An Android Malicious Application Detection Method with Decision Mechanism in the Operating Environment of Blockchain

Secur. Commun. Networks Pub Date : 2022-01-29 DOI:10.1155/2022/3111540

Xingyu Li, Zongqu Zhao, Yongli Tang, Jing Zhang, Chengyi Wu, Ying Li

{"title":"An Android Malicious Application Detection Method with Decision Mechanism in the Operating Environment of Blockchain","authors":"Xingyu Li, Zongqu Zhao, Yongli Tang, Jing Zhang, Chengyi Wu, Ying Li","doi":"10.1155/2022/3111540","DOIUrl":null,"url":null,"abstract":"Recently, security policies and behaviour detection methods have been proposed to improve the security of blockchain by many researchers. However, these methods cannot discover the source of typical behaviours, such as the malicious applications in the blockchain environment. Android application is an important part of the blockchain operating environment, and machine learning-based Android malware application detection method is significant for blockchain user security. The way of constructing features in these methods determines the performance. The single-feature mechanism, training classifiers with one type of features, cannot detect the malicious applications effectively which exhibit the typical behaviours in various forms. The multifeatures fusion mechanism, constructing mixed features from multiple types of data sources, can cover more kinds of information. However, different types of data sources will interfere with each other in the mixed features constructed by this mechanism. That limits the performance of the model. In order to improve the detection performance of Android malicious applications in complex scenarios, we propose an Android malicious application detection method which includes parallel feature processing and decision mechanism. Our method uses RGB image visualization technology to construct three types of RGB image which are utilized to train different classifiers, respectively, and a decision mechanism is designed to fuse the outputs of subclassifiers through weight analysis. This approach simultaneously extracts different types of features, which preserve application information comprehensively. Different classifiers are trained by these features to guarantee independence of each feature and classifier. On this basis, a comprehensive analysis of many methods is performed on the Android malware dataset, and the results show that our method has better efficiency and adaptability than others.","PeriodicalId":167643,"journal":{"name":"Secur. Commun. Networks","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Secur. Commun. Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1155/2022/3111540","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Recently, security policies and behaviour detection methods have been proposed to improve the security of blockchain by many researchers. However, these methods cannot discover the source of typical behaviours, such as the malicious applications in the blockchain environment. Android application is an important part of the blockchain operating environment, and machine learning-based Android malware application detection method is significant for blockchain user security. The way of constructing features in these methods determines the performance. The single-feature mechanism, training classifiers with one type of features, cannot detect the malicious applications effectively which exhibit the typical behaviours in various forms. The multifeatures fusion mechanism, constructing mixed features from multiple types of data sources, can cover more kinds of information. However, different types of data sources will interfere with each other in the mixed features constructed by this mechanism. That limits the performance of the model. In order to improve the detection performance of Android malicious applications in complex scenarios, we propose an Android malicious application detection method which includes parallel feature processing and decision mechanism. Our method uses RGB image visualization technology to construct three types of RGB image which are utilized to train different classifiers, respectively, and a decision mechanism is designed to fuse the outputs of subclassifiers through weight analysis. This approach simultaneously extracts different types of features, which preserve application information comprehensively. Different classifiers are trained by these features to guarantee independence of each feature and classifier. On this basis, a comprehensive analysis of many methods is performed on the Android malware dataset, and the results show that our method has better efficiency and adaptability than others.

查看原文本刊更多论文

区块链运行环境下具有决策机制的Android恶意应用检测方法

近年来，许多研究人员提出了安全策略和行为检测方法来提高区块链的安全性。然而，这些方法无法发现典型行为的来源，例如区块链环境中的恶意应用程序。Android应用是区块链运行环境的重要组成部分，基于机器学习的Android恶意应用检测方法对区块链用户安全具有重要意义。在这些方法中构造特征的方式决定了性能。单特征机制，即只训练一类特征的分类器，不能有效地检测出具有多种典型行为形式的恶意应用。多特征融合机制，从多种类型的数据源中构建混合特征，可以覆盖更多种类的信息。然而，不同类型的数据源在这种机制构造的混合特性中会相互干扰。这限制了模型的性能。为了提高复杂场景下Android恶意应用的检测性能，提出了一种包含并行特征处理和决策机制的Android恶意应用检测方法。该方法利用RGB图像可视化技术构建了三种类型的RGB图像，分别用于训练不同的分类器，并设计了一种决策机制，通过权值分析融合子分类器的输出。该方法同时提取不同类型的特征，全面地保留了应用信息。通过这些特征训练不同的分类器，保证每个特征和分类器的独立性。在此基础上，在Android恶意软件数据集上对多种方法进行了综合分析，结果表明本文方法具有更好的效率和适应性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Secur. Commun. Networks

自引率

0.00%

发文量