| With the rapid development of mobile Internet,Android operating system has emerged as the first place in market share of intelligent mobile terminal operating system.Because it has opening,portable and free features,it is loved by users and developers.Thus it becomes the main current malware attacks target.Currently the number of the malware in the Android application market spread and the quality varies greatly.For existing Android malware detection system can only detect known malware,it has a certain lag so that it has lower capabilities for unknown malware detection.In order to solve the problems above,this thesis proposes a scheme of extracting the malicious code features from the perspective of characteristic code,and implements a unknown Android malware detection system according to the scheme.The main jod are as follows:firstly,combine the static analysis and dynamic analysis method to complete the feature extraction of the Android samples in the application framework layer and the underlying system layer on the basis of the malicious sample and normal sample in training set.Thus,we extract the sensitive API static characteristics in framework layer and the system call both static and dynamic characteristics in Native layer to form a feature library code;secondly,use machine learning algorithms to train model which make the code feature library as input and make sure it has the ability of detecting malware after the training,thus we implement an Android malware detection system.According to the result of system testing and experiment analysis shows that after the training using existing sample set,the Android malware detection system which is based on feature code extraction algorithm we proposed in this thesis and use random forest algorithm to implement has the high detection capbility to detect unknown Android malware and the accuracy can reach more than 90%. |
PDF Full Text Request