Research On Android Malware Detection Technology Based On Deep Learning

Since Google released Android operating system in 2008,the number of Android mobile devices has shown a tremendous growth and exceeded the market share of iOS and Windows Phone,becoming the world's largest mobile operating system.The huge success of Android comes from its rich applications which users can acquire and install their favorite apps from the official market or any third-party market.It is not only appealing to developers but also attracting malware makers who make and disseminate malware through application markets for the purpose of obtaining illegal profits,privacy information,etc.This poses a serious threat to the users and their privacy data.In the face of increasingly severe malware threats,we need an effective detection method to deal with large-scale,fast malware detection.In this paper,we focus on the Android malware detection technology based on deep learning,which mainly includes the following three points:(1)We proposed an Android malware detection method based on convolutional neural network which is called DeepClassifyDroid.This method performs in-depth static analysis on Android applications,extracts multiple static features and constructs a unified feature vector for detection tasks.Compared with other machine learning-based methods,the convolutional neural network structure has good detection performance and runtime performance and has a lower false negative rate.Experiments show that DeepClassifyDroid is superior to most existing machine learning-based detection methods,with a detection rate of 97.4% for malware and 1.7% false negative rate.In addition,our method is also significantly faster in speed than the Linear-SVM and kNN methods.(2)We proposed an adversarial sample generation method based on generative adversarial network which is called DroidGAN.The malicious sample generated by this method can bypass the detection system and can actually run without affecting its original malicious function.For the generation of adversarial samples,this paper also introduces the concept of minimum modification cost,virtual benign sample,best adversarial sample,and proposes ASG algorithm for generating adversarial samples.At the same time,the experimental results show that the attack success rate is higher than the traditional random attack.The adversarial samples constructed by DroidGAN can be used as a new training dataset of the detection system to improve the robustness of the system.(3)We designed and implemented an Android malware active defense system.As the most important part of the system,DroidDefender is a lightweight plug-in that can be deployed in other machine learning or deep learning-based detection systems to increase their robustness.Experiments show that the whole system has been greatly improved in the ability to identify adversarial samples.After training,the ability of identifying adversarial samples is increased from the original 50% to 98.5%,and is superior to the adversarial retraining method.