Research Of Android Malware Detection Method Based On Recurrent Neural Networks

In recent years, smart phones, represented by Android smart terminal greatly enriched and changed people's daily lives. As the dominant mobile operating system, the Android platform, which has all kinds of software,has become a malicious attacker's preferred target. The malware is becoming more and more serious in the Android platform. The increasing number of malware have caused many troubles to the end users,which threaten the users' privacy and security.In order to deal with the increasing threat of malicious software, to meet the future requirements of unknown malware detection, this paper applied the machine learning algorithm to Android malware detection. In this paper, based on the characteristics of static extracted APK decompiled files,a recurrent neural network detection algorithm based on API sequence was proposed. The main contents and achievements of this paper are as follows:(1) The Android system security mechanisms and existing malware detection technology was introduced. On the basis of deeply studying the structure and mechanism of the system, the main detecting technology of malicious software on Android platform was analyzed.(2) Two Android malware detection models was proposed. The Android malware detection method based on random forest utilizes the authority characteristics of APK file and OpCodes N-gram features of disassembly code, and constructs a machine learning model using random forest algorithm to perform malware detection. A recurrent neural network detection method based on sensitive API sequence was designed. Using the API call sequence of the sample as the feature, the recurrent neural network algorithm was used to train the detection model to detect the malware of Android.(3) Two kinds of Android malware detection models were designed and implemented. On the basis of the decompilation of APK, these models used in this paper first extract the features statically and expresses them as matrices, and then builds random forest and recurrent neural network model to detect malware.(4) The performance of the two models was evaluated and the effectiveness of the proposed model was verified. Through the actual test,these two kinds of detection methods designed and implemented in this paper all have good detection effect.In this paper, the random forest and recurrent neural network model was used to distinguish malware from normal software from the perspective of syntax and semantics. Experimental results show that the two methods for the detection of Android malware has a certain value.