Network Traffic Detection Method Of Android Malicious Application Based On Deep Learning

With the rapid development of mobile Internet,various Android applications bring great convenience for mobile Internet.However,due to the open-source nature of Android system,many malicious applications have also been generated,posing a serious threat to network security.Previously,researchers mainly based on static code and dynamic behavior to identify and classify Android malicious applications.These two methods are too complex to be widely used.Because malicious applications perform malicious behaviors through channels such as Botnet,malicious applications can be analyzed and detected by analyzing the network traffic generated by malicious applications.Android application network traffic analysis method based on machine learning is the most popular Android application network traffic analysis method at present,but this method mainly depends on the extraction and selection of traffic characteristics.The deep learning method based on neural network can automatically extract data features,so it has been widely developed in image processing,speech recognition,natural language processing and other fields.In recent years,researchers have gradually applied it to the field of network traffic detection.Based on the deep learning method,this paper analyzes the network traffic data generated by Android applications.The specific research work is as follows:(1)In view of the dependence of traditional machine learning based mobile network traffic analysis methods on Feature Engineering,convolutional neural networks(CNN)is applied to mobile network traffic analysis and detection.In this method,the traffic generated by Android application traffic data is transformed into image data,which is used as convolutional neural network input to solve the problem of artificial feature extraction and feature selection,and reduce the computational complexity.In this paper,the method is compared with the traditional machine learning Android application traffic detection method.The experimental results show that the method has obvious advantages in accuracy and recall.(2)Considering the hierarchical structure of network flow packet flow bytes of Android application network traffic,a traffic detection method based on the level of two-way long short term memory network(LSTM)is proposed.This method effectively utilizes the excellent timing feature extraction ability of LSTM,and learns the timing features of Android application network flow and packets through bidirectional LSTM.The experimental results show that this method is superior to the traditional machine learning Android application network traffic detection method in recognition accuracy,and the overall accuracy of this method is better than the convolutional neural network Android application network traffic detection method proposed in Chapter 3.The work of this paper shows that deep learning has a good application prospect in the field of Android application network traffic detection,with the advantages of high accuracy,strong practicability,low computational complexity and so on.