Detection Of Android Malicious Applications Based On Sensitive Subgraphs In Adversarial Environment

With the rapid development of Android mobile application market,the rapid growth of malicious Android applications has brought threats such as privacy disclosure and property theft to smart mobile users.Although Android researchers have proposed many Android malicious detection algorithms and tools in recent years,these algorithms focus on static semantic analysis and feature extraction of malicious Android applications,without specific description of malicious behavior,and cannot resist attacks in the adversarial environment.In this thesis,a detection algorithm based on sensitive subgraph is proposed to mine features representing malicious behavior patterns from Android applications,classify them using deep learning algorithm,and design and implement android malicious application detection system considering the robustness of detection model in the adversarial environment.Specific research work includes:1)The method based on static semantics is highly dependent on expert experience for feature code extraction,which makes it difficult to identify malicious Android applications that have been obfuscated and shell processed.The complex graph based on control flow graph relies on complex similarity matching algorithm and has low interpretability.This paper proposes a detection method for malicious Android application behavior patterns based on sensitive subgraphs.Firstly,the sensitive function call graph is used to describe the behavior patten of the entire Android application.Then the sensitive subgraph of the sensitive function call graph is mined to represent the specific behavior pattern of Android applications and the features of Android are obtained.Finally,a deep learning model is used to classify malicious and benign Android applications.Compared with the detection method of ordinary model,the classification accuracy of the whole model is improved.Experimental verification is carried out on 88939 benign Android applications and 20609 malicious Android applications collected from Androzoo,Virusshare and other Android sample databases.The results show that the accuracy of malicious application detection method proposed in this paper can reach 98.67%.2)Aiming at the problem that attackers can modify the characteristics of malicious software to avoid the detection of malicious detection system,the adversarial attack ability of detection system under the adversarial environment is studied.Firstly,an adversarial attack algorithm based on iterative attack OAA,This method selects the best attack method and feature modification set by modifying the loss function value to generate the adversarial sample,and then proposes an adversarial defense method of strengthening training.This method simulated adversarial sample for strengthening training,compared with Fan Droid model,After adversarial training,the accuracy of adversarial sample detection was improved by 52.02%.3)An Android malicious application detection and learning system is designed and implemented.The system consists of reverse engineering module,feature extraction module,model training and detection module,and adversarial learning module.The reverse engineering module extracts sensitive subgraphs of Android applications and generates feature vectors.The model training and detection module uses deep learning model to train malicious Android application detection model.The adversarial learning module includes the adversarial sample generation,adversarial training and detection model.