The Research And Implementation Of Android Malware Detection System Based Image Mode

The booming mobile Internet not only facilitates people's real life and communication,but also greatly elicits the proliferation of malware in mobile systems.Malware exploits Android system design flaws and vulnerabilities,as well as malicious code reuse techniques,to generate massive malicious samples in a short period of time.Most of the existing detection techniques have disadvantages like long analysis time,single feature extraction,and the inability to maintain flexibility for confusing applications..In order to detect malicious applications more efficiently and accurately,this thesis combines image texture features,Dalvik instruction sequence features and machine learning methods and proposes a malicious application detection technology based on image mode The main work of this thesis is as follows:(1)A gray image generation algorithm based on AndroidManifest.xml manifest file and DEX bytecode file is proposed to detect Android malicious applications.Aiming at the problem that the traditional detection scheme features a rough single feature extraction and low feature processing efficiency,this thesis combines the manifest file and the bytecode file to generate grayscale images,and then extracts the local and global features of the image texture through various texture feature extraction algorithms.Algorithms such as histogram equalization optimize the image.Experiments show that this method can effectively extract the application features and improve the feature extraction speed.(2)A feature extraction scheme is proposed that simplifies the classification of the Dalvik instruction set and replaces the Dalvik instruction with formal instruction symbols,and generates a Dalvik instruction symbol sequence feature vector using the SimHash algorithm.By combining texture features and text features,it is possible to accurately match the behavior patterns and spatial arrangement patterns of malicious applications,and effectively improve the detection capability of the detection scheme.(3)Designed and implemented the Android malicious application detection system,and improved the computing and storage capabilities of the system by using various technologies such as message middleware technology and big data technology.The system uses the online APK detection platform as the scene requirement,and is divided into user interaction layer,Web Server layer,Redis cluster layer and distributed cluster layer,which can successfully implement the function of online analysis application.Finally,the system was tested systematically to verify the effectiveness,robustness and security of the system.