Malware Detection System Research And Implementation Based Android

With the rapid development of mobile intelligent terminal equipment, people’s life and work cannot be separated with the application of tablet PCs and smart phones, information security issues for mobile devices has not only limited to the PC. Therefore, the operating system intelligent terminal security has become an urgent need to address the problem. In recent years, Android operating system with its high openness has become the most widely used operating system intelligent terminal, its safety and security can not be ignored. What security measures can be taken to detect malicious software effectively is the world’s core problem that Android users, application developers and device manufacturers are eager to solve.Focus on the software for the Android platform security issues, this paper designs a malware detection system based on the Android platform-ACS(Android-app Classification System) system, the system uses static detection feature value detection method, designs the detection process of classification sample set in detail, evaluates and analysis the results of the classification and feature set performance.The system extracts from the Android installation package file permissions file eigenvalues source application n-grams model and information gain theory eigenvalues source selection, and ultimately the formation of the six feature set to be classified. The system uses machine learning algorithms in the six classifiers to classify these six separate processing features set, and ultimately determine the classification performance of the best set of features and classifiers.The main works of this paper are as follows:1、ACS system identified AndroidManifest.xml malware feature set for characterizing the most effect. After the system source code files for the eigenvalues n-grams model extraction, computing n-grams of information gain (Information Gain, IG), select the highest value of the former IG500n-grams, composed of six characteristics required for the experiment set. These six feature set were from the Android APK files: Full Permissions and Permissions Tail feature set are from permissions files, classes.dex,、resouces.arsc、AndroidManifest.xml feature sets are from APK files, system proposes a new collection method for features--Combined feature set.2、ACS system identified Boosted Decision Trees and IBk classification algorithms are the most significant. Experiments took six machine learning algorithms to classify the feature set, these six classifiers are: Instance Based Learner (IBk); Naive Bayes; Decision Trees; Sequential Minimal Optimization (SMO); Boosted Naive Bayes; Boosted Decision Trees.3、ACS systems identified Boosted Decision Trees classifier for AndroidManifest.xml feature sets owns the best performance, with an average accuracy of99.24%and AUC value reached0.9890. Experiment by comparing36different experiments, taking six kinds of feature set and six kinds of classifiers were eleven matches the way, the use of ROC curves to evaluate the properties and the accuracy of each class feature set and classifier performance are made detailed analysis.