Research On Android Malware Detection Based On Transfer-learning

With the popularity of internet,the spread of Android malware is increasingly rampant and causes great loss to users.The research on Android malware detection is of great significance.While extracting Android Malware features,the problem of single feature choice exists.Besides,the previous researches on Android malware classification based on machine learning algorithm mainly focuses on the malware families with sufficient samples and ignores the malware families with small samples.These malware families can be called Android malware with small samples.They cannot train better classifiers because they do not meet the requirement of sufficient training samples for traditional machine learning algorithms.Transfer learning offers an efficient way to solve the problem of insufficient training samples in the task of Android Malware classification.In terms of feature extraction,based on static analysis,multiple malware features are extracted to characterize different levels of malware.Mapping and transformation algorithm are used to convert the original documents,operation code sequence,permission sequence into three kinds of malware feature images.These features can describe malware's inherent rules from different perspectives.The three kinds of malware feature images will be fused in to a three-channel image.As a fusion feature,this image can characterize malware in a better way compared with single feature.Meanwhile,with the help of CNN's position invariance feature during the process of dealing with images,the visualization of malware code can improve its performance while detecting malware of inserting interference orders and rearranging code.In terms of classifier,the exiting CNN structure is analyzed.By installing joint probability distribution adaptation in the last full connected layer of CNN,the domain difference between the source domain and the target domain will be reduced and the feature portability of CNN will be enhanced.Thus,CNN objective function with transfer learning ability and deep migration neural network will be obtained.The deep migration neural network will be applied into Android Malware classifier.Thus,the classification information of malware families with sufficient training samples can be adapted in order to train classifier of malware families with insufficient training samples.And the problem of insufficient training samples in the Android malware classification task can be solved.In order to verify the effect of three-channel feature image and deep migration neural network in practical application,experiments are conducted based on the Andro Zoo,which shows that the three-channel RGB image can characterize Android Malware in a better way and the deep migration neural network has better performance in malware detection,which can solve the problem of insufficient training samples in the Android malware classification.