The visual recognition of Android malicious applications (Apps) is mainly focused on the binary classification using grayscale images, while the multiclassification of malicious App families is rarely studied. If we can visualize the Android malicious Apps as color images, we will get more features than using grayscale images. In this paper, a method of color visualization for Android Apps is proposed and implemented. Based on this, combined with deep learning models, a multiclassifier for the Android malicious App families is implemented, which can classify 10 common malicious App families. In order to better understand the behavioral characteristics of malicious Apps, we conduct a comprehensive manual analysis for a large number of malicious Apps and summarize 1695 malicious behavior characteristics as customized features. Compared with the App classifier based on the grayscale visualization method, it is verified that the classifier using the color visualization method can achieve better classification results. We use four types of Android App features: classes.dex file, sets of class names, APIs, and customized features as input for App visualization. According to the experimental results, we find out that using the customized features as the color visualization input features can achieve the highest detection accuracy rate, which is 96% in the ten malicious families.

中文翻译：

---

基于彩色图像特征的Android恶意应用程序多类检测系统

Android恶意应用程序（Apps）的视觉识别主要集中于使用灰度图像的二进制分类，而很少研究恶意App家族的多重分类。如果我们可以将Android恶意应用可视化为彩色图像，则将获得比使用灰度图像更多的功能。本文提出并实现了一种用于Android Apps的颜色可视化方法。基于此，结合深度学习模型，实现了针对Android恶意App家族的多分类器，该分类器可以对10个常见的恶意App家族进行分类。为了更好地了解恶意应用程序的行为特征，我们对大量恶意应用程序进行了全面的手动分析，并总结了1695个恶意行为特征作为自定义功能。与基于灰度可视化方法的App分类器相比，证明了使用颜色可视化方法的分类器可以获得更好的分类效果。我们使用四种类型的Android App功能：classes.dex文件，类名集，API和自定义功能集，作为App可视化的输入。根据实验结果，我们发现使用定制特征作为颜色可视化输入特征可以达到最高的检测准确率，在十个恶意家族中为96％。