| Android operating system’s market share is growing rapidly,and the application market is becoming increasingly complex and diverse.Due to the open source nature of Android system,attackers apply code obfuscation techniques to develop malware and use more covert means to steal user information,which poses a huge threat to users’ privacy security and property security.Malware detection methods can be divided into static analysis and dynamic analysis,static analysis does not need to run the software,through decompiling means to extract static data for analysis,while dynamic analysis requires the extraction of dynamic data for analysis when the software is running.Static analysis usually uses a large amount of data to achieve high accuracy,while dynamic analysis is often less accurate than static analysis due to its small amount of data,but for dynamically loaded malware,only dynamic analysis methods can be used for detection,so the detection accuracy of dynamic analysis methods needs to be improved.Furthermore,domestic and foreign research mainly focuses on the classification of benign software and malware,and rarely focuses on the classification of malicious behavior of malware,therefore,this paper studies the classification of Android malware by dynamic analysis method,and the main work is as follows:(1)In terms of technological innovation,we propose a malware classification method based on hyper-segmentation reconstruction,SR-DIDroid,based on the DIDroid method,and introduce hyper-segmentation reconstruction technology to improve the problem of poor accuracy due to the small amount of dynamic data by increasing the dimensionality of feature images.Later,a multilevel classification network method is proposed based on a priori knowledge,which reduces the classification difficulty of a single network by increasing the number of layers of the classification network and improves the problem that the accuracy is not high enough due to the similarity of categories.(2)In terms of algorithm implementation: the classification accuracy of the SR-DIDroid method is significantly improved by 8% over the DIDroid method when dynamic data features are used.After introducing the multilevel classification network based on prior knowledge,the improved SR-DIDroid method using dynamic data features has better overall classification results compared with the DIDroid method using static data features,and the classification accuracy of most malicious categories is improved.(3)In terms of engineering applications,a prototype Android APP security protection system based on SR-DIDroid method with multi-level classification network is designed and implemented based on the appeal theory research results.The system contains APP data collection module,APP data analysis module and basic support module,which dynamically analyzes the tested APKs submitted by users and introduces classification network to provide model support for data analysis,generates targeted detection reports and provides direction for users to further analyze APPs. |
PDF Full Text Request