Android Malware Detection Based On Feature Vector And Contrastive Learning

With the development of mobile Internet,mobile malware,repreasented by android malware,has become a serious threaten.Since the appearance of android malware was relatively new,and the operation of android system had much differences from desktops,much protective solution aimed at traditional binary malware cannot perform well.Based on the reasons listed above,many researchers proposed detection methods of android malware based on machine learning,which got ideal performance with tests.However,losts of the methods are based on supervised learning,which need the manual labeling for feature extraction and learning;and such approachs have no essential differences from traditional detection solutions based on signature detection.Moreover,when there are new types of malware or existing malware variants,these methods still need manual labeling for learning new features,which means the involvement of human and computation resources is necessary.Considering the tendency that new malware appeared rapidly,some new solutions need to be developed.Self-supervised learning is a special form of unsupervised learning,which learns features by constructing "labels" with datasets themselves,avoiding the consumption of resources to label manually.Contrastive learning is one method of self-supervised learning,which realize the target of unsupervised classification by increasing the simlarity among the samples within the same catogary,as well as decreasing the simlarity aomont the samples from different classes.Due to the advantage of self-supervised learning that avoids manual labeling and its potential to surpass supervised learning,it is widely concerned as a new research field.Based on the information above,in this paper,a new method of android malware detection based on generalized feature vectors and contrastive learning is proposed.The solution constructed generalized feature vectors with autoencoders,and built intention vectors as feature based on the similarites among behavior sets.Moreover,the method realize the target of malware detection with the contrastive learning based on dictionary learning.The method was validated with three public datasets in different-level detection experiments,which included general malware detection,malicious type detection,and malicious family detection.The experimental results proved the feasibility of the method,and the model had effective performance in general malware and malicious type detection,which could approximate the performance of supervised learning methods.