With the rapid development of network technology, malware has become an increasingly serious threat to network security. The Android platform has become the main target of malware attacks due to its openness and wide application. At the same time, the number and complexity of Android malware are increasing, which has a serious impact on user privacy protection, data security and normal operation of devices. The development of deep learning and computer vision technology has provided new ideas for Android malware detection, but the existing methods have certain limitations. On the one hand, relying solely on a single type of feature extraction is prone to information loss; on the other hand, the limitation on the size of feature images will further aggravate information loss, making it difficult to cope with the rapidly evolving Android malware. Therefore, this paper proposes an Android malware detection method (SAMD) based on multi-feature extraction and SPP-net. This method extracts API calls, permissions, and opcode sequence features from classes.dex, AndroidManifest.xml, and smali files, respectively, and generates corresponding feature grayscale images to fully retain the key information of Android malware. Then, the feature images are input into the classification model based on SPP-net for Android malware detection. Experimental results on the CIC MalDroid 2020 and Google Play Store datasets show that SAMD demonstrates good performance in the Android malware detection task, with an accuracy of 95.56%.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Android Malware Detection Method Based on Multi-feature Extraction and SPP-Net

  • Wen Chen,
  • Huafeng Li,
  • Le Song

摘要

With the rapid development of network technology, malware has become an increasingly serious threat to network security. The Android platform has become the main target of malware attacks due to its openness and wide application. At the same time, the number and complexity of Android malware are increasing, which has a serious impact on user privacy protection, data security and normal operation of devices. The development of deep learning and computer vision technology has provided new ideas for Android malware detection, but the existing methods have certain limitations. On the one hand, relying solely on a single type of feature extraction is prone to information loss; on the other hand, the limitation on the size of feature images will further aggravate information loss, making it difficult to cope with the rapidly evolving Android malware. Therefore, this paper proposes an Android malware detection method (SAMD) based on multi-feature extraction and SPP-net. This method extracts API calls, permissions, and opcode sequence features from classes.dex, AndroidManifest.xml, and smali files, respectively, and generates corresponding feature grayscale images to fully retain the key information of Android malware. Then, the feature images are input into the classification model based on SPP-net for Android malware detection. Experimental results on the CIC MalDroid 2020 and Google Play Store datasets show that SAMD demonstrates good performance in the Android malware detection task, with an accuracy of 95.56%.