%0 Journal Article %A SU Qing %A LIN Jiarui %A HUANG Haibin %A HUANG Jianfeng %T Android Malicious Application Family Classification Model Incorporating MAML and CBAM %D 2023 %R 10.3778/j.issn.1002-8331.2110-0492 %J Computer Engineering and Applications %P 271-279 %V 59 %N 2 %X To meet the demand for fast detection of emerging Android malicious application families, it proposes a classification model MAML-CAS that fuses MAML(model-agnostic meta-learning) and CBAM(convolutional block attention module) for Android malicious application families. The DEX files in the sample set of Android malicious apps are visualized as grayscale maps and a task set is constructed; then two convolutional neural networks with equal structure are designed as the base learner and meta-learner respectively by fusing CBAM, which can enhance the key feature representation in both channel and space dimensions while automatically extracting the sample features in the task set; then the meta-learning method is used to MAML is used to train the two learners, where the base learner learns the attributes of a specific malicious family classification task and the meta-learner learns the commonalities of different tasks; after the training of the two learners is completed, MAML-CAS will obtain the initialization parameters, and when faced with a new Android malicious app family classification task, no retraining is required, and only a small number of samples are needed for fast iteration; finally, using the trained base learner is finally used to extract Android malicious app family features and perform malicious family classification using SVM. The experimental results show that the MAML-CAS model has good detection effect on emerging small-sample Android malicious application families, with faster detection speed and better stability. %U http://cea.ceaj.org/EN/10.3778/j.issn.1002-8331.2110-0492