Research On Android Malicious Code Detection Based On Deep Fusion Features

Smartphones have gradually become one of the main ways for the general public to obtain information services and handle personal business.The Android mobile phone operating system has gradually become the first choice in th e smartphone operating platform with its excellent user experience,so some criminals will profit from the Android malwares according to stealing user privacy information and sending phishing messages.Due to the insufficient supervision of the Android application markets and the difficulty of detecting malicious applications,the malicious applications in the Android phone platform are ubiquitous,which not only brings the lack of user experience,but also causes the user's economic loss.Now the detection methods adopted by the major Android markets are mainly detected by using application signature.This method has a lot of loopholes,and it is easy for criminals to evade detection through confusion techniques.Therefore,researching on the Android applications,detecting and identifying the Android malicious application is not only academic but also practical.The existing Android application analysis technology is mainly divided into static analysis and dynamic analysis.In view of the characteristics of the Android application and the practical usability considerations,this paper uses a static analysis method combined with deep learning methods to detect Android malicious applications.Existing research methods perform malicious code detection by constructing structured features which ignoring sequence data.This paper constructs sequence data from the control flow perspective mining method call graph,and from the data flow perspective mining the API call graph.At the same time,the method of abstracting representation method and API is proposed in the sequence data.Existing Android application visualization by mapping binary files to images,but often the size of the visualized images is inconsistent,this paper proposes a new visualization method which using op-code,specifically by calculating the operation code transfer probability and regularize on the same size picture.Android applications have integrity characteristics,and existing researches are often limited to a single feature.This paper proposes an Android application detection method using fusion features.The Android application features of different levels are merged,and the Android application is classified by machine learning classification method to detect and identify malicious applications in Android applications.The method proposed in this paper can better capture the actual behaviors of the Android application.The final F1 value of the experiment based on the fusion feature is 0.961,which is better than the contrast experiment.