Static Detection For Android Malware Based On Machine Learning

Nowadays,with the continuous development of mobile communication technology and the gradual increasment of micro-chip computing power,more and more people begin to use mobile phones to achieve fast payment,sending and receiving e-mails,audio and video entertainment,which can only happen on the PC in previous.Among all the mobile operating system,the previously popular Symbian system gradually disappeares in the field of vision,the unique IOS system's share tends to be stable,the Android system from Google firmly occupys the market's major share from 2012.Because Android is a free and open source system,more and more mobile phone manufacturers have joined the Android camp,which makes the Android become the most popular mobile operating system.However,while the Android system brings great convenience to people,it also becomes the main target of the numerous malicous attack.On the Android system,different kinds of malwares emerge in an endless stream and malicious technology update quickly and constantly,making the research on the security issue become more urgent.Therefore,both academics and security vendors pay a great attention on Android security.Android applications are installed to mobile devices by the APK files.Researcher previsously tried to modify the source code of system kernel to enhance security.But now,they find that excuting a security detection before the apps' installation is a more direct and effective method.Based on this idea,this paper proposes a Static Detection for Android Malware Based on Machine Learning.The main innovate results of this paper are as follows:Introduce the Android system framework and its own security mechanisms.Summarize the main types of malware and the specific attack methods,explain the two kinds of mainstream detection technologies,and analyze their advantages and disadvantages.Aiming at the shortcomings of existing detection technology,a static malware detection scheme based on machine learning is designed.In addition to the traditional static features,this paper generates a new type of function call graph features according to each function in the code and calling relationship among them.This new static feature effectively overcomes the code obfuscation technology,which can clearly and accurately express the specific behavior of the software modelOn the base of machine learning algorithm,the classifying model is used as the final detector for malware.k-NN,SVM and Naive Bayes are employed in the experiments and the three kinds of evaluation index such as ACC,TPR and FPR are used to analyze the results.Establish a latest library of malware samples.Nowdays most of the literature's experimental samples are from the Jiang X's library which is builded in 2012.This library is clearly not practical any more obviously.Through the crawler program,this paper collected the latest malwares from the VirusShare forum,which comes from 10 categories in 2015.Finally,this paper builds up the latest malware sample library and analyzes all the samples in a comprehensive and meticulous manner.