Research On Robust Android Malware Detection Method In Adversarial Environment

With the rapid development of mobile Internet, Smartphones become more popular, they are used in many aspects of people’s daily life. Smartphones not only can be used to send messages and answer the phone call, but also can be used to browse, send and receive E-mail, do business and so on. Smartphones have been gradually changed the way that people communicate.Android Smartphone market developed a lot in recent years, huge economic profits attract a lot of malware makers. These malware makers use kinds of malwares to control Android Smartphone, so that they can do some malicious behaviors to Smartphones, such as sending premium messages, stealing privacy data like the credit card information and so on, these malicious behaviors seriously affect people’s life. Therefore, how to ensure that the Android malware can be effectively detected and guaranteed Android system security are problems. This paper studies these problems in Android malware detection, and then proposes two corresponding robust detection methods. The following is the content of this research and its innovation:(1) Android malware types rise continuously in recent years, traditional methods use single classifier to detect these malware, which have the problem that too limited knowledge can be learned to effectively detect various of malicious softwares. This article proposes a multiple classifier detection method in Android malware detection, to improve the robustness of detecting various malicious software methods. The experimental results show that using multiple classifier to detect various malicious softwared has so good performance.(2) Android application can apply for more permissions than actually required, the attacker can easily use these additional permissions to attack traditional detection method.Therefore, this paper proposes a good permission attack method in malware detection, used to study the performace of detection method under the permission attack. The experimental results show that when continued to strengthen good permission attack, the performance of the traditional detection method declines significantly.(3) This paper studies the detection method of good permission attack in adversarial environment. In adversarial learning, the adversary camouflages malicious samples to evade the classifier. One of the adversarial learning’s goals is to design robust classifier, which has low performance decline under continuously increasing attack strength. This paper proposes a robust detection method by adding permission combinations which consist of two permission with high mutual information. The experiment results show that this method can slow down the performance declining under good permission attack, so adding permission combinations detection method has better robustness.