Research On Malware Static Detection Technology Based On Android

As a smart device,mobile phones have become an indispensable part of people's daily lives.Mobile applications(APP)provide us with a variety of services.These different services open up a whole new world for users,and also generate a lot of data,which contains a lot of user sensitive information.Therefore,how to ensure the security of mobile phones is of great significance to users.The Android operating system has developed rapidly with the popularity of smart devices.Due to its open source advantages and mature technologies,it currently accounts for 85% of the mobile operating system market share.Android is not only the mainstream platform for mobile phones and tablets,but also has a wide range of applications in the field of Internet of Things.Therefore,how to protect the Android system from malware is crucial.Based on Android malware detection technology,it is divided into dynamic detection technology and static detection technology.This paper focuses on static detection technology,and proposes three static methods for Android malware based on machine learning and deep learning.The main work is as follows:1)By analyzing and researching the existing Android malware static detection algorithm,this paper proposes an Android malware detection method based on integrated learning and information gain for the application of Android malware permission flooding.This method compensates for the defect that a single feature cannot accurately reflect the difference between benign and malware by selecting permissions and API features.Considering that some features do not truly indicate the gap between malicious and benign software,the information gain value of the feature is calculated through the screening of information entropy,and the representative permissions and API calls in the benign and malicious APPs are filtered out.As a key feature set of classification,using the rotating forest algorithm,some of the main features of Android are analyzed by Weka analysis tool,which realizes the detection rate of 96.4% of Android malware;2)For traditional machine learning algorithms,large-scale malicious applications are difficult to use manual tagging in Android malware detection applications.This paper proposes an Android malware detection algorithm based on convolutional neural network,which extracts APP.Permission,API and other permissions,transform a variety of static features into a matrix form of the vector,solve the difficulty of manual large-scale labeling,using convolutional neural network algorithm to mine the intrinsic association between features.The method trains the detection model with a smaller data set,and then applies the model to a large-scale data set for rapid detection,achieving a detection rate of 96.04% of Android malware;3)Due to the above detection methods are faced with the complex structure of APPs at present,the detection effect is easily affected by the key features selected in the static analysis.AnAndroid malware detection method based on long-short term memory algorithm is proposed.Considering that the Android software is a highly logical application,its operation has time continuity and spatial relevance.This method re-examines feature selection and extraction.By deeply mining the associations in its code logic,it extracts the operation code sequence and processes it into a series of text time series.It uses deep learning and powerful learning ability and length.The memory algorithm has powerful computing power for the associated time series,and solves the problem that the key features affect the detection effect from the code level.Finally,the detection of Android malware is realized,and the detection accuracy is 97.6%.