A Multi-class Detection System for Android Malicious Apps Based on Color Image Features

The visual recognition of Android malicious applications(Apps) is mainly focused on the binary classification using gray-scale images, while the multi-classification of malicious App families is rarely studied. If we can visualize the Android malicious Apps as color images, we will get more features than using grayscale images. In this paper, a method of color visualization for Android Apps is proposed and implemented. Based on this, combined with deep learning models, a multi-classifier for the Android malicious App families is implemented, which can classify 131 common malicious App families. Compared with the App classifier based on the gray-scale visualization method, it is verified that the classifier using the color visualization method can achieve better classification results. This paper uses three classes of Android App APK features: classes.dex file, class name collection and API call sequence as input for App visualization, and analyzes the classifier detection accuracy and detection time under each input characteristics. According to the experimental results, we found that using the API call sequence as the color visualization input feature can achieve the highest detection accuracy rate, which is 96.01% in the ten malicious family classification and 100% in the binary classification.