Research On Android Malicious Application Detection Based On Machine Learning

With the emergence of smart phones and the rapid development of mobile Internet,the way users connect to the network is gradually changing,from the PC side to the mobile side.Now the smart phone compared with the traditional PC,not just a simple communication tool,PC side of the many functions are achieved in the mobile side.Android mobile phone system is the most mobile phone operating system on the market,so a large number of users and developers concerned about Android application market.At the same time,developers of malicious code will also turn into the market,the user's mobile phone security is a great threat.Faced with a large number of malicious applications in Android application market,how to effectively detect malicious applications is an urgent problem to be solved.To solve the above problems,the purpose of this paper is to study the malicious application detection method based on machine learning.The main research priorities are as follows:(1)The research status and achievements of Android malicious application detection and the architecture of Android system are studied deeply.The security mechanism of Android system based on Linux kernel and the security mechanism such as sandbox mechanism and permission mechanism are analyzed.(2)The attack mode and the way of malicious code implantation are analyzed.On this basis,the anti-compiled file of Android application is analyzed in depth,and the principle of machine learning classification algorithm used in this paper is analyzed.(3)The plan of malicious application detection based on machine learning is designed,and the malware application scheme of machine learning using N-gram Opcode feature is proposed for malicious application.The experimental results show that the Dalvik Opcode is divided into 24 categories and method of 3-gram generated feature of 3-gram Opcode has the best performance.Then,according to the 3-gram Opcode feature combined with API features and Permission features,the experiments of feature set and classification algorithms on the performance of the classifier were carried out.Experiments show that the model of the use of API feature,Permission and 3-gram Opcode feature set and Random Forest algorithm have a good performance,with a false positive rate of 5.3%in the case of 94%of the detection accuracy,the average prediction time of 10.06s.If the combination of API feature and Permission feature combination and Random Forest algorithm training classifier,the average prediction time is 7.5s when the detection accuracy rate is 94.1%and the false positive rate is 6.5%.