Detection Of Malicious Android Applications By Selection Fatal Features

With the rapid development of mobile Internet and smart phones,smart phones have been widely used in people's work,study,entertainment,financial management,consumption,shopping and other aspects,becoming a must for people's work and life.However,with the development of mobile phone applications,various malicious applications are constantly updated,resulting in the theft of users' private information,malicious deductions,and remote control,which often occur,seriously affecting the normal use of users.Detection technology for mobile phone malicious applications has always been a hot issue studied by scholars in the field of information security,especially for Android smartphones that dominate the market.Due to the openness of the Android operating system and the wide range of applications,its malicious Applications are also emerging.Android malicious application detection technology continues to develop from signature-based detection to static detection and dynamic detection,and the speed and accuracy of malicious application detection are also increasing,but a method that can more accurately detect Android malicious applications is still urgently needed.This is also the expectation of people to stop and prevent the damage caused by malicious applications in time.The performance improvement of the Android malicious application detection model can be divided into two aspects,one is to select a better combination of features,and the other is to select a better classification algorithm.Under the conditions determined by the classification algorithm,the performance of the malicious application detection system depends on the selection of features,so selecting a better combination of features has become an important factor in improving the detection performance of Android malicious applications.In this paper,based on the research of Android malicious application detection methods,this paper proposes important static feature and combined feature selection models and methods for malicious application detection,as well as optimization models and methods for important feature selection,and is verified through experiments.The main research contents and innovations of this article are as follows:1.An important static feature selection method for malicious applications based on random forest scoring is proposed.Select the permission,sensitive api,and consider the application rate of the permission and the usage rate of the sensitive api application as the feature,extract multiple static features of malicious applications,analyze the number of occurrences of the feature,and calculate the importance of the result of classification of each feature by the random forest algorithm.Each type of feature is screened and optimized to achieve a reasonable and accurate extraction of features,and the features that contribute to the classification are repeated to increase their weights,thereby enhancing the Android malicious application detection accuracy of the detection model.2.A feature selection method based on feature cross for Android malicious application combination is proposed.The dynamic and static features are combined,and the contribution of various types of features to the detection model is analyzed by small batch gradient descent algorithm to obtain important features.Frequent item sets of features are selected through Aprior correlation,and then the two are cross-compared to obtain combined features to detect Android malicious applications.This improves the traditional detection method based on single features and enhances the multi-dimensionality of features enhances the detection accuracy of the Android malicious application detection model.3.An optimized method for selecting important features of malicious applications based on improved artificial bee colony algorithm is proposed.Screen selected features through roulette and Pareto analysis.In the improved artificial bee colony algorithm,the detection accuracy of the training samples is taken as the target of the bee colony and the combination of different features is used as the location of the bee colony.The algorithm and the feature combination are in one-to-one correspondence,so that the feature combination optimal for the detection model is obtained,thereby enhancing the detection accuracy of the Android malicious application detection model.