Android malicious code detection method based on deep learning

Abstract

The invention belongs to the technical field of network information security, and particularly relates to an Android malicious code detection method based on deep learning. According to the method, anAPK file is directly decompressed, part of binary files are visualized, color channels are added to the grey-scale map, pixel normalization is carried out, and the pixel normalization RGB map which is larger in picture information amount and beneficial to training in the model is constructed.And finally, designing and realizing a convolutional neural network classification detection model, and performing classification training on the malicious code image subjected to operation processing by the method so as to achieve the purpose of detecting the malicious code.Aiming at the problems of single method for extracting image features, unobvious image features and poor detection effect in the existing Android malicious code visualization technology, the RGB image of the malicious code is generated, and learning classification is performed after pixel normalization, so that more accurate malicious code detection is realized.

Description

technical field [0001] The invention belongs to the technical field of network information security, and in particular relates to a deep learning-based Android malicious code detection method. Background technique [0002] Due to its openness and compatibility, the Android operating system is widely used in commercial, civilian and even military equipment. The secondary development based on the Android system has also achieved great development in the fields of artificial intelligence, aerospace, and weapon systems. However, in recent years, problems such as security loopholes, system crashes, and malicious attacks aimed at the Android system have become increasingly serious, constantly attracting the attention of device manufacturers and users. Due to the openness of the Android system itself, various vulnerabilities spread faster and cause more extensive damage. Therefore, the detection of malicious code has become the focus of the industry and research institutes. [00...

AI Technical Summary

Problems solved by technology

Compared with the first method, the detection method using the statistical characteristics of application instruction frequency solves the problem of applications with the same function. However, the problem with this method is that benign applications and malicious applications may have some overlapping functions. The difference in the statistical characteristics of instruction frequency is too small, and it is not efficient to use this indicator as a detection standard

However, the method based on application behavior in the dynamic detection method is difficult to meet the needs of individual sample detection while satisfying familial detection.

Dynamic detection needs to manually run the application program and analyze it, which increases the time and labor consumption of the operation process and reduces the detection efficiency; the same problem also occurs in the stain analysis method and the API call monitoring method. These methods have placed high demands on inspectors.

This makes these detection methods inefficient and time-consuming, and the gains outweigh the losses

Images