| Android operating system is currently the most popular and accounts for the largest market share of mobile operating system.With the development of the popularity of the mobile phone and the telecommunication technology,Android applications are richer.However,due to chaotic application market,inadequate supervision,the user's weak security awareness and other reasons,the number of Android malicious applications increases constantly.Therefore,it is very meaningful to detect the Android malicious applications.And it has been a hot spot in the field of security research.The existing detection techniques based on permissions combination aften are the fixed malicious permissiosns combinations and mining maximal frequent itemsets of relevant permissions combinations.These methods will ignore a lot of malicious permissions combination.There are some permissions combinations that may also be used in normal applications.The weights of individual permission and the weights of the permissions combinations are defined by the frequency that the number of individual permission and the permissions combinations occur at the application,it will make accuracy decrease.To solve these problems,a KMD malicious application detection model is created.The main works done in this paper is as follows.First,We extract using actual permissions from Android application.Because of the excessive number of Android permission,we need to extract some permissions that has a good effect on classification.Two different feature selection methods that are chi-square and information gain are studied and analyzed.The effect of two methods on classification model is tested by experiment.we select the best feature selection method for the classification.Second,We propose KMD model.According to Google play,the application will be classified according to the application function.The optimal classifiers are trained by A SVM multi-class classification algorithm based on balanced binary decision tree at the junction of the sample set space category.the samples are classified according to function.It will reduce the space of data mining and sample detection.It improve the accuracy of detection.Finally,for the malicious and normal applications of each function category,KMD use an improved algorithm for Apriori-SRApriori algorithm to mine all frequent itemsets.Then we select malicious frequent itemsets from all frequent itemsets.we define the weights of individual permission and the weights of the permissions combinations.We construct a malicious feature library based on category.It generates the final decision model of malicious behavior. |
PDF Full Text Request