Research On Android Malware Static Detection Method Based On Permissions And Multi-feature Information Gain Analysis

With the development of information technology, the application of mobile Internet is developing rapidly, which plays a more and more important role in our daily life. It is an important tool for us to communicate with the world and complete the payment on the Internet. However, the security of mobile applications is becoming more and more obvious. In the case of people unknowingly, a variety of malicious software often invade our mobile devices, threatening people’s daily life and work. In the mobile market, Android system occupies a very important position, how to identify the Android malware is very important. Therefore, the thesis proposes the Android malware static detection method based on permissions and multi-feature information gain analysis.From the current Android software security field at home and abroad research status, learning the Android operating system and software system structure, understanding the security mechanism of Android system and the various Android malware detection methods, presents the information gain detection on Android permissions that a single feature on the foundation of the analysis to static detection method, according to the common rights of information gain coefficient (malicious) size to the judgment of the malicious software, in order to improve the efficiency of Android malware detection. By the improvement of the single feature information gain access detection method to further put forward the conception of Android malware detection method based on multi-features, and discusses its feasibility. In the multi-feature detection method, first introduced the Androguard tool to realize the sample decompilation and statistics, then use the WEKA tool to realize multi-feature information gain calculation. In order to realize the detection precision of the malicious software, the author introduces the concept of "two levels empowerment", the regional characteristics of empowerment and in the regional characteristics of single feature weighting. Let the weighted information gain values compare with the threshold, then we can detect Android malicious software.In the improved method, the weighting is introduced to the multi-feature information gain discriminant method, through theoretical validation, the weighted information gain calculation results of the normal software and malicious software will have great difference, which can better distinguish the Android malware.