基于RA-CNN与ResNet的安卓恶意应用检测

doi:10.3969/j.issn.1006-2475.2025.07.005

摘要/Abstract

摘要： 摘要：近年来，基于字节码图像与深度学习的安卓恶意软件检测方法日益流行，但这类方法存在特征提取受限，对噪声数据敏感的问题。针对这一问题，本文提出一种融合残差网络（ResNet）与递归注意力卷积神经网络（RA-CNN）的检测方法。该方法首先从软件样本中提取DEX、XML与ARSC这3种字节码文件并将其映射为RGB图像，而后利用嵌入残差结构的卷积神经网络进行特征抽象与提取，随之注意力建议子网络（APN）以特征图作为参考从粗到细迭代地生成局部区域注意力，而更精细的尺度网络以循环的方式从之前的尺度中放大被关注的区域作为下一尺度的输入，通过多尺度学习后实现分类。实验表明，与类似的基于字节码图像方法相比，该方法在多种指标上均有所提升，准确率达到了98.28%。

关键词: 关键词：递归注意力网络, 残差网络, XML文件, ARSC文件, 字节码图像

Abstract:
Abstract: In recent years， Android malware detection methods based on bytecode images and deep learning have become increasingly popular， but such methods have the problems of limited feature extraction and sensitivity to noise data. To solve these problems， this paper proposes a detection method of fusion Residual Network （ResNet） and Recursive Attention Network （RACNN）. In this method， three bytecode files of DEX， XML and ARSC are extracted from the software samples and mapped to RGB images， and then the convolutional neural network embedded in the residual structure is used for feature abstraction and extraction. Subsequently， the Attention Suggestion Sub-Network （APN） uses the feature map as a reference to iteratively generate local region attention from coarse to fine. Meanwhile， the finer scale network magnifies the region of interest from the previous scale as the input of the next scale in a cyclic manner， and realizes classification through multi-scale learning. Experiments show that compared with similar bytecode-based image methods， the proposed method has improved in some indicators， the accuracy reaches 98.28%.

Key words: Key words: recurrent attention network, residual network, XML file, ARSC file, bytecode image

中图分类号:

中图分类号：TP309.2

华漫, 刘小亮. 基于RA-CNN与ResNet的安卓恶意应用检测[J]. 计算机与现代化, 2025, 0(07): 28-32.

HUA Man, LIU Xiaoliang. Android Malicious Application Detection Based on RA-CNN and Residual Network[J]. Computer and Modernization, 2025, 0(07): 28-32.

参考文献

［1］ LI M H， WANG W， WANG P， et al. LibD: Scalable and precise third-party library detection in Android markets［C］// Proceedings of the IEEE/ACM 39th International Conference on Software Engineering （ICSE）. IEEE， 2017:335-346.
［2］ XIAO X S， YANG S. An image-inspired and CNN-based Android malware detection approach ［C］ // Proceedings of the 2019 34th IEEE/ACM International Conference on Automated Software Engineering （ASE）. IEEE， 2019:1259-1261.
［3］ DAOUDI N， SAMHI J， KABORE A K， et al. DexRay: A Simple， yet effective deep learning approach to Android malware detection based on image representation of bytecode［M］// Deployable Machine Learning for Security Defense， Communications in Computer and Information Science. Springer， 2021:81-106.
［4］ SUN T Z， DAOUDIN， ALLIX K， et al. Android malware detection: Looking beyond Dalvik bytecode ［C］// 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops. IEEE， 2021:34-39.
［5］ ZHANG W H， LUKTARHAN N， DING C， et al. Android malware detection using TCN with bytecode image［J］. Symmetry， 2021，13（7）:1107.
［6］ DING Y X， ZHANG X， HU J K， et al. Android malware detection method based on bytecode image［J］. Journal of Ambient Intelligence and Humanized Computing， 2023，14:6401-6410.
［7］ STIBOREK J， PEVNÝ T， REHAK M. Multiple instance learning for malware classification［J］. Expert Systems with Applications， 2018，93:346-357.
［8］ SEARLES R， XU L F， KILLIAN W， et al. Parallelization of machine learning applied to call graphs of binaries for malware detection［C］ // 2017 25th Euromicro International Conference on Parallel， Distributed and Network-based Processing （PDP）. IEEE， 2017:69-77.
［9］ PEKTAŞ A， ACARMAN T. Classification of malware families based on runtime behaviors［J］. Journal of Information Security and Applications， 2017，37:91-100.
［10］ ALZAYLAEE M K， YERIMA S Y， SEZER S. EMULATOR vs REAL PHONE: Android malware detection using machine learning［C］// Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics. ACM， 2017:65-72.
［11］ NI Z Y， YANG M， LING Z， et al. Real-time detection of malicious behavior in android APPs［C］// Proceedings of the 2016 International Conference on Advanced Cloud and Big Data （CBD）. IEEE， 2016:221-227.
［12］ LONG N V， AHN J， JUNG S. Android fragmentation in malware detection［J］. Computers and Security， 2019，87（C）:101573
［13］ ZHONG W， GU F. A multi-level deep learning system for malware detection［J］. Expert Systems with Applications， 2019，133:151-162.
［14］ ASLAN O A， SAMET R. A comprehensive review on malware detection approaches［J］. IEEE Access， 2020，8:6249-6271.
［15］ WANG W， ZHAO M X， WANG J G. Effective Android malware detection with a hybrid model based on deep autoencoder and convolutional neural network［J］. Journal of Ambient Intelligence and Humanized Computing， 2019，10:3035-3043.
［16］ AHMED A A， JABBAR W A， SADIQ A S， et al. Deep learning-based classification model for botnet attack detection［J］. Journal of Ambient Intelligence and Humanized Computing， 2022，13:3457-3466.
［17］ DING Y X， ZHU S Y. Malware detection based on deep learning algorithm［J］. Neural Computing and Applications， 2019，31:461-472.
［18］ HUDA S， MIAH S， MEHEDI HASSAN M， et al. Defending unknown attacks on cyberphysical systems by semi supervised approach and available unlabeled data［J］. Information Sciences，2016，379:211-228.
［19］ MARTÍN A， LARA-CABRERA R， CAMACHO D. Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset［J］. Information Sciences，2018，52:128-142.
［20］ WOO S， PARK J， LEE J Y， et al. CBAM: Convolutional block attention module［C］ // Proceedings of the 15th European Conference on Computer Vision. Springer， 2018:3-19.
［21］ FU J L， ZHENG H L， MEI T. Look closer to see better: Recurrent attention convolutional neural network for fine-grained image recognition ［C］// 2017 IEEE Conference on Computer Vision and Pattern Recognition （CVPR）. IEEE， 2017:4476-4484.
［22］ ARP D， SPRE1TZENBARTH M， HUBNER M， et al. DREBIN: Effective and explainable detection of Android malware in your pocket［C］// 2014 Network and Distributed System Security Symposium. NDSS， 2014. DOI: 10.14722/NDSS.2014.23247.
［23］ University of New Brunswick. Canadian Institute for Cybersecurity ［EB/OL］. （2020-01-20）［2024-06-10］. https://www.unb.ca/cic/datasets.
［24］ DAI X H， GONG S R， ZHONG S， et al. Bilinear CNN model for fine-grained classification based on subcategory-similarity measurement［J］. Appied Sciences， 2019，9（2）:301.
［25］ XING Z Q， CHEN X， PANG F Q. DD‐YOLO: An object detection method combining knowledge distillation and differentiable architecture search［J］. IET Computer Vision， 2022，16（5）:418-430.
［26］秦海雪，王勇. 结合注意力与双线性网络的Android恶意软件检测［J］. 计算机工程与设计， 2023， 44（11）: 3290-3297.
［27］张杨，郝江波. 基于注意力机制和残差网络的恶意代码检测方法［J］. 计算机应用， 2022，42（6）:1708-1715.

