Android恶意APP多视角家族分类方法

针对现有Android恶意软件家族分类方法特征构建完备性不足、构建视角单质化等问题，提出了一种多视角特征规整的卷积神经网络(CNN)恶意APP家族分类方法。该方法结合MinHash算法。将软件中Android框架系统API、操作码序列、AndroidManifest.xml文件中的权限和Intent组合3个视角的原始特征在保留APP间相似度情况下进行规整，并利用多路卷积神经网络完成对各视图的特征提取和信息融合，构建一套恶意APP家族分类模型。基于公开数据集Drebin、Genome、AMD的实验结果表明:恶意APP家族分类准确率超过0.96，证明了所提方法能够充分挖掘各视角的行为特征信息，能有效利用多视角特征间的异构特性，具有较强的实用价值。 

Android malicious APP multi-view family classification method

Aimed at the problems of incompleteness and singularization of feature construction in the existing Android malware family classification methods, a malicious APP family classification method based on multi-view features regularization and convolutional neural network (CNN) is proposed. We combine the MiniHash algorithm to visualize the original features of the three perspectives which contain APIs of Android framework, opcode sequences, and permissions and Intents in AndroidManifest.xml file, while retaining the similarity among APPs. The feature extraction and information fusion of each view are accomplished through a multi-view convolutional neural network, and then build a set of malicious APP family classification models. The experimental results based on Drebin, Genome and AMD public datasets show that the classification accuracy of malicious APP family is over 0.96, which proves that the proposed method can fully exploit the behavioral characteristic information of various perspectives and effectively make use of the heterogeneous characteristics among multiple perspectives, which has strong practical value.