Research On Key Technologies Of Harmful Mobile Application Detection

With the rapid development and widespread popularization of mobile Internet,while bringing convenience to people’s production and lives,the endless emergence of harmful mobile applications has also caused great disturbance to people.Harmful mobile applications include mobile applications with harmful behavior and harmful content:mobile applications with harmful behavior(also known as malware)may lead to users’ personal data leakage,financial loss,and personal privacy infringement through malicious behaviors such as information theft,identity theft,phishing attacks,and malware propagation,etc.Harmful mobile applications with harmful content display sensitive and harmful content such as politics,pornography,violence,and gambling,to spread harmful topics and illegal information.They may cause great disturbances to users.Therefore,it is of great practical significance and urgency to study the detection technology of harmful mobile applications and analyze the behavioral and content security problems of mobile applications to ensure the security and stability of the mobile application ecosystem.Currently,harmful mobile application detection is facing a series of challenges in behavior detection and content detection.In terms of behavior detection,there are issues with insufficient specific data and model evaluation:Machine learning algorithms often rely on training on large-scale data.Few-shot malware families are difficult to accurately detect due to their insufficient data.Existing malware detection methods often have poor detection performance on few-shot malware families.Most existing malware detection studies have reported high malware detection results.However,due to the inconsistent and highly variable construction standards of malware datasets,the detection performance of malware detection methods on other datasets may be poor,resulting in inaccuracies in the evaluation and comparison of malware detection methods.In terms of content detection,there are problems with algorithm features and model selection.Mobile applications,as the carrier of information,bring a large amount of sensitive and harmful content,which is widely spread.Compared to other platforms such as email and online platforms,mobile applications face specific types of social interaction information and other characteristics.Existing methods for detecting sensitive and harmful content have a high dependence on the frequency of keywords and sensitive words appearing simultaneously,and generally define sensitive information manually,which has significant uncertainty.In response to the above issues,this dissertation conducts research on key technologies for harmful mobile application detection.The main content and innovation points of this dissertation are as follows:(1)Proposing a few-shot malware family detection method based on cross-family knowledge transferring.This method aims at the problem of poor detection performance of few-shot malware families due to the lack of training data.It utilizes the knowledge transferring ability between malware families to improve the detection performance of few-shot malware families.This method first proposes support scores to measure the knowledge transferring ability between different malware families and demonstrates that knowledge transferring between different malware families is feasible.Then,it develops a strategy based on the knowledge transferring ability between malware families to enhance the detection performance of few-shot malware families.The experimental results show that the proposed method can significantly improve the detection performance of few-shot mobile malware with an average accuracy of 97.43%.Experimental results on the relationship between knowledge transferring ability and behavioral characteristics also showed that the knowledge transferring ability and the behavioral characteristics of different malware families are strongly correlated.Knowledge transferring ability between malware families with the same behavioral characteristics is better than other malware families without the same behavioral characteristics.(2)Proposing a dataset construction method for a harmful mobile application dataset based on dataset evaluation.In response to the issue of inconsistent construction of malware datasets and the variability of datasets in malware detection,the differences between existing publicly available malware datasets are analyzed and summarized.It proposes seven factors to assess the quality and applicability of the datasets.The experimental results validate the assessment indicators and the assessment analysis of common public datasets,which further support and validate the effectiveness and applicability of the proposed dataset assessment method.Based on the proposed dataset assessment method,a harmful mobile application dataset construction method is proposed.The method samples data with constraints from multiple datasets and optimizes its results obtained from dataset evaluation to construct a new dataset.The newly constructed dataset has 18,385 samples,containing 194 malware families,with an evaluation score of 0.83,higher than the current common public harmful mobile application datasets.The experimental results show that the machine learning models trained on the newly constructed dataset perform better with an average accuracy of 97%.(3)Proposing a sensitive and malicious content detection model for APP based on CNN and BiLSTM.This model aims at the problem of widespread dissemination of sensitive and harmful content in mobile applications.It extracts multimedia information and software information from mobile applications to obtain mobile application content data.And then uses the convolutional neural network to extract the semantic features of the text content as local features and the bidirectional long short-term memory network to extract the semantic relatedness between the contexts as the global features.Finally fusing the two features for the detection of sensitive and malicious content in mobile applications.Experimental results demonstrate that the proposed model outperforms the baseline model,achieving an accuracy of 93.20%.The results of the ablation experiments show that simultaneous extraction of local and global features can improve the performance of sensitive and malicious content detection in mobile applications.