| With the proliferation of Android malware,the attack methods of malware are diversified.So the detection and classification of Android malicious code faces great challenges.At present,the rise of artificial intelligence and machine learning methods has produced new techniques and algorithm models for the analysis and detection of malware.Different from the traditional feature sequence based detection method,the deep learning model can better mine malicious features and behaviors,so as to analyze and detect malware more efficiently.This paper focuses on the classification and detection of Android malware,and conducts research based on deep learning methods and its key technologies.The main work is as follows:(1)Based on the semantic vector modeling method of word vector,combined with the characteristics of Android malware and the execution flow of malicious behavior,a feature vector representation method based on word2 vec is proposed.Specifically,in the malicious feature extraction phase,the component information,permissions,and sensitive API calls of the program are automatically extracted from the two dimensions of the application description and the code behavior;in the vectorized representation phase,the malware vector model is constructed by using word2 vec to abstract the text features.A high-dimensional real number vector is used to characterize the similarity and correlation between malicious application features.Experiments show that this method can better characterize malware.(2)Aiming at the key problems of high complexity and time-consuming construction of deep learning model,a new method of feature reduction and sample optimization is proposed,and a malware classification model based on deep neural network is designed and implemented.Specifically,the classifier feature is first selected based on the random forest model,and the central sample is extracted as the training sample by the clustering method.Finally,based on the feature vector model constructed by word2 vec,the classification model of Android malware is proposed.The experimental results show that the proposed method can not only improve the computational efficiency,but also improve the accuracy.(3)Developed a prototype system for Android malicious application classification and detection,which integrate various anti-virus engines and some academic detection methods.It can be applied to the collection of Android malicious samples,evaluation of detection engines,and threat intelligence analysis,etc.,which promote the development of Android malware analysis technology based on deep learning. |
PDF Full Text Request