Android Malware Detection Method Based On Feature Selection

Nowadays,smart phone has become an important part in people's daily life for its convenience and upgrading performance.With the characteristics of open source,Android platform has become the most popular mobile operating system and dominants the smart phone market for years.Due to the development of Android platform,however,Android malware arised and its number is increasesing rapidly.There have been some work focusing on machine learning to detect Android malware,but this work has some drawbacks:(1)The dimension of feature set used in Android malware detection is getting higher and higher,but few research considers the effectiveness of the features.Android malware has it's own characteristics in features using,those feature sets may exist redundant features and irrelevant features;(2)Most of this researche is based on static data sources,without taking into account the fact that the rapid growth of Android malware and normal applications in both quantity and technology level,and ignoring the implied concept drift problem in Android malware detection.In oreder to solve these problems,the objectives of this thesis are as following:First,this thesis comes up with a feature set based on the characteristics of Android malware's performance,this feature set consists of permissions,Actions,API calls and some Linux based commands of an Android application,and this thesis provides a method to extract this feature set.According to the preference of Android malware in feartures using,feature selection method is introduced in Android malware detection.Learning the Markov blanket of target attribute can identify strong relevant features and non-redundant features and effectively reduce the dimension of the feature space,as well as ensure the effectiveness of the classifier in the Android malware detection.Second,this thesis puts forward the phenomenon of concept drift in Android malware detection and proposes a method based on ensemble learning model to solve this problem.This ensemble learning model is built on the basic classifiers of Na?ve Bayes for streaming data,and according to the preference of feartures used in Android malwares,feature selection is introduced in the Na?ve Bayes classifier.And the ensemble model maintains a sliding window,and it can dynamically adjust sub-classifier based on the accuracy of each sub-classifier to adapt to the concept drifts.Finally,this thesis provides plenty of experiments to prove that the effectiveness of feature selection in Android malware detection;And this thesis through experiments to demonstrate the influence of concept drift in Android malware detection,and unveils the cause of this influence through experimental data analysis,as well as the validity of the proposed method.