Research On Android Malware Detection Method Based On Deep Learning

With the continuous development of the mobile Internet,Android system has been favored by the majority of users since its release by virtue of its significant advantages such as high market share,open source and good operating interface.However,the popularity of the Android system and the large number of applications have also attracted the attention of malicious attackers.Attackers develop malicious software with strong purpose,infiltrate the application market through camouflage technology,and induce users to download and install,which brings certain challenges to the existing detection technology.On the other hand,malicious attackers use various evasive techniques to evade existing detection techniques.Therefore,this paper proposes the detection technology of Android malware based on deep learning by making use of sufficient computing resources on the PC and advanced deep learning technology.Compared with previous research methods,the proposed method has further improved the detection efficiency.The main contributions of this paper are:(1)A lightweight Android malware detection method based on single feature is proposed.Through the analysis and research of the permission mechanism,the permission is taken as the feature,and the BP neural network is used to realize the fast recognition and detection of Android malware.Finally,an experiment was conducted on5,560 pieces of malware and 4,006 pieces of benign software.The experimental results show that compared with support vector machines and random forest,the F value of the proposed method can reach 95.06%,and the detection effect is better.(2)A multi-feature Android malware detection method is proposed.First,this paper extracts four types of static characteristics that can reflect the behavior of the application.Secondly,in the process of feature preprocessing,the information gain is used to process features,and the effect of redundant features on classification results is reduced.Finally,taking advantage of the deep belief network to dig the correlation between features,the sample collection was input into the deep belief network for training and parameter adjustment,and the effectiveness and efficiency of the method was verified by experiments,with the F value reaching 96.91%.(3)A method of Android malware detection based on multiple models is proposed.First,on the basis of selecting four types of features and preprocessing that can reflect the behavior of the application,make full use of the advantages of the multi-model to describe the behavior of the application from multiple angles,and input the features to the multilayer deep neural network and the attention-based mechanism In the convolutional neural network,when training and verification reach the optimal detection process,the values of the last hidden layer of the two models are saved;secondly,the saved values are used as the input of the Attention-CNN-GRU model by adjusting the network The structure and parameters are optimized,and the experimental F value reaches 98.74%,which achieves a better detection effect.In addition,this method can modify or replace the feature conversion model according to the characteristics of different features to improve the feature representation ability.