| As mobile devices become widely used,the Android operating system plays an important role in human social life.At the same time,the number of malicious software attacks on Android is increasing gradually,posing a huge threat to the privacy and property security of Android users.Most Android malware needs to attack in a networked environment and generate malicious network traffic during the attack.Therefore,using network traffic for Android malware detection has become a research direction worthy of in-depth study.So far,many detection methods based on traditional machine learning have been proposed by scholars at home and abroad,but these methods are heavily dependent on feature engineering,resulting in classification performance that is difficult to meet the actual security needs.In recent years,deep learning has achieved excellent results in fields such as speech recognition,natural language processing,and image classification,which has also brought new opportunities for using network traffic to detect Android malware.Therefore,some researchers have used deep learning methods for Android malware detection and classification,but these deep learning-based studies have low multi-classification accuracy or more focus on the use of neural network models,ignoring the exploration of the internal structure of network traffic.How to improve multi-classification accuracy and effectively use network traffic for Android malware detection and classification have become two urgent problems to be solved.In response to the problems in the existing methods,this paper proposes the following solutions based on the above research.(1)This paper proposes a solution to address the issue of low multi-classification accuracy in Android malware detection,by introducing a mixed deep learning model based on convolution and residual methods.The original network traffic data from the CICAnd Mal2017 and CCCS-CIC-And Mal-2020 datasets are pre-processed and effective network traffic features are obtained through cluster analysis.The mixed deep learning model is constructed to improve the accuracy of Android malware classification,and batch normalization is added to prevent model overfitting.Finally,a series of performance metrics are used to evaluate the model.Through ten-fold cross-validation,experimental results show that the proposed method achieves 98% accuracy in category classification(four-class)and 97% accuracy in family classification(thirty-five class),outperforming existing algorithms.(2)In response to the problem of ignoring the analysis of network traffic preprocessing in some deep learning-based models,this paper proposes a graph neural network-based method for detecting and classifying Android malware.Firstly,the network traffic data from the CICAAGM2017 and CICAnd Mal2017 datasets are preprocessed to generate effective traffic,and then a network traffic graph is constructed using the message passing network algorithm.Secondly,a graph neural network model is constructed to obtain the embedding representation of the network traffic graph features.Finally,the embedding representation is fed into a classifier to obtain the detection and classification results.Experimental results show that by analyzing the internal structure of network traffic,the proposed method can achieve a detection accuracy of 97% and a classification accuracy of 95%,which is higher than some deep learningbased models.In conclusion,this study addresses the challenges of low multi-classification accuracy and the neglect of analyzing network traffic structure in existing research methods.The two proposed solutions in this paper demonstrate superior performance compared to current algorithms,thereby further advancing the research progress in Android malware detection and classification. |
