Android Malicious Application Detection Based on RA-CNN and Residual Network

doi:10.3969/j.issn.1006-2475.2025.07.005

Abstract

Abstract:
Abstract: In recent years， Android malware detection methods based on bytecode images and deep learning have become increasingly popular， but such methods have the problems of limited feature extraction and sensitivity to noise data. To solve these problems， this paper proposes a detection method of fusion Residual Network （ResNet） and Recursive Attention Network （RACNN）. In this method， three bytecode files of DEX， XML and ARSC are extracted from the software samples and mapped to RGB images， and then the convolutional neural network embedded in the residual structure is used for feature abstraction and extraction. Subsequently， the Attention Suggestion Sub-Network （APN） uses the feature map as a reference to iteratively generate local region attention from coarse to fine. Meanwhile， the finer scale network magnifies the region of interest from the previous scale as the input of the next scale in a cyclic manner， and realizes classification through multi-scale learning. Experiments show that compared with similar bytecode-based image methods， the proposed method has improved in some indicators， the accuracy reaches 98.28%.

Key words: Key words: recurrent attention network, residual network, XML file, ARSC file, bytecode image

CLC Number:

中图分类号：TP309.2

HUA Man, LIU Xiaoliang. Android Malicious Application Detection Based on RA-CNN and Residual Network[J]. Computer and Modernization, 2025, 0(07): 28-32.

References

［1］ LI M H， WANG W， WANG P， et al. LibD: Scalable and precise third-party library detection in Android markets［C］// Proceedings of the IEEE/ACM 39th International Conference on Software Engineering （ICSE）. IEEE， 2017:335-346.
［2］ XIAO X S， YANG S. An image-inspired and CNN-based Android malware detection approach ［C］ // Proceedings of the 2019 34th IEEE/ACM International Conference on Automated Software Engineering （ASE）. IEEE， 2019:1259-1261.
［3］ DAOUDI N， SAMHI J， KABORE A K， et al. DexRay: A Simple， yet effective deep learning approach to Android malware detection based on image representation of bytecode［M］// Deployable Machine Learning for Security Defense， Communications in Computer and Information Science. Springer， 2021:81-106.
［4］ SUN T Z， DAOUDIN， ALLIX K， et al. Android malware detection: Looking beyond Dalvik bytecode ［C］// 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops. IEEE， 2021:34-39.
［5］ ZHANG W H， LUKTARHAN N， DING C， et al. Android malware detection using TCN with bytecode image［J］. Symmetry， 2021，13（7）:1107.
［6］ DING Y X， ZHANG X， HU J K， et al. Android malware detection method based on bytecode image［J］. Journal of Ambient Intelligence and Humanized Computing， 2023，14:6401-6410.
［7］ STIBOREK J， PEVNÝ T， REHAK M. Multiple instance learning for malware classification［J］. Expert Systems with Applications， 2018，93:346-357.
［8］ SEARLES R， XU L F， KILLIAN W， et al. Parallelization of machine learning applied to call graphs of binaries for malware detection［C］ // 2017 25th Euromicro International Conference on Parallel， Distributed and Network-based Processing （PDP）. IEEE， 2017:69-77.
［9］ PEKTAŞ A， ACARMAN T. Classification of malware families based on runtime behaviors［J］. Journal of Information Security and Applications， 2017，37:91-100.
［10］ ALZAYLAEE M K， YERIMA S Y， SEZER S. EMULATOR vs REAL PHONE: Android malware detection using machine learning［C］// Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics. ACM， 2017:65-72.
［11］ NI Z Y， YANG M， LING Z， et al. Real-time detection of malicious behavior in android APPs［C］// Proceedings of the 2016 International Conference on Advanced Cloud and Big Data （CBD）. IEEE， 2016:221-227.
［12］ LONG N V， AHN J， JUNG S. Android fragmentation in malware detection［J］. Computers and Security， 2019，87（C）:101573
［13］ ZHONG W， GU F. A multi-level deep learning system for malware detection［J］. Expert Systems with Applications， 2019，133:151-162.
［14］ ASLAN O A， SAMET R. A comprehensive review on malware detection approaches［J］. IEEE Access， 2020，8:6249-6271.
［15］ WANG W， ZHAO M X， WANG J G. Effective Android malware detection with a hybrid model based on deep autoencoder and convolutional neural network［J］. Journal of Ambient Intelligence and Humanized Computing， 2019，10:3035-3043.
［16］ AHMED A A， JABBAR W A， SADIQ A S， et al. Deep learning-based classification model for botnet attack detection［J］. Journal of Ambient Intelligence and Humanized Computing， 2022，13:3457-3466.
［17］ DING Y X， ZHU S Y. Malware detection based on deep learning algorithm［J］. Neural Computing and Applications， 2019，31:461-472.
［18］ HUDA S， MIAH S， MEHEDI HASSAN M， et al. Defending unknown attacks on cyberphysical systems by semi supervised approach and available unlabeled data［J］. Information Sciences，2016，379:211-228.
［19］ MARTÍN A， LARA-CABRERA R， CAMACHO D. Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset［J］. Information Sciences，2018，52:128-142.
［20］ WOO S， PARK J， LEE J Y， et al. CBAM: Convolutional block attention module［C］ // Proceedings of the 15th European Conference on Computer Vision. Springer， 2018:3-19.
［21］ FU J L， ZHENG H L， MEI T. Look closer to see better: Recurrent attention convolutional neural network for fine-grained image recognition ［C］// 2017 IEEE Conference on Computer Vision and Pattern Recognition （CVPR）. IEEE， 2017:4476-4484.
［22］ ARP D， SPRE1TZENBARTH M， HUBNER M， et al. DREBIN: Effective and explainable detection of Android malware in your pocket［C］// 2014 Network and Distributed System Security Symposium. NDSS， 2014. DOI: 10.14722/NDSS.2014.23247.
［23］ University of New Brunswick. Canadian Institute for Cybersecurity ［EB/OL］. （2020-01-20）［2024-06-10］. https://www.unb.ca/cic/datasets.
［24］ DAI X H， GONG S R， ZHONG S， et al. Bilinear CNN model for fine-grained classification based on subcategory-similarity measurement［J］. Appied Sciences， 2019，9（2）:301.
［25］ XING Z Q， CHEN X， PANG F Q. DD‐YOLO: An object detection method combining knowledge distillation and differentiable architecture search［J］. IET Computer Vision， 2022，16（5）:418-430.
［26］秦海雪，王勇. 结合注意力与双线性网络的Android恶意软件检测［J］. 计算机工程与设计， 2023， 44（11）: 3290-3297.
［27］张杨，郝江波. 基于注意力机制和残差网络的恶意代码检测方法［J］. 计算机应用， 2022，42（6）:1708-1715.

