Mobile Terminal Cracked Software Recognition Based On Machine Learning

In the Android platform,the cracked software not only infringes the digital copyright rights of legitimate software,but also becomes a common carrier to spreading malicious software which threatens the personal information security of software users.After analysis,we found that there are three main cracked methods for Android software: Java bytecode payment cracked,database cracked and dynamic link library logic cracked.Based on machine learning algorithm,we propose some detection methods for identifying various cracked software.On this basis,a detection system of Android cracked software based on machine learning is designed by us.The research work of this paper will be carried out from the following four aspects:(1)When detecting Java bytecode payment cracked software,the features constructed by existing detection methods have a lot of noises.In order to solve this problem,we present a machine learning detection method based on function call flow and control flow.This method constructs the payment function call control flow and the database assembly code list from the function call flow and control flow.On this basis,we extract the n-gram probability feature and the frequency feature of repeated code sub-block respectively.Then two groups of features are used to train two detection classifiers based on machine learning algorithm.The detection results of classifier are fused with decision mechanism algorithm to realize the recognition of target software.(2)The feature extraction technique used in the Android malware detection method cannot extract features from the data store of Android software.In order to solve this problem,we present a detection method based on RGB image.It uses RGB visualization technology to construct RGB images from the data store of Android software for training VGG16 neural network model.The neural network model shows good performance in image processing and target detection.Using VGG16 neural network can effectively solve the problem that the detection method relying on feature extraction technology cannot detect this kind of cracking software.(3)Multiple dynamic link library files of Android software are independent of each other.However,the code in these files has a relationship that calls each other.The existing feature extraction techniques and detection methods can not accurately represent this complex file relationship.In order to effectively identify the dynamic link library logic cracked behavior in Android software,we propose a multi-modal feature fusion detection algorithm.The method organically fuses multiple dynamic link library files into a set of feature vectors with gray visualization technology,VGG16 neural network and relational network to organically.The vectors can effectively express the complex file relationship between multiple dynamic link libraries.The eigenvectors are calculated by the activation function layer.The calculation result is used as the detection result of the final model to identify the existence of dynamic link library logic cracking in Android software.(4)In the production environment,there are various types of cracked software.In order to solve this problem,based on the above three detection methods,we design an Android cracked software detection model based on machine learning.The system uses the detection model constructed in the above three detection methods as a sub-classifier to detect various types of cracked behaviors in Android software.