| Due to the advantages of open source and portability,Android have the best market share of intelligent operating system.Android malware pose a great threat to the security of Android platform.owing to the popularity of this operating system,There are more and more Android malwares pose great attacking to the security of Android platform.Malware can not only eavesdrop on calls,steal user's information,push advertising or fraudulent information,but also mislead user to pay for payment services.The malicious software not only damage the vital interests of users but also affect the healthy development of Android Market.So fault detection malware accurately and efficiently for Android platform has become a hot research area.Most of the existing malware detection method collect data from different angles,and then take the data as the research object,However these data are redundant and have many uncertain factors.In addition,the commonly binary classification depends on the existing sample,it is necessary to improve the performance of detecting of mutation or unknown malware,in order to solve the above problems,two feature optimization algorithm and an improved SVDD algorithm are proposed.What's more,a three level detection model-data collection-data processing-software detection is used so as to analyze,optimize and checkout the Android platform security.In this paper,the related works as following aspect:(1)Optimizing the feature library.We have collected a lot of normal software and malwares and programed to decompile Android software and automatically collect various invoked Application Program Interfaces and permissions from every application's original coding to construct static behavior feature library.During the period of malware and benign data processing,two strategies that was probability statistics embedding and feature extraction were proposed to find the high information feature,and reduce the uncertainty of feature.With these strategies,testing can have little impact on the detection rate and false rate,and reduce the calculation time of training malware detection model and obviously improve the ability of detecting unknown malware families.(2)Improving Anomaly detection algorithm.Android malware in constantly developing and can change into others,It maybe fail to detect unknown software using the detection model constructed by the existing software.However,the collection of malicious software is difficult,the ratio of abnormal samples and normal samples are imbalance.Anomaly detection algorithm only utilize normal sample to build detection model which can overcome the difficulty of collecting malware detection.Different android software has its own characteristics,the more software behavior and active,the more static behavior characteristics will be extracted,Using feature frequency signify the software's Activeness.Introducing method of SVDD algorithm combined with feature frequency to improve SVDD slack variable.The experimental results show that optimized feature and improved anomaly detection can efficiently enhance the ability of distinguish malicious and benign. |
PDF Full Text Request