Deep Learning-Based Malware Detection For Android Applications

In this era of rapid development of the mobile Internet,the Android system has occupied almost the market of most mobile smart terminal operating systems with its high open source.Hackers have been driven by enormous economic interest to develop a large number of Android-based malicious software,which has caused a serious threat to the privacy of individual mobile users and the security of private property.In the face of a large number of Android malware threats,traditional Android malware detection methods have certain limitations,especially for the detection accuracy of malicious software after code obfuscation and mutation is very low.Therefore,there is an urgent need to develop accurate detection rates.High,faster Android malware detection method.This thesis focuses on the Android malware detection technology based on deep learning.The main work is as follows:(1)This thesis first introduces the Android architecture,the four major components of the application,Dalvik virtual machine and ART(Android Run Time),APK file,and its security mechanisms.Focus on kernel security,operating environment security,and application framework security.Then,through the collection of a large number of Android malware programs,this thesis analyzes and summarizes the sources of almost all security threats and Android malware types under the Android platform.Finally,it analyzes the existing Android malware detection technology and its advantages and disadvantages in detail.It mainly includes the virus software detection technology based on static features and dynamic features,as well as the very popular detection technology based on machine learning.(2)Through the introduction of relevant background theory,aiming at the problems of low detection accuracy of unknown malware,slow detection speed and weak versatility of cross-platform detection,this thesis proposes a novel malware detection method based on deep learning,which firstly converts malware into a grayscale image by combining a grayscale image generation algorithm,and then uses a convolutional neural network algorithm to automatically extract these malware image texture features,and at the same time learn and train these features,a malware detection model based on image texture and convolutional neural network was constructed.(3)This thesis also proposes a malware detection technology based on the optimization of model network parameters for the overfitting problem that often occurs in convolutional neural network training process.The size,activation function and gradient descent training of the convolution kernel are studied separately.The influence of convolutional neural network parameters such as optimization algorithm and dropout discard rate on the overfitting problem in the model training process,through the adjustment of different parameters of the model and experiments,finds the optimal model parameters to avoid model training overfitting problems.In addition,an improved activation function is proposed,which not only modifies the distribution of the data,but also preserves the advantage of the rapid convergence of the recorrected linear unit(reLu)non-saturated modified linear function.(4)This thesis also focuses on the problem of low detection accuracy caused by insufficient training of small sample malware image models,and studies migration learning methods based on convolutional neural networks.Two hybrid depth models based on convolutional neural networks are mainly constructed,and these two mixed depth models are pre-trained using minist datasets to make the network parameters optimal.Then the model is fine-tuned through small samples,and finally,the comparison is performed through experiments.It is verified that the migration learning method has a certain effect in improving the detection accuracy of malware under a small sample size.