[1]	DENG Chao1, 2, YANG Fengkun1, 2, LI Jun3, CHEN Liangliang1, 2, GUO Zhichong4. Complex Fault Diagnosis Method of Charging Facilities Based on Bi-LSTM Residual Network [J]. Computer and Modernization, 2025, 0(07): 90-96.
[2]	LIU Fei, YANG Degang, ZHANG Xin, QIN Jing. Improved Underwater Target Detection Algorithm Based on YOLOv8 [J]. Computer and Modernization, 2025, 0(01): 113-119.
[3]	TANG Yibo1, CUI Shaoguo1, WAN Haoming1, WANG Rui1, LIU Lili2. Ghost Convolution Based Prediction Method for Recurrence of High Grade#br# Serous Ovarian Cancer [J]. Computer and Modernization, 2024, 0(04): 43-47.
[4]	DU Han-yu, WEI Yan, TANG Bao-xiang, LIAO Heng-feng, YE Si-jia. Low-light Image Enhancement Based on Dual Attention Residual Blocks [J]. Computer and Modernization, 2024, 0(03): 85-91.
[5]	XING Shi-shuai, LIU Dan-feng, WANG Li-guo, PAN Yue-tao, MENG Ling-hong, YUE Xiao-han. Image Super-resolution Reconstruction Based on Spatial Attention Residual Network [J]. Computer and Modernization, 2023, 0(10): 45-52.
[6]	QIN Zhu-yuan, WU Hao-zhong, TAN Dai-qing, HAN Ai-qing, ZANG Hao, WANG Xuan, TANG Yan. Fine-grained Identification of Maidong Based on Multi-scale ResNet Combining Attention Mechanism [J]. Computer and Modernization, 2023, 0(07): 105-111.
[7]	HE Yu-xia, CAO Guo. Discrimination of Converter Steelmaking State Based on Improved Attention Network [J]. Computer and Modernization, 2022, 0(07): 97-102.
[8]	HE Xuan, LIU Yi-xin, HE Xiao-hai, QING Lin-bo, CHEN Hong-gang. Gait Feature Recognition Based on Improved Residual Network and Joint Loss Function [J]. Computer and Modernization, 2022, 0(04): 27-32.
[9]	XU Xiao-liang, ZHAO Ying. Relationship Extraction Method Based on BiLSTM and ResCNN [J]. Computer and Modernization, 2022, 0(01): 10-16.
[10]	LI Guo-jin, RONG Yu. Face Mask Detection Algorithm Based on DCN-SERes-YOLOv3 [J]. Computer and Modernization, 2021, 0(09): 12-20.
[11]	LIU Shou-hua , WANG Xiao-song , , LIU Yu , . Clinical Electrocardiogram Classification Algorithm Based on Deep Learning [J]. Computer and Modernization, 2021, 0(08): 52-57.
[12]	LIU Ya-dong, LUO Yin-sheng, CAO Yang-yang, SONG Wei. Application of Deep Learning in Defect Detection of Mobile Phone Data Interface [J]. Computer and Modernization, 2021, 0(06): 35-40.
[13]	LI Xiao-shuang, HAN Li-xin, LI Jing-xian, ZHOU Jing-wei. Multi-modal Music Emotion Classification Based on Optimized Residual Network [J]. Computer and Modernization, 2020, 0(12): 83-89.
[14]	LIANG Chao, HUANG Hong-quan. Lightweight Image Super-Resolution Based on Convolutional Neural Network [J]. Computer and Modernization, 2020, 0(11): 23-27.