| The Android system occupies most of the share of smart terminal systems,attracts malicious application developers,and poses a security threat to users.Existing detection methods mainly judge the existence of malicious code and analyze malicious families.However,the obfuscation technology will change the features of the application.Malicious developers use this technology to generate malicious application confusion variants,which can bypass existing detection methods and significantly reduce detection accuracy.Aiming at the variant of Android malicious application obfuscation,an efficient and anti-obfuscation Android malicious application detection system AOMDroid is designed and implemented.For different obfuscation technologies,AOMDroid extracts opcode features with different granularity,combines TFIDF algorithm and the difference index of opcode feature distribution before and after obfuscation,calculates the weight of opcode features,realizes the selection of anti-obfuscation features,and converts opcode features into opcode sequence by using the opcode encoding mapping rules,then converts the sequence into a grayscale image to achieve feature visualization.A deep learning detection model combined with image enhancement,Resnet and global average pooling layer is designed to detect malicious applications.The system can resist mainstream obfuscation technology,can detect whether the application contains malicious code,analyze the malicious family of the detected malicious application,deploy it on mobile devices,support real-time monitoring of application installation and update behavior,automatically detect malicious applications and display the detection results to remind users to uninstall the detected malicious applications.Through experiments to verify the efficiency and detection accuracy of AOMDroid,compared with related advanced detection methods,AOMDroid has obvious advantages in resisting confusion and detection efficiency.Based on 4631 benign applications and 5560 malicious applications,AOMDroid's accuracy of detecting the presence of malicious code in Android applications is 96.35%,and the accuracy of detecting obfuscated applications is 94.55%.For malicious applications,AOMDroid's malicious family detection accuracy is 95.31%,and after sample confusion,the detection accuracy is 89.96%.On mobile devices,the average time spent by AOMDroid to detect a single application is 3.211 seconds.Experiments show that AOMDroid detects malicious applications efficiently and accurately,and effectively identifies malicious application obfuscation variants,and the effect is superior to existing advanced Android malicious application detection methods. |
PDF Full Text Request