Research On The Detection Method Of Android Malware Based On Random Forest Algorithm

Due to its advantages of open source and no need to pay any fees,the Android system is favored by the development enthusiasts.Whether we are familiar with QQ,Microblog and other instant messaging software,or we use the high frequency Alipay,WeChat and other mobile payment software,can run in the Android system.Android system brings us great security risks while giving us convenience.Some criminals turn the target of attack to the Android application,hoping to get illegal benefits through it.Therefore,it is urgent to propose an effective detection method for Android malicious application.At present,domestic and foreign Android malicious application detection methods can be generally divided into dynamic detection and static detection.Because static detection has the advantages of simple implementation and high detection efficiency,this paper chooses static detection for research.Most mainstream of static characteristics for Android permissions,but their type is various,and the contribution to the classification of the normal applications and malicious applications is different.Therefore,it is the focus of this study to select the permission to make a large contribution to the classification.Aiming at this problem,this paper proposes a RApriori detection method combining Relief algorithm,Apriori algorithm and random forest algorithm.This method makes feature selection of Android permissions,and improves detection correct rate and reduces false rate.The main research points of this paper are as follows:(1)Analysis of the relevant background knowledge of Android system,including the framework,core components,and its security mechanism,focusing on the authority mechanism,process sandbox isolation and process communication.At the same time,this paper analyzes the current ten malicious behaviors and the intrusion methods of malicious applications,and puts forward several measures to prevent and control malicious applications.(2)A feature selection method combining Relief algorithm and Apriori algorithm is proposed.Because of the various permissions of the Android system,first,the Relief algorithm is used to deal with the original permission feature library,and obtain the second generation permission feature library.Then,the Apriori algorithm is used to perform frequent pattern mining for the normal applications and malicious applications of secondgeneration permission feature library.The maximal frequent item set with normal applications in support of 0.4 and malicious applications in support of 0.25.Finally,the maximum frequent itemsets of normal applications and malicious applications are combined to obtain the final permission feature library.(3)Random forest algorithm is used to train the final permission feature library.Random forest algorithm introduces randomness into its input,uses multiple random numbers to repeatedly learn,and obtains multiple classification trees.Then multiple tree prediction results are obtained by voting,which greatly increases the stability and accuracy of classification results.(4)The RApriori detection method was verified by 7 groups of test samples.The experimental results show that the detection correct rate of malicious application of RApriori detection is 90%,and the false rate of malicious application is about 9%.