Research On Online Detection Of Malware Based On Network Traffic Behavior Analysis

As smartphones become more closely connected with people's lives,mobile malware detection has become a key concern in the field of network security.Common methods for malware detection include static analysis,dynamic analysis,and network behavior analysis.Static analysis detects malware from the code level,but it is difficult to deal with hardening,code obfuscation,and unknown applications.Dynamic analysis detects malware by detecting events and behaviors generated during the application execution process on sandbox devices.However,the operation difficulty and resource cost are high,and it is difficult to deploy on small devices.Network behavior analysis detects malware by analyzing network interaction behaviors in network traffic,which overcomes the shortcomings of static analysis and dynamic analysis but is also limited by network traffic data.With the deepening of related research,on the one hand,the mobile application network traffic collected by existing automated tools is increasingly unable to meet the data requirements of researchers.On the other hand,malware and network environments in real scenarios have the characteristics of rapid changes.The detection model needs to be continuously updated to maintain the detection effect.However,most of the existing detection methods are offline detection and lack consideration for online detection.In response to the above problems,this article has carried out the following research work:Aiming at the problem of automatic collection of mobile application network traffic,this paper designs and implements a set of automatic collection tools for mobile application network traffic.Through in-depth automated traffic collection simulation operation level,combined with existing automated testing strategies,new widget extraction methods and page search strategies are proposed to improve the tool's flow collection efficiency.This tool can efficiently complete the automatic collection of mobile application network traffic.Aiming at the problem of online detection model update for malicious applications,this paper proposes an iterative update method based on data selection.This method is based on the idea of inductive conformal to complete the selection of data containing new knowledge and complex knowledge in incremental data and completes effective control of the data scale by setting time-window and data loop selection methods.This method completes the rapid iterative update of the model through data selection and data scale control and then realizes the online detection of the model.Aiming at the problem of online detection model update for malicious applications,we propose a model incremental update method based on ensemble learning.The core idea of this method is to use the existing knowledge to predict the knowledge in the new environment through weight adjustment.By selecting the base classifier in the existing ensemble model,and then adjusting the weight of the selected base classifier through the neural network,the selected base classifier is adapted to the new environment.This method completes the incremental update of the model by selecting and adjusting the weight of the existing base classifier and then realizes the online detection of the model.In summary,this article provides a set of automated collection tools for mobile application network traffic to provide data support for related research.At the same time,two methods that can be used for online detection are proposed,which provide the possibility for the actual application of malicious application detection based on network behavior analysis.