Research On Android Malware Detection And Malware Family Classification

In recent years,with the rapid development of mobile Internet technology,mobile applications have surpassed websites to become the protagonists of Internet services for the first time in 2019.With the rapid development of the mobile application market,malware criminals have begun to use mobile malware for illegal benefits.And Android OS has become the preferred target of malware criminals.Faced with the increasingly serious security problems of Android OS,the traditional Android malware detection scheme has great shortcomings.Therefore,it is necessary to seek an efficient and intelligent detection method to ensure the application security of Android OS.At present,research on application security on Android OS mainly performs static and dynamic analysis to extract the behavior characteristics of the application and determine whether it is a malware to ensure the security of mobile devices.This article studies the existing Android malware detection technology.A single feature cannot fully and accurately describe an Android application.What's more,the multi-dimensional and fine-grained Android application has a large number of behavioral features and a lot of redundant information.That seriously affects the detection accuracy.In addition,most research today only detects whether an Android application is a malware and does not analyze what malware family it belongs to.Android malware that belong to the same malware family usually contain most of the same malware code.When they run on mobile devices,the malware behavior attributes are the same,and they have some inherent correlation and similarity.Therefore,Android malware family classification is also of great significance to the research of Android application security.Aiming at the shortcomings of the current Android application security research field,the innovations and contributions of this article are as follows:1.Aiming at the problem that a single Android static feature cannot fully and accurately describe an Android application,this article analyzes the Android system architecture,security mechanism,core components,APK structure,etc.,and designs a multi-dimensional feature extraction scheme for Android applications.Obtain Android Mainfest.xml and smali files to extract permissions,components,intents,and API call features from them.Experimental results show that this multi-dimensional feature can improve the accuracy of identifying Android malware applications by 95.48%.2.Aimed at the problem of extracting multi-dimensional and fine-grained Android application behavior features with a large number of redundant information and severely affecting the detection efficiency and detection accuracy,this article designs an information gain(IG)and binary whale optimization algorithm(BWOA)combined feature selection method.First,using IG algorithm to remove redundant features and irrelevant features,and then using BWOA algorithm to select the optimal feature subset of the Android application.This method combines the advantages of the low time overhead of the filtered feature selection method and the high accuracy of the wrapped feature selection method,reduces the learning time and maintains high detection accuracy.3.Aiming at the difficulty of determining the parameters of the SVM classification model,this article proposes a collaborative optimization scheme based on BWOA-SVM.By improving the WOA algorithm,and designing a new fitness functions based on SVM classification accuracy rate,feature subset length,and support vector number.It can enable collaborative optimization of SVM model parameters while feature selection.Experimental results show that the accuracy and detection rate of this scheme for Android malware applications have reached 97.88% and 97.85%,which has good adaptability and robustness,and has good performance in the detection of Android malware applications.4.Aiming at the problem that various Android malware family applications are difficult to analyze,this article proposes an Android malware family classification method based on APK color image visualization.This method converts the classes.dex binary file segmentation and slice into red,green,and blue color channels.And map the APK to RGB images,use the image texture features to represent the similarity in the code structure of the same Android malware family application,and design a convolutional neural network model to accurately classify different Android malware families.The experimental results show that the classification accuracy of Android malware family can reach 94.75%.