Android Malware Static Detection Based On Permissions Of System Calls

With the increasingly progress of science and technology and the rapid development of "Internet +",the use of smart phones is getting higher and higher in the world.At present,The Android smartphone has occupied 85% of the market share of smartphones,and has become the first choice for people to buy smartphones.With the rapid popularity of Android smart devices,the scale of Android malicious applications is growing.Android smartphone is facing serious security challenges.Therefore,the research of Android malicious application detection is of great significance.In this paper,we aim to study Android malware static detection based on the permissions.The main research work is as follows:(1)A malware detection scheme based on the permissions of system calls is proposed.Through research on the Android system security mechanism and the existing Android malware detection scheme,we found the shortcomings of the current malicious application detection scheme based on the permissions.In view of the inaccuracy of extracting features directly from the manifest files,we extract features from the application source and finally put forward a kind of Android malware static detection scheme based on system calls.(2)The implementation of malware detection scheme based on the permissions of system calls is completed.The scheme is divided into four parts: sample collection,feature extraction,feature processing and application detection.In the sample collection,the selection of malicious applications is authoritative foreign data set,and the crawler collects the normal applications of app stores,to ensure the validity of the data set.In the feature extraction,we complete the Android automatic batch decompiling,and the system API and permission mapping table is designed.In the feature processing,the feature data of a large number of applications is abstracted and integrated.In the application detection,the classical classification algorithms are used for the detection of the application.(3)The contrastive verification of malware detection scheme is completed.The top four classification algorithms(NB,SVM,KNN and C4.5)which are used in Android malicious application detection are used to verify the effectiveness of the scheme.Through the experimental results,we can see that the scheme has more than 90% of the detection accuracy.