Android Malware Detection Method Based on GCN and BiLSTM
Most of the existing Android malware detection methods learn features of a single structure type,and there are short-comings in analyzing application semantics.Aiming at the problem that the traditional detection methods are not comprehensive enough in capturing feature semantics,this paper innovatively proposes an Android malware detection model based on GCN and BiLSTM.At the same time,the semantic of malicious behavior is analyzed emphatically while the sample structure information is extracted accurately.Firstly,the topological relationship between 26 types of key system calls is represented in the graph,and the two-layer GCN network is used to aggregate the high-order structure information of nodes in the system call graph to effectively improve the feature learning efficiency.Then,the BiLSTM network with self-attention mechanism is used to obtain the context semantics of opcode sequence.By assigning high weights to sequences with malicious features,the strong correlation within fea-tures is obtained.Finally,Softmax is used to output the sample classification probability fused with structural information and context features.In the experiments based on Drebin and AndroZoo datasets,the accuracy of the proposed model reaches 93.95%,and the F1 value reaches 0.97,which is significantly improved compared with the benchmark algorithm.It fully proves that the proposed model based on GCN and BiLSTM can effectively discriminate the properties of applications and improve the detection effect of Android malware.
NETL
NSTL
万方数据
