Method And Implementation Of Android Malware Detection And Malcode Localization

In recent years,the Android operating system has become the most popular mobile platform for users and service providers.While the open source of the system provides user convenience,it has to face a large number of malware threats.Therefore,the malware detection for Android applications has become a crucial step towards securing your system.Existing malware detection methods are mainly divided into two categories: the static detection and the dynamic detection.Most current static detection methods can only provide“malicious / benign” judgment results.As it is impossible to determine whether a certain detection is a misjudgment,security analysts possibly need further tedious manual analysis to determine whether a malicious behavior pattern is included.The dynamic detection can make accurate judgments based on the behavior of the program,while it tends to be time consuming due to the need for program execution.When it comes to the automatic detection of a large number of applications,the dynamic detection methods are more easily bypassed with some simple tricks.As a result,the malicious behaviors will not be triggered during the running time,and the malware eventually evades detection.To solve these problems,this thesis proposes a deep learning-based Android malware detection and malicious code location method.To begin with,the program analyzes the instruction bytecode in the APK file to extract instruction fragments,method sets,and API sets.According to the calling relationship between methods,static analysis is used to splice instruction fragments,and traverse the instruction sequence that the program may trigger during running time.Extract the API sequence from the sequential instruction codes as the feature sequence of the application program.Then,this thesis adopts a vectorization method which extends the API to multi-dimensional vectors with instruction context semantics.Finally,the Bidirectional LSTM model is used to train the feature sequences of malicious and benign program samples to obtain a classifier that automatically detects Android malware.The Android malicious code localization method is based on the detection model and changes the structure of the malware detection model by introducing layer for weight distribution.This solution calculates the contribution value of each API the from the sequence to the classification result,and the weight of each area indicates some of the most suspicious code segments.This locating method can accurately discover the package name,class name,and method name of the malicious code.The samples selected for the experiment included 9616 pieces of malware and 11982 benign applications,covering 65732 different APIs.The experiments evaluate the detection effect on various malware families.The method in this thesis achieves an accuracy of 97.22% and an F1-score of 98.21%.It proves that the proposed Android malicious code localization methods can successfully catch malcode fragments in the program with a 91% hit rate.