| With the popularity of mobile smart terminals in people's life,Android has become the most popular operating system.Android malware is hidden in a large number of benign software,which poses a great threat to users' privacy and property security.Traditional malware detection methods mainly rely on attributes such as permissions and components,which cannot capture the comprehensive semantic and structural features of software programs,and thus are easily bypassed by attackers who change the feature code data through obfuscation techniques.Although detection methods based on machine learning or deep learning have better detection effects,the black-box nature of their algorithms or models leads to the lack of certain interpretability of their analysis results.To address the above problems,this paper investigates Android software feature extraction methods and interpretable software classification methods based on behavioral sequences.Firstly,the software function call graph is analyzed using key authority,so as to construct a function call sequence characterizing the key behaviors of software;then,the hierarchical attention network is used to realize the detection and classification of malware.The research work in this paper focuses on the following three points.(1)To address the problem that single permission and function calls cannot effectively characterize software maliciousness,this paper performs correlation analysis on function call graphs using key permissions related to software categories through information mining techniques to obtain function call sequences characterizing software key behavioral features.By comparing with the software call sequences detected by the sandbox system,it is found that the two are consistent in behavior patterns,which proves the effectiveness of the proposed method in extracting function call sequences and key behavioral features.(2)To address the problem of complex semantic information of behavior sequences and lack of interpretability of deep learning algorithms,this paper identifies important behavior sequences as explanatory notes of software maliciousness by using hierarchical attention mechanism;and constructs a vector representation of software for neural network classification model to classify and detect them.Through experimental comparison with other machine learning methods,it is found that the proposed method in this paper outperforms the comparison algorithms KNN and Xgboost on Android malware detection task,which proves the effectiveness of the proposed method in this paper.(3)A malware classification and detection system based on behavioral sequences is designed and implemented,which integrates the studied algorithms into the corresponding modules and uses a good user interaction interface to accomplish the classification task.Its input is the unlabeled Android software data,and the output is the corresponding classification label of this software. |
PDF Full Text Request