[1]	邓超1, 2, 杨凤坤1, 2, 李珺3, 陈良亮1, 2, 郭志冲4. 融合Bi-LSTM残差网络的充电设施复杂故障诊断方法[J]. 计算机与现代化, 2025, 0(07): 90-96.
[2]	刘飞, 杨德刚, 章鑫, 秦静. 基于YOLOv8改进的水下目标检测算法[J]. 计算机与现代化, 2025, 0(01): 113-119.
[3]	唐艺菠1, 崔少国1, 万皓明1, 王锐1, 刘丽丽2. 基于Ghost卷积的高级别浆液性卵巢癌复发预测方法[J]. 计算机与现代化, 2024, 0(04): 43-47.
[4]	杜韩宇, 魏延, 唐保香, 廖恒锋, 叶思佳. 基于双重注意力残差模块的低照度图像增强[J]. 计算机与现代化, 2024, 0(03): 85-91.
[5]	邢世帅, 刘丹凤, 王立国, 潘月涛, 孟灵鸿, 岳晓晗. 基于空间注意力残差网络的图像超分辨率重建模型[J]. 计算机与现代化, 2023, 0(10): 45-52.
[6]	秦竹媛, 吴浩忠, 谭代庆, 韩爱庆, 臧昊, 王选, 唐燕. 基于多尺度ResNet融合注意力机制的麦冬细粒度识别[J]. 计算机与现代化, 2023, 0(07): 105-111.
[7]	贺雨霞, 曹国. 基于改进注意力网络的转炉炼钢状态判别[J]. 计算机与现代化, 2022, 0(07): 97-102.
[8]	贺璇, 刘怡欣, 何小海, 卿粼波, 陈洪刚. 基于改进残差网络的联合损失步态特征识别[J]. 计算机与现代化, 2022, 0(04): 27-32.
[9]	徐小亮, 赵英. 基于BiLSTM和ResCNN的实体关系抽取方法[J]. 计算机与现代化, 2022, 0(01): 10-16.
[10]	李国进, 荣誉. 基于DCN-SERes-YOLOv3的人脸佩戴口罩检测算法[J]. 计算机与现代化, 2021, 0(09): 12-20.
[11]	刘守华, 王小松, 刘昱, . 基于深度学习的临床心电图分类算法[J]. 计算机与现代化, 2021, 0(08): 52-57.
[12]	刘亚东, 罗印升, 曹阳阳, 宋伟. 深度学习在手机数据接口缺陷检测中的应用[J]. 计算机与现代化, 2021, 0(06): 35-40.
[13]	许梦笛, 王金华. 基于深度学习和语法规约的需求文档命名实体识别[J]. 计算机与现代化, 2021, 0(01): 105-110.
[14]	李晓双, 韩立新, 李景仙, 周经纬. 基于优化残差网络的多模态音乐情感分类[J]. 计算机与现代化, 2020, 0(12): 83-89.
[15]	梁超, 黄洪全. 基于卷积神经网络的轻量级图像超分辨率[J]. 计算机与现代化, 2020, 0(11): 23-27.