| With the arrival of the era of mobile Internet, Android smart phone has gained a lot of popularity. Android smart phone features has also been a qualitative improvement. In the beginning, mobile phones can only send text messages and phone calls, now mobile phones have communications, entertainment, social, mobile payment and other functions. The phone has become indispensable part of our lives; at the mean time, it is also related to people’s various privacy, phone security problems will cause irreparable consequences. As the open and free Characteristics of Android platform, it has become a breeding ground for malware, the malware poses a great threat to the security of the user’s mobile phone at present. Facing the trend of rapid development of malicious software, traditional malware detection mode is no longer appropriate. Based on this background, in this thesis, we Research on the static detection technology of Android malware, we design and develop the Android malware static detection systems, it can make the malware detection process become more standardize, automation, and more efficient. The main research results are as follows:1 A static detection scheme based on mixed feature is proposed. Based on the deep analysis of Android security mechanisms and the study of static testing technology, selecting permissions and apis that two of the most representative of malicious software for static characteristics of the mixed feature vector. Android system each kind of behavior has a corresponding permission, so each jurisdiction combination can reflect a specific behavior of the software, and the API is a reflection of software behavior code level.2 More fine-grained feature selection and feature preprocessing. According to the characters of static properties and application of malicious software related degree to remove redundant features. The main application of the three algorithms, such as the chi square verification, the information gain and the TF-IDF, are used to quantify the correlation. After selecting feature attributes, using clustering algorithm to remove redundancy between the features.3 The machine learning algorithms is improved. In the training phase, the stability of the K-Means algorithm is improved by using SVD and distance measure. In the detection stage, by adding the weight factor in the naive Bayes algorithm and K nearest neighbor algorithm, the difference between different feature attributes is reflected.In the testing phase through transverse and longitudinal testing on all aspects of the system for testing.The test result shows that with the combine of the machine learning algorithm and the traditional static scanning technology, it can get better effects, at the same time for the emergence of new malicious software can maintain a high recognition rate. The recognition accuracy is more than 90%, false positive rate is less than 10%, it has achieved anticipated goal. |
PDF Full Text Request