Research On IOS Malware Detection Based On Transfer Learning Convolutional Neural Network

In the field of malicious software detection on iOS systems,due to the system’s closed nature,analyzing the behavior of applications requires reverse engineering and hooking techniques.Research on malicious software detection on iOS systems mainly focuses on static detection methods,resulting in high false positive rates and delayed detection.Additionally,some malicious sample families have a small number of samples,leading to overfitting of the trained classifiers.In this paper,we propose an improved method to address these issues.The specific research work is as follows:(1)To address the difficulty of obtaining dynamic features of iOS malware datasets,we designed a dynamic monitoring framework to capture real-time API call sequences of applications and saved the captured data as the source of dynamic dataset in this study.To preprocess the data,we used matching algorithms to filter out sensitive API sequence data that are relevant to malware detection.The sensitive API character sequences were then converted into a matrix using One-Hot encoding.We calculated the sequence weights using the TF-ISF algorithm and combined the obtained matrix with the weight vector to visualize the sensitive API sequence features.In addition,we improved the feature extraction by converting the sample IPA files into grayscale image features of the application.(2)This article proposes a method to train models based on an improved Res Net convolutional neural network.The method introduces SE modules into the Res Net network to optimize features and uses the Swish function in the fully connected layer to improve the accuracy and convergence speed of the model.The improved SENET network is used for comparative experiments on dynamic,static,and hybrid feature detection of iOS malware.(3)To address the problem of overfitting caused by too few samples in some iOS malware family,this article proposes a CTLN model based on transfer learning.It trains a one-dimensional convolutional neural network on the training dataset and forms a stable1T-CNN.Next,the transfer learning module is entered,and another neural network,1ECNN,is trained on the experimental dataset,which is concatenated with 1T-CNN,and the network parameters are fine-tuned.The features obtained by mapping the test data into the CTLN network through the connection layer are classified by KNN,and the category of the malware in the test data is output.This paper conducted a 5-fold cross-validation experiment and compared it with state-of-the-art research results.The results show that in the iOS malware detection method based on an improved Res Net convolutional neural network,the hybrid detection method is superior to the single detection method,and the hybrid detection method based on the improved Res Net convolutional neural network proposed in this paper is superior to the state-of-the-art research detection method.In addition,the detection method based on transfer learning convolutional neural network in this paper improved the problem of insufficient training samples in the above hybrid feature detection method based on the improved Res Net convolutional neural network,and performed better than the state-ofthe-art research results in the experiment of specific malware classification.