Design And Implementation Of Static Detection Model For Android Malware

With the rapid development of the mobile communication and the smartphone,mobile Internet has penetrated into people's lives.Smartphones,as a tool for accessing the Internet,not only provide us with communication services,but also change our way of life,such as entertainment and so on.In the field of smartphones,a survey by the authoritative organization Strategy Analytics shows that at the end of November 2016,Android mobile phone occupies 88% market in the world,and Android operating system owns the largest users in the world.With the improvement of software and hardware technology,an Android mobile phone can be installed more and more applications and applications' functions are richer.However,with application's functions are rich to the user,smartphone also suffered a variety of malicious application attacks,such as malicious fees,trick fraud,and privacy theft and so on.If an Android user can predict whether the application is a malicious application before installing an unknown application,it can avoid malicious attacks.Based on it,this paper designs an Android malware detection model which can detect the APK files and identify malware.This model includes three modules,and the main contents are as follows:1)Digital Signature Detection Module.All applications must be signed before installed to the Android operating system.And each signed application has a unique MD5 value.This paper has collected a large number of malware's MD5 values.This module analyzes the MD5 value from the detected APK file and retrieves the malicious application MD5 value database to verify the existence of the value,if it exists,then the application is regarded as malware,otherwise,the machine learning decision module will detect it.2)Feature Extraction Module.Aiming at the problem of malicious application software detection,this paper presents a static detection scheme based on application authority and sensitive API.Android application must declare permission and call sensitive API for sensitive operations.A separate permission or sensitive API couldn't cause leaks to user privacy,but a series of permissions and sensitive API will cause leak of user privacy.This module mainly uses the APK file to extract the application permissions and call the sensitive API,generate a mixed feature vector data set,so that the follow-up machine learning method for malicious application software detection can be used.3)Machine Learning Detection Module.This module uses the random forest algorithm,K-Nearest Neighbor algorithm and Support Vector Machine algorithm to study the malicious application software and normal application software collected in this paper,and trains three Android application software classifiers.When there is a new application software to be tested,the feature extraction module is used to generate the mixed feature vector of the application to be tested.The application software is classified by three classifiers respectively.Finally,according to the voting rule,it is judged whether the applied application is malware.This paper downloaded 142 applications from 33 categories in the Google App Store and downloaded 184 applications from 16 categories in the Millet App Store,with a total of 326 samples of normal application software and 323 malware from the Virus Share website Application software samples.The experimental result shows that the designed Android malware detection model can identify more than 95% of malwares,which can achieve the desired results.