Design And Implementation Of A Two-stage Android Malware Detection System

Due to incomparable advantages,the Android operating system has become the most widely used operating system on mobile device.However,more and more Android malware has become a serious threat to the security of mobile devices.Although the existing Android malware visual detection methods work fast,their performance is low;and the existing hybrid detection methods are difficult to take into account both performance and efficiency.Therefore,this thesis proposes a visual detection method for Android malware based on n-gram and frequency domain transformation,and designs and implements a two-stage Android malware detection system.The main work of this thesis includes:1.Aiming at the problems of low accuracy and recall rate of existing Android malware detection methods,a visual detection method based on n-gram and frequency domain transformation is proposed.Taking the existing visualization technology as a reference,do the hexadecimal colorization and coordinate processing of the binary stream of the Android software classes.dex file,and then use the discrete cosine transform to map the obtained image to the frequency domain,and finally use a specific convolutional neural network that is trained for detection.The method in this thesis significantly improves the performance of visual detection,with an accuracy rate of 95.6%and a recall rate of 98.1%for malicious samples.2.Design and implement a two-stage Android malware detection system.The whole detection system consists of two stages:rapid detection stage and comprehensive detection stage.In the rapid detection stage,the visual detection method proposed in this thesis is able to detect benign software and separate suspicious Android software from the massive unchecked software quickly;in the comprehensive detection stage,based on the detection model in the rapid detection stage,extract the more static features are combined with the dynamic detection model,and finally integrated and combined to establish a comprehensive and complete hybrid detection model to speed up the overall detection speed while ensuring the detection accuracy.At the same time,the front-end module,feature preprocessing module,fast detection module,comprehensive detection module and storage module are designed for the whole system,which respectively complete the functions of interaction,feature extraction,detection,cache and storage.Finally,tests are carried out to confirm the effectiveness and efficiency of the system.