Research On Android Malicious Code Location Technology Based On Neural Network

With the continuous improvement of the Android system and the constant popularization of smart phones,Android phones have accounted for a large proportion of the market.A large number of criminals have set their sights on the Android market and developed various Android malicious applications for private gain.Most of the current detection methods for Android malicious applications can only provide the conclusion of whether the application is malicious.The form and specific location of the malicious code cannot be detected,which makes people unable to better understand the information of malicious behavior and respond to Android malicious variants.Aiming at the above problem,this thesis adopts methods of object detection in computer vision,analyzes the behavioral characteristics of malware and studies the Android malicious code location technology using neural network technology.This thesis proposes an Android malicious code location algorithm based on neural network.The algorithm includes three parts:extracting context-aware sensitive code from Android decompiled code,labeling sensitive code samples based on PU-learning algorithm,and designing a deep neural network based on bidirectional LSTM structure.This thesis studies the method of extracting sensitive code based on behavior patterns.Through decompiling the APK,this thesis constructs a context-aware control flow graph and discovery the entry points of the Android application.This thesis constructs a sensitive API dependency graph based on the control flow graph,and extracts context-aware sensitive code execution path from it.The thesis considers the code execution context and designs sensitive code extraction algorithms.Aiming at the problem that the existing data set does not have malicious labels at the code level,this thesis designs a labeling algorithm based on PU-learning algorithm to label reliable malicious code from Android malware applications.This thesis uses the Spy algorithm process and adapts it to the Android code features.The thesis designs a positive sample selection algorithm based on K-means clustering algorithm and a reliable negative sample threshold selection algorithm.Based on the malicious behavior characteristics of Android malware applications,this thesis designs a joint coding method for API and context based on word2vec.This thesis proposes a neural network model based on bidirectional LSTM.Adding multiple layers of dense connections makes the model better learn features and innovatively combining the multi-head attention mechanism with a bidirectional LSTM allows the model to selectively combine features.In this thesis,the effectiveness of each part of the algorithm is verified through sufficient ablation experiments.This thesis verifies on a dataset containing 24533 malwares and a total of 97975 Android applications.The detection accuracy rate is 94.2%,Compared with existing methods,the algorithm proposed in this thesis can not only achieve considerable accuracy rate,but also provide detailed locations of malicious code.This thesis implements an android malicious code location system based on client-server architecture.Users only need to install an application on their mobile phones,and they can easily access the system to locate android malicious code.Test results show that the system can respond to user requests in time and return correct results.