Design And Implementation On Android Malware Detection System Based On Machine Learning

As the market share of Android ranks first in the world,its security issue has become severe up.Malicious applications have posted great threats to the platform security.Their number and diversity are increasing,which has gradually failed the traditional defend methods.As a result,the effective way to detect Android malicious applications has become a key research topic in the field of mobile security.At present,methods for Android malware detection include static analysis and dynamic analysis techniques.One is implemented with malicious sample rule base and the other with machine learning techniques.In this paper,Android malware detection based on machine learning and static analysis techniques are focused.In order to detect Android malware with static code features and machine learning algorithm,a multi-dimensional feature extraction method based on code semantics and a feature processing method based on frequent patterns is put forward.With the above methods,an Android malware detection system based on machine learning is designed and implemented.The main contents are as follows.(1)Methods for extracting static code features of Android applications.In the process of Android application detection using machine learning algorithm,if the static code features are not extracted in depth,problems like low recall rate or poor accuracy will arise in the detection process.In order that the static code features of Android applications can be extracted comprehensively and effectively,a multi-dimensional feature extraction method based on code semantics is proposed.The Android APK files are parsed and features are extracted from three aspects: reverse code,program semantic and vulnerability pattern.Finally,problems of user-defined function,code confusion protection,dead code and data flow analysis redundancy in APK program are solved,which effectively realizes the static analysis of Android application;(2)Methods for handling static code features of Android application.As the technology evolves,the static code feature dimension of Android applications that can be extracted has reached thousand,which will affect the feature extraction and detection efficiency.In order to effectively filter static code features,a feature processing method based on frequent patterns is advanced.Multi-dimensional semantic features are filtered based on the degree of support,discrimination and similarity,and frequent feature patterns are mined,which can availably remove redundant features and improve the effect and performance of model training and malware detection.(3)Methods for Android malware detection based on machine learning.In this paper,an Android malware detection system based on static code features of Android application with machine learning algorithm.This system combines multi-dimensional feature extraction methods based on code semantics,feature processing method based on frequent patterns,and realizes the identification of Android malicious applications based on machine learning techniques.The final detection accuracy in this pater reaches 96.5%.