Research On Android Malware Detection Based On Machine Learning

With the continuous development of intelligent communication technology,smart mobile terminal had become one of the indispensable tools of human society.Android system had become the mainstream operating system of smart terminal because of its openness and other advantages,and its market share had reached 84.2%.With the popularity of Android system,more and more attackers to target Android system.Malware in the Android application market also emerged in endlessly.Therefore,it is very necessary to study effective detection methods of Android malicious code to protect user information security.The existing detection methods of Android malicious code could be divided into static detection,dynamic detection,and combination detection of dynamic and static features.Existing static detection technologies had the advantage of high efficiency.However,static detection technology could not detect malicious code with shell technology,dynamic loading technology and code obfuscation technology accurately.Dynamic detection could effectively detect malicious code with shell technology,dynamic loading technology and code obfuscation technology.However,the existing dynamic detection methods had low code coverage that led to the loss of some malicious behavior.The combination detection of dynamic and static features could collect both static and dynamic features of Android applications,and used these features to train classifiers,which could achieve better detection results.By analyzing the existing Android malicious code detection algorithm,combining the architecture of Android system and the structure of Android application installation package,this paper studies the Android malicious code detection method.The main contents are as follows:(1)To solve the problem of existing static detection methods that could not accurately detect malware with code obfuscation,a static detection algorithm for Android malware based on API call sequence pattern is proposed.This algorithm uses the improved GSP algorithm to mine the sequence pattern of API calls as feature,realizes the detection of Android malware,and improves the accuracy of detection results of malware that using code obfuscation technology.(2)To solve the problem of low code coverage in dynamic detection,a dynamic detection algorithm for Android malware based on System call sequence is proposed.Firstly,the algorithm uses component traversal to extract system call sequences from running Android applications,which improves code coverage.Then the Markov chain is used to model the system call sequence,and the detection accuracy is further improved by describing the dependency relationship between system calls.(3)In order to further improve the detection accuracy,based on the static and dynamic detection methods proposed above,an Android malware detection system based on rotation forest is proposed.The system combines the advantages of dynamic detection and static detection,and combines these detection results through integrated learning to improve the accuracy of the detection system.(4)The experimental environment is built,and the three detection algorithms proposed above are experimented.In the experiment,1500 malicious applications from Drebin database and 1500 normal applications from Google Play are used as samples to test,and the detection rate reached 98.31% in the experiment of combination detection of dynamic and static features.