Research Of Malicious Application Detection For Smart Mobile Terminal

Recently, the number of malwares on smart mobile phones increase rapidly. The detection techniques of the malware are becoming the focus in the mobile phone security research area. The traditional detection methods based on priori characteristics matching are too insufficient to detect distortions of existing malwares or the newly malwares. However, the classification detection based on the machine learning, which not only can effectively detect the known malicious applications, but also can effectively detect both the distortions of existing malwares and the newly unknown malwares. This thesis proposes a novel malware detection method based on mul-dimension features machine learning algorithm. The algorithm extracts the features from the relative frequency of interface components, permissions information statement and API's call information. Then it gives the detection result based on the weighted voting of the result of the classifications.The main accomplishments and innovations of this thesis are follows:1. A joint detection method based on multiple feature dimensions machine learning of malware applications is proposed. For the application to be tested multi-dimensional feature extraction, and by building a separate classification decisions. Using the principle of integrated learning, the verdict will be given after the classification decision results weighted voting. According to the classification accuracy of detecting set the weight coefficient, give full play to the advantages of the single classifier for malicious code to enhance the detection accuracy2. Three classifiers construction method based on multiple features are proposed, including the classifier based on the relative frequency of Interface components, which is based on the reverse depth-first traversal algorithm recursive search;the classifier based on the feature of permission claim,which is based on the reverse of the Boyer-Moore string matching algorithm for matching search;the classifier based on API call information feature extraction,which is subjected to reverse search text based on the n-gram algorithm, geting the frequency difference between the maximum number of calls 20 API statistics malicious applications.3. Design and accomplish a detection systems for the malware applications based on the multiple feature dimensions machine learning.The system is divided into three modules, including the application reversing module, feature extraction module and joint detection module. Use application reversing module, reverse analysis application and access the program source file, using feature extraction module interface components extracted from the source file relative frequency characteristics, features and information rights management statement API call information feature; Using joint detection module, build and test application classifiers classify verdict after the verdict weighted voting give the final test results.4. Test the selected test samples from Pea pods application market and Malware applications sample library.The result shows that:the system can detect malware applications and the accuracy rate is 90%, the false alarm rate is 10% and the false negative rate is 0, which is more accurate against the traditional machine learning detection.