| In recent years,mobile terminals have become more and more relative to people's lives.Android,as the most widely used mobile operating system,are facing a serious software security threats.To solve this problem,technology of Android malware detecting has developed for years.But the existing methods are often complex and highly dependent on artificial operations.On the basis of studying Android system structure,security mechanism and malware detection methods,A method based on the information of AndroidManifest file was promoted in this paper.This method has the advantages of the traditional permission detection and a higher performance.The AUC is 84.7%,TPR is 87.1%and the FPR is 16.7%.Firstly,we gathered a large number of applications include malware and benign.After decompilation and statistical analysis of these samples,We found that the statistical result of using components vary between malware and benign,which can be used to classify Android applications like Android permission.Secondly,we extract the information of AndroidManifest file through the key permission selection based on chi-square test and the quantization of Android components based on information gain.We applied AndroidManifest file information with machine learning classification method to detection Android malware.The experiment compared three classificationalgorithm such as Decision Tree,naiveBayes and KNN.Experimental result shows the method based on naive Bayes has the better performance.At last,we proposed a method to decrease the dependency between attributes in the feature vectors to make improvements based on characteristics of naive Bayes algorithm.Experimental result shows that the improved method keeps the performance and decrease the dimension of the feature vector. |
PDF Full Text Request