Research On Android Malicious Code Detection Based On Ensemble Learning

Recent years,with the rapid development of secience and technology,Android mobile intelligent terminal becomes an indispensable part of daily life.More and more personal privacy is stored in the intelligent terminal.Once these data leak,the user’s privacy and property security will face a great threat.With the increasing malicious Android application,many security companies have began to study Android security and achieved some results.However,under the huge profits’ temptation of gray industry chain,the self protection,anti detection and anti analysis technology of malicious code are also developing rapidly,which bring great resistance to the Android security research.Therefore,it is important to study the detection algorithm of malicious Android applications,and an effective mechanism to detect malicious Android applications need be designed to provide effective protection for the user’s privacy and property security.In this paper,through the analysis and research of current domestic and international malicious code detection technology,on the basis of the dynamic detection and static detection this paper presents a detection mechanism of Android malicious code based on ensemble learning.The major work and innovative points of this paper are described as follows:1)This paper analyzed and summarized the current malicious Android application recognition method,according to the research on Android system structure,APK structure and the mechanism of Android application.The current malicious Android application detection scheme including static and dynamic detection were introduced and compared in this work.2)According to the analysis and research of the traditional static Android malicious code detection algorithm,we proposed a new Android malicious code static detection based on dendritic cell algorithm(DCA).This algorithm features with the Android dalvik assembly code and dangerous API calls which are extracted from APK.And the algorithm proposed this paper realized a lightweight detection for malicious Android application.3)After the deep research of the traditional dynamic Android malicious code detection algorithm,we proposed an Android malicious code dynamic detection method which is based on the system service call Co-occurrence matrix.This method can avoid the problems of static detection meets,such as polymorphic deformation and code confusion.It can be used to dynamic detect malicious Android applications by detecting the system service call sequences.4)According to the above theoretical results,an Android malicious code detection system was proposed which is based on ensemble learning.This system realized the advantages complementary between dynamic and static detection method.It also enhanced the stability and detection efficiency by using improved rotation forest in ensemble learning.In addition,based on the algorithm theory,a simulation environment was built,which used 750 cases malicious Android application obtained from Andro Mal Share and 1250 cases normal Android application obtained from Google Play to verify the theory of the system.This detection rate arrived at 99.3% in the case of the integration scale of L20.