Research On Android Malicious Application Identification Method Based On Deep Learning

In recent years,with the rapid development of smart phones,a variety of applications have brought a lot of convenience to human society.However,due to the free and open source nature of the Android operating system,the number of malicious Android applications has also increased exponentially,which poses a serious threat to the property and privacy of Android users.Most malicious applications attack through the Internet.Therefore,malicious applications can be identified by analyzing the network traffic generated during attacks.Existing Android application traffic identification methods mainly adopt traditional machine learning methods,which have problems such as complex feature engineering,heavy workload and weak generalization ability.In this thesis,the problem of Android malicious traffic identification is transformed into an image classification problem in the field of computer vision,and deep learning is adopted to achieve accurate Android malicious traffic identification.The main innovations of this thesis are as follows:(1)Aiming at the strong dependence of the traditional machine learning-based Android application traffic identification method on feature engineering,this thesis proposes an Android application identification and analysis method based on convolutional neural network integration.In the two scenarios of coarse-grained and finegrained Android applications,this method visualized the Android application traffic data to generate grayscale graphs that could be directly used as input to convolutional neural networks.In this thesis,three convolutional neural network models were trained,and the final classification results were output by absolute majority voting.The proposed method is compared with the Android malicious application identification method based on traditional machine learning,and the experimental results show that the accuracy and accuracy rate of the proposed method are significantly improved.(2)Aiming at the problem of low fine-grained identification accuracy of Android malicious applications,this thesis proposes a bilinear convolutional neural network based Android malicious applications identification method.In this method,two-dimensional discrete wavelet transform operation is performed on Android application traffic,timefrequency characteristics of application traffic are deeply mined,and high frequency and low frequency components generated by wavelet transform are input into bilinear convolutional neural network for feature learning and classification.Experimental results show that this method not only consumes less resources,but also exceeds the recognition accuracy of the method in Chapter 3 in both scenarios.Especially in the scenario of malicious application of fine-grained classification,this method improves the recognition accuracy to 99.04%,which is obviously better than the recognition method based on machine learning.