| Security has become a major concern in today’s smartphones,especially since mobile malware attacks are becoming increasingly sophisticated and widespread.Android,one of the leading operating systems for smartphones,is an attractive target for attackers.However,existing detection techniques require expert domain knowledge to design features,and malware can change its fingerprint to bypass such detection.Therefore,new feature engineering methods need to be proposed to adapt to ever-varying malware to alleviate the problem of classifier aging and improve classification accuracy.This paper proposes two methods for detecting and classifying Android malware.(1)A lightweight multi-source Android malware detection model that can be deployed on Android terminals has been proposed.The model consists of two modules: a static analysis module and a feature fusion and prediction module.The static analysis module extracts multidimensional features by analyzing metadata,permission lists,binary,and other information of Android application installation packages,using improved base models such as residual shrinkage network and bag-of-words model.The feature fusion and prediction module uses an improved soft voting algorithm to integrate the learning of each base model and complete feature fusion,enabling a low computational overhead but efficient malware detection framework.(2)A graph representation-based learning model for Android malware classification has been proposed.The model is divided into two main modules: a disassembly and graph generation module and a feature processing and classification module.The disassembly and graph generation module uses static analysis techniques to disassemble the Android application,obtain Smali code,and obtain control flow graphs and data flow graphs.The feature processing and classification module uses a modified capsule graph neural network to fuse control flow graph features with data flow graph features and achieve improved malware classification accuracy through a siamese network structure.This framework extracts multiple graphical representations of Android applications to exploit the malicious code features captured from different graphs,thus enabling better focus on Android malware features and higher accuracy classification of Android malware using the proposed siamese capsule graph neural network.The above-mentioned model was extensively tested on public datasets such as CICInves And Mal2019,CICMal Droid2020,and Drebin(2012),as well as on real Android devices.The experimental results showed that the first proposed method achieved a 1.5% detection accuracy improvement compared to the current existing methods while significantly reducing computational complexity.The second proposed method achieved a 2.6% improvement in classification accuracy and a 2.4% improvement in accuracy compared to the current mainstream antivirus software. |
PDF Full Text Request