Research On Android Malware Detection Method Based On Network Traffic Analysis

With the rapid development of technology,mobile applications have become an integral and important part of people’s lives.The open source nature of the Android operating system makes it a major cause of attack by malware attackers.Malware attackers use techniques such as repackaging and code obfuscation to hide malicious behavior in network traffic to evade detection by existing methods,posing a great challenge to traditional machine learning detection methods.Mobile applications are Internet-mediated and expose distinct features in network interaction traffic when malware performs malicious operations.In this paper,we use network traffic features combined with cutting-edge deep learning methods for Android malware detection based on traditional malware detection theories.Firstly,a traffic feature extraction method based on CICFlow Meter and USTC-TK2016 is established to address the problem of complex and diverse network traffic data features and the difficulty of extraction.The statistical and behavioral features in network traffic are extracted using CICFlow Meter and saved to a csv file.Meanwhile,the global session-level traffic features of network traffic data are extracted using USTC-TK2016,and the network traffic data are sliced in terms of sessions,and the sliced data are converted into grayscale maps and then into IDX input format commonly used in deep learning,which retains all information of the traffic and effectively solves the problem of information loss in the feature extraction process.Secondly,for the dynamic volatility of network traffic sequences,the continuity of behavior and the complex form of protocol data structure,it is difficult for traditional detection methods to capture abnormal network traffic features,and this paper proposes a CNN-GRU spatio-temporal fusion based Android malware detection method.Based on the traffic features extracted by CICFlow Meter and USTC-TK2016,CNN is used for learning the spatial dimension to capture the spatial structure features in the form of network traffic matrix,and GRU is used for learning the temporal dimension to achieve Android malware detection.The method overcomes the limitation of manual feature selection,makes full use of the spatial and temporal features of network traffic data,and effectively improves the detection capability.Finally,Android malware detection experiments were conducted based on network traffic data using the CIC-And Mal2017 dataset.The methods of feature extraction,data processing,model training,and final prediction were established,and the effectiveness and accuracy of the proposed method in this paper were verified through experiments.