Research On Android Malware Detection Technology Based On Permission

Malware detection based on Android system is one of the current hot topics in network security research.The number of malware for the Android system is increasing year by year mainly because of the openness of the Android system.This paper used static analysis method to research on Android system permission.A two-layered detection model was designed based on the Android system to improve the accuracy of malware detection.The main work of this paper is as follows.A malware detection model was designed and implemented based on the permission of Android system.This model used serial detection method based on static detection to achieve two-layered detection.In the first layer detection model,all Android application samples are detected using the improved Random Forest algorithm.The second-layer detection model used the sensitive permission rule matching method,and only needs to detect a small number of sample sets filtered by the first layer model.This detection model can not only improve the detection accuracy rate of malware,but also greatly reduce the operational load of the twolayered detection model.This paper also improved Random Forest algorithm to improve the detection accuracy rate of malware.The research on the conditions of distinguishing Android application categories in the Random Forest algorithm was conducted.It was found that different discrimination conditions will affect the detection results.The criteria and methods for evaluating the criteria of the Random Forest algorithm were formulated through repeated experiments using a large number of Android applications.The discriminant conditions in the Random Forest algorithm were adjusted according to the evaluation criteria and methods,and finally an improved Random Forest algorithm was formed.And then the clear sets and fuzzy sets generated by the improved Random Forest algorithm detection are defined and analyzed.The clear sets are detected by original Random Forest algorithm and the fuzzy sets are detected by sensitive permission rule matching model in the second layer.A large number of experimental results show that the detection accuracy rate of the clear sets generated by the improved Random Forest algorithm is as high as 90.9%.It verifies that the improved Random Forest algorithm proposed in this paper has a good detection effectFinally,the two-layered detection model proposed in this paper is performed repeated experimental tests on a large number of Android applications.And the model evaluation methods and indicators are used to compare the detection results of this two-layered detection model with other detection method.The comparison results show that the accuracy rate of single-layered Random Forest detection model is only 82.7%,while the accuracy rate of two-layered detection model is 88.1%.It verifies that the detection effect of the two-layered static detection model proposed by this paper is good.