序检测方法。将Android实体及关系建模为异构信息网络中的节点和边，设计了元结构注意力网络表示学习模型和增量学习模型。首先使用元结构注意力网络表示学习模型进行训练集节点嵌入，将节点嵌入及标签输入到深度神经网络中进行训练，再采用增量表示学习模型学习测试集节点嵌入，使用top-k算法寻找邻居节点进行聚合，将待检测节点输入到训练好的深度神经网络中进行检测。实验结果表明，该方法F 1值为97.5%，准确率为96.7%，平均检测时间3.7 ms。与现有方法相比，F 1值和准确率更高，平均检测时间更短，表明该方法能够有效应对Android恶意程序伪装，可以用于实时Android恶意程序检测。更多还原

【Abstract】 To address the problems of camouflage and real-time detection of the traditional Android malware detection methods, a new Android malware detection method based on heterogeneous information networks is proposed. By modeling the Android entities and relationships nodes and edges, respectively, in a heterogeneous information network, two network representation learning models are designed, including the meta-structure attention network representation learning and the incremental learning models. First, the meta-structure attention network representation learning model is used for intra-sample node embedding, and the embedded nodes and labels are input to a deep neural network for training. Then, the incremental learning model is used for learning the extra-sample node embeddings. The top-k algorithm is used to aggregate neighboring nodes within the heterogeneous information network, and the embedded node to be detected is input to the trained deep neural network for detection. Experimental results show that the F1 value of the proposed method is 97.5%, the accuracy rate is 96.7%, and the average detection time is 3.7 ms, which are better than the existing methods, demonstrating the effectiveness of the proposed method for dealing with Android malware camouflage and for real-time Android malware detection.更多还原