Research And Implementation Of Android Malware Detection Method Based On Hybrid Feature

Smart phones has developed rapidly in recent years,they have changed our lives and work positively.At the same time,the number of malwares in portable platform and their danger are developing rapidly too.For instance,malicious deductions,privacy theft,sabotage and other malicious attacked smart phones' system and made huge loss to users.Compared with Apple's IOS system,open-sourced Android mobile phone system if more likely to be attacked by malwares.In smart phone market,Android has hundreds of millions of users,which makes research of malware detection in Android platform has an important practical significance.In this paper,we studied the principle of Android platform and its security system,introduced the commonly used detection methods,which included static and dynamic features extraction techniques.Then we selected the hybrid features which included static and dynamic features to detect malware.We studied the basic methods of data mining and the boosting methods,and built a malware classifier with data mining methods.Finally we put the malware detection of unknown source applications into effect.In the aspect of static detection,we studied the detection method which based on the permissions mechanism.We used the extracted APK files' permissions to build APK static library,then experimented with 4 kinds of classify algorithm,and got a pretty good result which included a high TPR and a low FPR.In the aspect of dynamic detection,we studied the characteristics of Zygote process,and proposed a dynamic features extracting method.By hijacking the Zygote process,we got the API system calls of APK,and we made the API system function calls as the dynamic features.The experiments proved the valid of the method.In Android dynamic features extraction,it brought some noise data,which reduced the accuracy of classifying.To improve the accuracy of detection of malware,we proposed an improved AdaBoost algorithm,which limited the difficult classified samples' weight,thereby reducing the impact of noise data on the data classification results.Experiments showed that the improved AdaBoost algorithm had a higher TPR and a lower FPR than the traditional boosting method.Based on the above malware detection methods,we implemented an Android malware detection system,and used a hybrid features to detect malwares.