| Android system has become the largest mobile smart system in terms of users nowadays because of its openness,but this has also attracted a large number of attackers to profit from it through malwares.Therefore,ensuring the information security of Android mobile system users has become an urgent problem to be solved.A large number of studies have used machine learning models to detect malwares,but such methods are not comprehensive enough to deal with the features and cannot deeply explore the implicit semantic information of the features,so the accuracy rate is often not high,and they can not adapt to the rapidly changing Android environment,and the detection effect is even worse when facing the changing malwares.This thesis addresses the problems of existing research and proposes a detection model based on deep learning for multi-feature implied semantic mining,which fully exploits the feature implied semantic information and improves the detection effect.The main work of this thesis includes three parts:first,the visualization method of opcode and the feature extraction method based on ViT(Vision Transformer)model is proposed.In this thesis,the code block is used as a unit to map the opcode sequence into pixels using text processing and construct an image,and the ViT model is used to learn the feature representation of the image.Second,a method is proposed to construct API call graph features based on basic blocks and use convolutional neural networks to learn the semantic information of APIs.This thesis first designs a multidimensional API weight calculation method to filter API features,and constructs directed weighted graph features of API calls based on the order and frequency of API calls,and finally uses a convolutional neural network to learn the application behavior information contained in API call graph features.Third,a malicious application detection model based on multi-feature implied semantic mining is proposed,which integrates feature extraction methods of operation codes and APIs with sensitive permission features as feature vectors after semantic mining,selects neighboring data using clustering and multiple classifiers with dynamic esemble solution DES,and trains multiple classifiers,and selects the best-performing classifier dynamicly for prediction to get the final detection results,achieving better detection effect of malicious applications.This thesis implements the above and conducts experiments and compares them with related studies,and the results show that the detection method proposed in this thesis is more effective.The feature construction,extraction method and model design proposed in this thesis have some reference significance. |
PDF Full Text Request