Chinese Journal of Network and Information Security ›› 2020, Vol. 6 ›› Issue (6): 35-44.doi: 10.11959/j.issn.2096-109x.2020073

• Special Column:Network Application and Protection Technology • Previous Articles     Next Articles

Mining behavior pattern of mobile malware with convolutional neural network

Xin ZHANG,Weizhong QIANG(),Yueming WU,Deqing ZOU,Hai JIN   

  1. School of Cyber Science &Engineering,Huazhong University of Science and Technology,Wuhan 430074,China
  • Revised:2020-06-20 Online:2020-12-15 Published:2020-12-16
  • Supported by:
    The National Natural Science Foundation of China(61772221);>The National Key Research & Development (R&D) Plan of China(2017YFB0802205)


The features extracted by existing malicious Android application detection methods are redundant and too abstract to reflect the behavior patterns of malicious applications in high-level semantics.In order to solve this problem,an interpretable detection method was proposed.Suspicious system call combinations clustering by social network analysis was converted to a single channel image.Convolution neural network was applied to classify Android application.The model trained was used to find the most suspicious system call combinations by convolution layer gradient weight classification activation mapping algorithm,thus mining and understanding malicious application behavior.The experimental results show that the method can correctly discover the behavior patterns of malicious applications on the basis of efficient detection.

Key words: Android, rapid detection, convolutional neural network, social network analysis

CLC Number: