Automatic Detection Of Android Malware Based On The Appliaction Behavior Divison

With the explosive growth of Android malicious applications in recent years,the Android system is now facing unprecedented challenges.Hackers have applied software protection technologies such as software packing and code obfuscation to malicious code,making malicious application detection work difficult.In the current Android malicious application detection work,detection methods can be classified into singledimensional feature-based detection and multi-dimensional feature-based detection,based on the selection of several types of features.Singledimensional feature-based detection methods are susceptible to being bypassed by specific malicious applications due to their limited feature types.Most of the multi-dimensional feature-based detection methods lack analysis of differences between different types of features or within the same type of features,resulting in redundant features that can affect the accuracy and speed of model classification.To address the above issues,this paper proposes an Android malicious application automated detection method based on application behavior partitioning.The main research contents and achievements of this paper are as follows:(1)In response to the lack of feature set optimization methods in the field of Android malicious application detection,this paper proposes an application behavior partitioning method.It removes redundant features and optimizes the feature set through two processes:feature selection and feature partitioning,thereby improving the classification performance of the feature set.In the feature selection process,this paper compares and analyzes the numerical differences in the occurrence frequency of different-dimensional features to identify redundant features.In the feature partitioning process,this paper extracts user interaction information from Java-level API calls to partition the application behavior sequence into user-conscious behavior sequences and application covert behavior sequences,avoiding mutual interference between user-conscious behavior and application covert behavior.(2)The user-conscious behavior sequences and application covert behavior sequences obtained from Research Content 1 are both time series features with high complexity and multiple dimensions.Traditional machine learning algorithms such as Random Forest commonly used in Android malicious application detection struggle to handle time series features.To address this problem,this paper proposes a dual-channel application classification model called 2ch-LSTM-TCN.It optimizes the extraction of application behavior sequences using the LSTM model and then models the sequence features using TCN after reducing the complexity of the time series features.Experimental results demonstrate that this method outperforms traditional machine learning models as well as LSTM and TCN models in terms of classification performance for time series data.(3)Based on the aforementioned research content,this paper has developed an Android malicious application automated detection system to achieve the detection of malicious applications.In terms of the dataset,this paper utilizes the open-source Android malicious application dataset CICMalDroid2020 and constructs a malicious sample set based on recent popular wild malicious samples.Additionally,a benign sample dataset is created by crawling 658 latest benign samples from the 360 Mobile Assistant platform.Experimental results demonstrate that the implemented prototype system can effectively distinguish between Android benign applications and malicious applications,achieving an accuracy rate of 94.8%and a recall rate of 93.3%.