Research Of Android Malware Detection And Classification Method Based On Reachability Relationship Extraction Technology

With the development of mobile Internet,intelligent devices and Io T devices based on Android systems are widely used,at the same time,the number of malicious software targeting Android systems continues to increase.The malicious behavior of Android malware not only infringes the legitimate interest of users,but also causes huge economic losses to the society.Accordingly,it is especially important to find an efficient and accurate method for Android malware detection.In this process,in order to obtain richer semantic information from Android software entities,many Android malware detection and classification methods based on graph structure patterns have been born,but these methods generally have two key problems: In most cases,the accuracy and the rate are incompatible,so it is difficult for these Android malware detection and classification methods to complete the task accurately and efficiently.At the same time,the most existing research has ignored the deep relationship between malware,which leads to the problem that Android malware detection and classification methods have insufficient anti-aging ability and generalization ability.In order to solve the above problems,the following research work is done in this paper:(1)In order to obtain accurate relationship information between Android software and significantly reduce the dimension of feature data,a heterogeneous graph compression algorithm based on reachability relation extraction(Graph Compression Based On Reachability Relation Extraction,GCRR)is proposed.The GCRR graph processing algorithm extracts and synthesizes the abundant reachable relation information between APK through the operation of the infinite power series of the n order relation matrix,and compresses the APK-API large-scale heterogeneous relation graph into APK weighted homogeneous graph.This paper analyzes the rationality and feasibility of the GCRR graph processing algorithm through rigorous mathematical derivation,which provides a complete theoretical support for it.(2)An Android malware detection and classification method named GCDroid is designed.This method takes the GCRR algorithm as the core,comprehensive and deep excavation of the extracted feature information,and compress the feature dimension.Finally,the compression result inputs the graph convolution networks to complete the APK classification task.Experiments show that GCDroid greatly reduces the required time consumption while achieving improved the detection accuracy.Compared with the existing excellent static Android malware detection methods,GCDroid not only improves upon their detection accuracies by 1.53%-39.13% on different datasets but also achieved the highest classification accuracy of 95.17% in the Android malware classification task.Compared to other similar baseline methods,GCDroid consumes one-tenth or less of the time than the rest of the methods for detector construction,software sample testing,etc.In addition,because GCRR extracts the deep higher-order relationship information between APKs,GCDroid has better generalization ability and anti-aging ability than the baseline comparison methods.