| With the widely use of Android OS on Mobile Device, more and more malicious softwares based on Android OS appear constantly. In recent years, although there are a lot of technologies about detecting malicious software, it needs more efficient malware detection technologies to meet the needs of users, because of variability and rapid spread of malware.The existing malware detection technologies are mainly studied from the static and dynamic two aspects. The static detection technology is affected by confusion and packing technology. Dynamic detection methods can detect the existence of malicious software behavior real-time and not be affected by static detection technology constraints.Android API is the interface for Android developer provided by Android official organisation. Using Android APIs can implement many different functions. If criminals want to implement malicious functions they must call Android APIs. Therefore, it is a good method to detect the malware by studying the Android APIs of Android softwares. However, there are so many information about Android API calls, we need to get useful data.The paper researches the information of Android API calls from different aspects. It implements malware dynamic detection technology based on Android API calls. Research methods are as follows: At first, the research gets the trace files generated by every sample and then get the information of Android API calls for every experimental sample. In this paper, the research learns from the time of Android API calls, the number of Android API calls and the sequence of Android API calls. The information of Android API calls is got from the trace file of each sample, and then use the high order Markov model to extract the features from the above information and select the appropriate order for it. Secondly, use different feature selection methods to select the features, the feature selection methods mainly have the chi-square, the information gain and the feature selection method based on the high order Markov. At last, make classification experiments by using machine learning methods, and compare the result of the features with sensitivity APIs and permissions by using different feature selection methods. The experiment results show that the API Android calls sequence has the better classification result, the feature selection method based on the high order Markov is effective for feature selection, which can avoid the shortcoming of the large number of features,and thesparseness of the high order Markov, and overcome the inefficiency of the feature selection using common feature selection methods. At the same time, the research also combines the experimental features which are got by the high order Markov model and sensitive APIs, and use them as experimental features. The experiment has the better classification result. |