Context:The boom of Android market makes mobile products more popular and convenient. However, in the face of the complex Android application market, how to efficiently and accurately identify malware has become one of the focuses of research. Various new types of disguised malware lurk in the web pages, links and major application malls. Therefore, people’s privacy and property security have become a major obstacle to the continued development of mobile devices. Objective:Most of the existing malware classification methods are fixed on one or several types of characteristics of Android devices, such as static characteristics, dynamic characteristics and traffic characteristics. Single feature detection or fixed feature fusion models limit the dimension of detection software, and also cause imbalanced classification results. This paper proposes an Android Malware Dynamic Classification Method based on Gray-scale Image and Feature-selection Tree (DCM-GIFT), which aims to improve and stabilize the precision of Android software classification and enhance the robustness of malware classification. Method:In this paper, we construct gray-scale images for the original Android traffic to retain the characteristics of the time series and spatial structure of the original network traffic. At the same time, we take the dynamic information and static information of Android software as auxiliary features to build a feature selection tree. The feature-selection algorithm helps the classifier dynamically select the optimal feature fusion scheme, and the resulting fusion feature vector will be trained and predicted using machine learning clusters for model training. Results:We evaluate the performance of DCM-GIFT on multiple datasets published at the Canadian Institute for Cybersecurity, the area under the accuracy, precision, recall and F1measure. The results show that the proposed DCM-GIFT model has significantly better prediction performance compared to other software classification models. Conclusion:It can be concluded that: (1) In terms of accuracy, precision, recall and F1measure, the DCM-GIFT model has a higher average value. (2) The DCM-GIFT model effectively solves the problem of imbalanced classification results in Android software. (3) The DCM-GIFT model achieves the goal of dynamic feature fusion and significantly improves the utilization of system resources.
Read full abstract