Research On Android Malicious Code Recognition Based On Image Features

In recent years,the wide spread of mobile Internet technology has gradually drawn more and more attention to the security of mobile applications.As a popular smartphone operating system,the security of Android system has naturally been widely concerned by the public.How to detect and identify malicious code efficiently becomes the key issue to protect user information security.This thesis mainly focuses on the effective extraction of image features of Malicious Android code and the design of the classification system model using machine learning algorithm.The main work is as follows:1.This thesis proposes to convert binary code files in the APK installation package of Android applications into corresponding image files to extract effective image feature information.In the binary code file,each byte corresponds to an encoding range from 00 to FF,which corresponds exactly to 256 pixel color levels in the grayscale pixel.Therefore,the application can be divided into each data block,and the data block can then be converted to the corresponding matrix and mapped to a grayscale image according to the above rules.2.Due to the limited information content of grayscale images,in order to make the obtained image features carry more effective information,the binary code files are transformed into grayscale vectors and then mapped into color channels to form color images with more information content.Then calculate the entropy of the.dex code file in the Android application installation package and use the result as the transparency of the image.The conversion process of the corresponding binary code to the RGB image information with transparency is realized.Finally,the identification and detection of malicious Android code are completed through the convolutional neural network.3.In order to realize the Android malware classify the family belongs to the judge,the purpose of this article USES Flow Droid analysis tools to analyze the Android malware,then get the invocation of the relationship between different functions in the application,then the function call relationship is obtained by the corresponding algorithm for dimension reduction operation can reflect the function relationship between different functions in Android applications of two-dimensional image information,make internal structure characteristics of malicious code more clear.Similar malicious code families usually have similar function call relations.According to this principle,K neighbor classification system is designed to realize classification and recognition of 2d function relation call images and realize classification judgment of malicious code.4.According to the methods of malicious code identification and classification proposed above,this paper designs and conducts a series of experiments for verification.More than 2,600 Android apps were selected for the experiment,including 1,250 Android malware apps and1,400 non-malware apps from 40 different families of malware.Finally,the experimental results show that the system can effectively detect malicious programs and identify the kinds of malicious programs in the family to which the system belongs,with an accuracy of 95.20%,achieving the expected experimental objectives.