Android Malware Detection System Based On Multi-class Features And Deep Learning

With the continuous development of smart devices,Android systems have a higher market share.Various Android app markets are growing rapidly,but the openness of the Android system and the regulatory tools of weaker apps have spawned an amazing number of malicious applications.There are many studies focusing on the identification of Android malicious applications.Machine learning-based methods mainly collect features such as permissions,intents,and Java code information.Due to the difficulty of decompilation and analysis of native code in Android applications,almost all research focuses on the Java code level,ignoring the analysis of Native layer code.This research wants to solve the problem that Android malicious application detec-tion tool does not detect Native code and can not analyze the security of native library files.An Android malicious application detection tool based on multi-class features and deep learning is proposed.The tool incorporates three levels of features.The first is the permission feature in the Manifest.xml file.The second is the API call feature in the Java code layer.The third is the API call feature in the Native layer.The complete Jave layer and Native layer feature information are constructed,which can accurately reflect the behavior characteristics of the application,and can also effectively detect malicious applications that hide malicious behavior in the Native layer.The specific works are as follows:1)This dissertation designs the corresponding algorithm for the Native code of the native layer,and incorporates the Native layer api feature into the feature set.It com-pares the combination of the Native feature and the permission feature,and the com-bination of the Native feature and the Java layer API feature.The improved accuracy achieved demonstrates the validity of the Native feature.2)This dissertation integrates all the features and deep belief network algorithms to implement a complete Android malicious application detection system.A total of 10657 data sets including 5442 malicious applications and 5215 normal applications were constructed and trained by the DBN algorithm.The detection accuracy of the full feature set is as high as 98.71%and the false negative rate is only 0.7%.At the same time,detailed experimental results analysis and time statistics are performed,and compared with machine learning algorithms and existing work.3)Through the feature selection algorithm based on random forest,the number of feature sets is compressed,and the training time is reduced on the basis of ensuring the classification accuracy.The training time after compressing the feature set is only about 4 seconds,generating more lightweight malicious application detection Tool.