Research On The Methods Of Android Malware Detection Based On Behavior Analysis

Smartphone,with its connectivity and portability,has increasingly become an indispensable mobile device in people's lives.Android platform,with the characteristic of openness and low cost,has become the preferred operating system for mobile device.With the continuous increase of market share of Android on mobile device,the security issues faced by Android application has turn into a rising problem.Malicious behavior such as vicious deductions,charges consumption and privacy theft happen with more complicated and variously.Therefore,how to detect the malicious behavior in Android software effectively and accurately,has been a hot research issue in the field of information security.Research shows,at present,methods of Android malware detection can be divided into static and dynamic two classes.Each analysis method has its strength and weakness.However,the existing researches are more about the improvement of a certain technology or the in-depth analysis and discussion on a specific problem.Aiming at this issue,after analyzing the Android operating system,Android malicious behavior and existing malware detection methods,this thesis proposes a method of Android malware detection based on behavior analysis.Then designs and implements an auto-detecting model that combines feature extraction,confidence interval and machine learning algorithm.The main research work includes:(1)For static analysis,after obtaining manifest and Java source files through reverse engineering,information of static behavior include permissions,Android components,intent and system API calls are comprehensive collected.Since the data of application's behavior is too large,feature description and feature extraction are used to remove the redundant information,construct the feature set with best performance of classification and make the maximum effect.(2)In order to resolve the problem of detecting unknown malware automatically,machine learning algorithms are used to construct malware classifiers,then train and test the detecting model on sample set with static behavior feature.Dynamic analysis of Android software samples with confidence below 50%are adopted to decrease the error of classifiers with indeterminate samples.A final categorizing verdict of Android software sample will be done with the dynamic analysis log about file addressing,network accessing,decryption,encryption and system setting.(3)Building on the collection of behavior,feature engineering and method of detection above,an Android malware detecting model is designed and implemented based on behavior analysis.Tested on the sample set which contains 606 malware and 618 benign Android software,a malware detecting rate up to 97.7%was obtained with static behavior features and the classifier constructed by Random Forest algorithm.After joining the dynamic analysis,there are only 2 malware samples classified as benign Android software falsely.In comparison of existing researches of Android malware detection,method based on behavior analysis in this thesis,got a 2.2%higher malware detecting rate than AndroidDialysis,and a better efficiency with 31 dimensions of the sample in feature space.