Research And Implementation Of Android Malware Detection Method Based On Multiple Features

The rapid development of smart phones in recent years has made great changes to people's daily life.At the same time of development,smart phones in the malicious software is also constantly violating the privacy and security of mobile phone users.Open source Android system compared to other mobile phone system has greater openness and freedom,and therefore more prone to malicious applications to threaten the safety of mobile phone users.Android system accounts for more than half of the global mobile phone market share,so the Android malicious application detection method of research has a more important significance.In this paper,study the Android malicious application detection method,and the malicious features and dynamic features are combined in different ways to detect malicious applications.The main parts of research contents are as follow:(1)In the aspect of static detection,a static detection method based on Smali assembler feature and feature of Permission is studied.Extract the Smali assembler feature and the Permission feature to form a single static feature library and a combination of static feature library respectively,and use the basic classification algorithm to classify and compare experiments respectively,achieve high accuracy and low false positives of the experimental results in the classification effect.(2)In the dynamic detection,study the Android system Zygote process mechanism,and try to use the Xposed framework to dynamically hijack the Zygote process,while using the appropriate event triggering mechanism to simulate the actual situation of the mobile phone operation to obtain the corresponding dynamic function call as dynamic feature.(3)Combine dynamic feature and different static features appropriately to forming multiple mixing features for classification and comparison experiment.The result of experiment show the effectiveness of the dynamic features,but also reflects the lack of dynamic feature coverage,generating noise data to affect classification accuracy and other issues.Use different Ensemble Learning methods to improve basic classification algorithms for obtaining the improvement of classification effect.Base on the above research achievements,design an Android malicious application detection system,realize the function of using multiple combinations of features and Ensemble Learning methods to detect malicious applications.