| Current android malware detection model is often dependent on a large number of samples with marked,collecting a large number of label sample and decompiling the feature extracting time consuming and resource cost is high,long training time,there is a low detection efficiency,the problem of high threshold,at the same time for new a new type of malicious applications,need to collect enough data,redesign and training model,to identify and test,not only big workload,but also for security defense against malicious attacks a lag.In malicious Android application detection,there exists problems such as high dimensionality of features,high sample size requirements and low efficiency of detection.In order to solve the above problems,a CNN-catboost hybrid model is proposed.In the proposed CNN-catboost model,the convolution neural network can help feature extraction and dimension reduction,and the catboost classification algorithm has the good generalization ability.Firstly,the static features of android application,such as permissions,API packages,components,intents,hardware features and Op Code features,acquiring through reverse engineering,are encoded as feature vectors.And then,in the feature processing layer,the local features are extracted by using the convolution kernel.Secondly,the Maximum pooling is used to downsample the processed features to reduce the dimension while keeping the characteristic property the same.Finally,the downsampled features are used as the input vector of catboost classification layer,a genetic algorithm of global optimization ability is used to adjust the parameters of the catboost model to further improve classification accuracy.At last,we test our model with known and unknown type of Android app dataset.The experimental result shows that the CNN-catboost hybrid model takes less time to tune parameters,and can get promising prediction accuracy and detection efficiency.Aiming at the problem that the current malicious application detection model has poor detection results for small samples and newly emerging new categories of malicious samples,a meta-learning-based detection model MCNN-catboost is proposed.On the basis of retaining the original structure of the CNN-catboost model,the reptile algorithm is used to optimize the parameters of the model,so that this model inherits the advantages of the CNN-catboost model that can quickly generate better detection results in fewer samples,and the meta-learning algorithm reptile can Accumulate the learning experience of samples of old categories to quickly learn the characteristics of samples of new categories,and promote classification models to quickly identify the advantages of new categories based on a small number of samples.First,the data set is formed into multiple batch tasks to train the model,calculate the loss gradient corresponding to each task and save its new parameters,and iteratively train and learn the effective information of different types of samples in different tasks.Then use reptile to update the global parameters of the model by calculating the average loss gradient of the batch of tasks,and then perform the next batch of task training until a model with strong generalization performance is obtained.In the meta-testing stage,data of a completely different category from the training set is used to represent new category samples,and the recognition effect of the new category samples under a small sample is tested.Experimental results show that the MCNN-catboost model can effectively detect small samples and new types of samples.The Android malicious application detection system is built and implemented.The system can extract and process the characteristics of the application to be detected,and use CNN-Catboost model to detect its attributes(benign or malicious).If it is a malicious application,then use the MCNN-Catboost model to detect its category of malicious application.In practice,the attributes of the application and the category of the malicious application can be judged effectively. |
PDF Full Text Request