Android Malware Detection Method And Its Robustness Research

Android malware detection method based on machine learning has the advantages of high automation and fast detection speed.Many detection models have been built using machine learning methods.However,these detection models have problems that the detection accuracy needs to be improved and the robustness of these models is insufficient.The main reason why the detection accuracy needs to be improved is that the representation ability of the feature vectors used for training is weak.The detection models generate more misses and false positives when facing samples with high similarity in different categories.The reason for the lack of robustness of the detection models is that the models training use only a limited number of samples for fitting,and the samples out of the sample distribution space tend to confuse the models.Moreover,the detection models are vulnerable to adversarial sample attacks,and thus the detection results of the models are disturbed.This paper proposes an Android malware detection method based on feature image generation(FIG-AMD method)to address the problem of low accuracy of traditional machine learning methods for detecting Android malware.The FIG-AMD method extracts the permission,API and opcode of APK files as features and mines the features using the improved FPGrowth algorithm.It then uses a Denoising Autoencoder to extract feature information and transform dimensions.And it splices and generates RGB feature images for training and classification.Finally,the Bagging CNN classification algorithm is constructed,which integrates multiple convolutional neural networks based on the idea of integration algorithm and uses the voting mechanism for classification.The experimental results show that the FIG-AMD method can accurately distinguish benign software from malware,and the detection accuracy reaches 98.21%.Adversarial samples can be used to test the robustness of detection models and provide ideas for model improvement.However,existing Android adversarial sample generation methods are inadequate in controlling the generation cost and improving the effectiveness.In this paper,we propose an Android adversarial sample generation method based on feature contribution degree(CDASG method).The CD-ASG method calculates the contribution of features to the generation of adversarial samples from two perspectives: the frequency of features and the degree of association between features and their corresponding categories.Based on the idea of black-box attack,the CDASG method decides the priority of modified features and dynamically generates adversarial samples based on the contribution degree without damaging the original application.The experimental results show that the accuracy of multiple Android malware machine learning models in detecting the adversarial samples generated by the CD-ASG method is reduced substantially,with an average reduction of 78.04%.The Android malware detection model built by machine learning method has the problem of lack of robustness.In this paper,we propose an Android malware detection model robustness enhancement method based on hybrid model(H-Model method).The H-Model method consists of two parts: a predecessor model and a dynamic model,and the two parts work together to filter the adversarial samples in order to improve the robustness of the model.The H-Model method builds the original detection model into a hybrid model with high robustness by inserting a predecessor model before the original detection model and training the original detection model into a dynamic model.The experimental results show that the H-Model method has good generality and can effectively improve the robustness of multiple original detection models and maintain the original detection performance of the models.