Abstract
The visual recognition of Android malicious applications(Apps) is mainly focused on the binary classification using gray-scale images, while the multi-classification of malicious App families is rarely studied. If we can visualize the Android malicious Apps as color images, we will get more features than using grayscale images. In this paper, a method of color visualization for Android Apps is proposed and implemented. Based on this, combined with deep learning models, a multi-classifier for the Android malicious App families is implemented, which can classify 131 common malicious App families. Compared with the App classifier based on the gray-scale visualization method, it is verified that the classifier using the color visualization method can achieve better classification results. This paper uses three classes of Android App APK features: classes.dex file, class name collection and API call sequence as input for App visualization, and analyzes the classifier detection accuracy and detection time under each input characteristics. According to the experimental results, we found that using the API call sequence as the color visualization input feature can achieve the highest detection accuracy rate, which is 96.01% in the ten malicious family classification and 100% in the binary classification.
Highlights
The openness of the Android system, while helping it win the market, has brought it huge risks
In view of the better performance of the deep learning classification model on color picture classification tasks, this paper studies the effect of using gray image features and color image features in the Android malicious App family classification, which validates the feasibility of the App of color image visualization to the Android malware families, and proposes a color image visualization method for Android malicious family classification (ii) We conducted a lot of manual analysis on Apps of different malware families
For the convenience of researchers in related communities, we open the dataset (iii) We studied the influence of different features of color visualization on Android malicious Apps’ multifamily classification
Summary
The openness of the Android system, while helping it win the market, has brought it huge risks. According to the Common Vulnerabilities Exposures [1] (CVE) 2018 annual report, the Android system ranks second in the vulnerability list with 611 vulnerabilities. They bring more opportunities to malicious App developers. More and more researches [2–7] focused on analyzing Android malicious Apps. A difficult but important issue in the Android malicious App family classification is how to classify malicious Apps in the presence of a large number of families and achieve high accuracy. How to distinguish the endless Android malicious App families has become a greater challenge. Existing research shows that malicious behaviors between malicious App families overlap more and more. The detection standards manually formulated after feature extraction cannot distinguish between families with high similarity, and the accuracy of fingerprint-based methods is getting lower and lower [2]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
