Research On Android Malware Detection Method Based On Support Vector Machine

With the widespread popularity and rapid development of smart terminals, smart terminals have become essential mobile devices. At the same time, malware developers are aiming at smartphone markets, as they can gain huge economic interests from them, which makes the security issues of smartphones much more outstanding and there follows the malware. Although the inherent security mechanism of smartphones is much stronger than before, there are still some flaw that can be malicious used. What’s more, users have weak security consciousness. The number of malware on smartphones has been showing explosive growth in the past few years. Therefore, more and more scholars are focusing their work on the study of malware detection.In this paper, we mainly study a method for detecting the Android malware. We analyse Android security mechanism, summarizes the characteristics and trends of mobile malware, then targeted study security vulnerabilities of signature and access control mechanisms. In this paper, we propose a detection model based on static and dynamic detection, including static test module and dynamic monitoring module. Static detection module mainly analyzes the Android software package by decompiling, including comparing MD5 value and analyzing permissions in the configuration file. Dynamic monitoring module mainly uses sandbox tools monitoring the behavior combination of software running on Android virtual machine, focus on monitoring network traffic, SMS messages, contacts, CPU and memory resource and power consumption, etc.The paper also proposes a SVM classification method based on string kernel for software behavior dynamics. We extract behavioral characteristics of samples of malware and normal softwar to generate training data, then train the SVM classifier,generate a classification model. Meanwhile, monitor and extract dynamic behavior of software running on PC virtual machine. Finally, use the trained classification model of determine whether it is malware.Finally, we make simulation experiments on the PC virtual machine to demonstrate the feasibility of the integrated malware detection method proposed in this paper. At the same time, we test SVM malware dynamic behavior classification based on string kernel in the MATLAB platform, and experimental results basically achieve the desired effect.