Design And Implementation Of Multi-classification Tool For Android Malware Family Based On Knowledge Graph

With the continuous evolution of Android malware,malicious applications have evolved from a single attack method to a complex multi-purpose attack method,posing a huge threat to user privacy and device security.Android malware detection and malware families have been ad-hot of academic research.Although the researcher have proposed many malware family classification tools and approaches to classify malware family,there is still a lack of a Android malware family knowledge graph(KG)to understand the true characters of different malware families.And most of the classification tools can only identify a single label for malware,which cannot accurately identify all family label of multiple family malware samples.To fill the gap,in this paper,we have designed and implemented a multi-classification tool for Android malware families based on the knowledge graph to identify and classify malware.The specific work of our work is as follows:(1)Designed and implemented a semi-automated approach to collect a reliable and up-to-data Android malware dataset.First,we identified family name and APK file IoCs from the crawled security report,which was post by leading security companies,and then downloaded the malware APK file based on the identifier.Finally,we build Malscope dataset,which contained 4,247 malware belonged to 116 different malware families.(2)Developed an automated Android application feature extraction tool,which can quickly extract thirteen different dimensions of static features of the application from the APK binary file。(3)Based on the reliable and up-to-data malware dataset,we build a android malware family knowledge graph,which contained 22 malicious families,3,524 malware samples,308,904 nodes,and 1,110,898 edges.(4)Designed and implemented a multi-classification tool for Android malicious families based on the knowledge graph,we developed two different multi-label classification tools using machine learning algorithms,and evaluated the classification result of the model on a test set of 5,000 samples with two family features,the accuracy of the classifier based on text semantic vectors using the ML-KNN algorithm exceeds 90%.In this paper,the result show that our malware family multi-classification tool based on the knowledge graph can be used to identify and classify Android multi-label family malware.