Computer Engineering and Applications ›› 2021, Vol. 57 ›› Issue (15): 140-146.DOI: 10.3778/j.issn.1002-8331.2004-0385

Previous Articles     Next Articles

Malicious Android Application Detection Combining CNN and Catboost Algorithm

SU Qing, LIN Huazhi, HUANG Jianfeng, LIN Zhiyi   

  1. School of Computer Science and Technology, Guangdong University of Technology, Guangzhou 510006, China
  • Online:2021-08-01 Published:2021-07-26



  1. 广东工业大学 计算机学院,广州 510006


In malicious Android application detection, there exists problems such as high dimensionality of features and low efficiency of detection. In order to solve the above problems, a CNN-catboost hybrid model is proposed. The proposed CNN-catboost model, the convolution neural network can help feature extraction and dimension reduction, and the catboost classification algorithm has the good generalization ability. The static features of Android application, such as permissions, API packages, components, intents, hardware features and OpCode features, acquiring through reverse engineering, are encoded as feature vectors. In the feature processing layer, the local features are extracted by using the convolution kernel. The maximum pooling is used to downsample the processed features to reduce the dimension while keeping the characteristic property the same. The downsampled features are used as the input vector of catboost classification layer, a genetic algorithm of global optimization ability is used to adjust the parameters of the catboost model to further improve classification accuracy. The model is tested with known and unknown type of Android app dataset. The experimental result shows that the CNN-catboost hybrid model takes less time to tune parameters, and can get promising prediction accuracy and detection efficiency.

Key words: malicious Android application, convolutional neural network, Catboost classification algorithm, genetic algorithm



关键词: 恶意安卓应用, 卷积神经网络, Catboost分类算法, 遗传算法