In response to the surging challenge in the number and types of mobile malware targeting smart devices and their sophistication in malicious behavior camouflage, we propose to compose a traffic behavior modeling method based on one-dimensional convolutional neural network with autoencoder and independent recurrent neural network (1DCAE-IndRNN) for mobile malware detection. The design solves the problem that most existing approaches for mobile malware traffic detection struggle with capturing the network traffic dynamics and the sequential characteristics of anomalies in the traffic. We reconstruct and apply the one-dimensional convolutional neural network to extract local features from multiple network flows. The autoencoder is applied to digest the principal traffic features from the neural network and is integrated into the independent recurrent neural network construction to highlight the sequential relationship between the highly significant features. In addition, the Softmax function with the LReLU activation function is adjusted and embedded to the neurons of the independent recurrent neural network to effectively alleviate the problem of unstable training. We conduct a series of experiments to evaluate the effectiveness of the proposed method and its performance for the 1DCAE-IndRNN-integrated detection procedure. The detection results of the public Android malware dataset CICAndMal2017 show that the proposed method achieves up to 98% detection accuracy and recall rates with clear advantages over other benchmark methods.

中文翻译：

---

使用带有自动编码器的一维卷积神经网络和用于移动恶意软件检测的独立递归神经网络来校准网络流量

针对针对智能设备的移动恶意软件的数量和类型以及其在恶意行为伪装中的复杂性提出的挑战，我们提出了一种基于一维卷积神经网络，自动编码器和独立递归神经网络的交通行为建模方法（ 1DCAE-IndRNN）用于移动恶意软件检测。该设计解决了以下问题：大多数现有的移动恶意软件流量检测方法都难以捕获网络流量动态和流量异常的顺序特征。我们重建并应用一维卷积神经网络从多个网络流中提取局部特征。自动编码器用于从神经网络中提取主要流量特征，并集成到独立的递归神经网络构造中，以突出显示高度重要的特征之间的顺序关系。除此之外调整具有LReLU激活功能的Softmax函数并将其嵌入独立的递归神经网络的神经元中，以有效缓解训练不稳定的问题。我们进行了一系列实验，以评估该方法的有效性及其在1DCAE-IndRNN集成检测程序中的性能。公开的Android恶意软件数据集CICAndMal2017的检测结果表明，与其他基准方法相比，该方法可实现高达98％的检测准确性和召回率。