Identification Of Android Malware Family Based On Deep Learning

Today,with the rapid development of the mobile Internet,the Android operating system is already the mainstream operating system in smart mobile devices,and malicious application software that appears in the Android operating system has also risen.The gradual expansion of the size of the malware makes the problem of identifying the malware's malicious family a very worthwhile study.This article focuses on the identification problem of the Android malware family,using file visualization methods and deep learning techniques commonly used in the field of image classification to develop the following research content:(1)Research on the processing scheme of Android files with three algorithms of B2 M grayscale visualization,information entropy visualization and pseudo-color visualization based on image enhancement,and propose a three-channel RGB coloring scheme for Android visualization processing And through the comparison of the visualization results of the four visualization programs and the judgment model of the Android malicious family.(2)For the two problems of large volume and large noise caused by the visualization results of Android files.This article combines the Android system architecture and application characteristics with the malicious family characteristics of malicious applications,and proposes a solution for Android feature combination visualization.It proposes 7 feature visualization combination methods and evaluates the best feature combination solution through experiments.(3)Apply Res Net residual network learning framework that performs well in the field of image classification to the training process of the Android family discriminant model.Combining the data processing method of Android file visualization and feature combination,the Res Net network learning framework design for Android malicious family judgment is completed.In addition,experiments were conducted using malicious family data sets with 4,8,12,16,20,24,36,and 46 families to verify the availability of Res Net network structure for Android malicious family judgment.This article confirmed through experiments that the three-channel RGB visualization scheme has a good application effect on the identification of Android malicious families.The best feature combination scheme of the three features of classes.dex file,resources.arsc file and META-INF directory can achieve a good family judgment effect under the condition of effectively reducing the amount of visualization data.Finally,combining the previous best visualization scheme and the best feature combination scheme,experiments were conducted on 8 datasets with different numbers of families.It is proved that the Res Net network structure can produce an Android malicious family judgment model with a good fitting effect when the number of family samples is sufficient,and the average accuracy rate reaches 93.2%.