Malicious Application Detection Algorithm Based On Runtime Features And It's System Implementation

With the development of mobile industry and the deepening of people's dependence on mobile devices,Android malicious applications have bred rapidly in recent years,and the demand for more efficient application-based detection technologies is becoming more and more urgent.Therefore,the use of machine learning combined with traditional detection techniques to detect malicious applications to reduce labor costs and improve efficiency has become a hot research direction.Based on the existing research,this paper proposes a new model of Android malicious application detection.The model uses the sequence of application runtime API acquired by the improved application behavior monitoring technology in this study to extract features that are highly correlated with malicious property detection and have little redundancy with each other,and noticed the interference of the API subsequence of the non malicious behavior that may exist in the run of malicious applications on the training of the detector,VSM,K-means and GDBT algorithm are used to eliminate this kind of interference and improve the accuracy of detection.The main research achievements of this paper are as follows:1)Summarized and analyzed the technologies,theories and algorithms related to Android security.2)On the basis of deep research on the mechanism of Android system,the principle of various application behavior monitoring methods is analyzed.The existing factors affecting the monitoring efficiency are studied.A caching mechanism has been used to solve the problem that the tested APP does not run smoothly on the monitoring framework.3)In order to improve the efficiency of runtime information collection,a framework for automating running application is designed and implemented to save time and labor costs.4)In this paper,the existing problems of feature selection algorithm are analyzed.Based on the existing research,the algorithm is adjusted and extended to obtain an algorithm called MD_MR,which can obtain the feature set with large contribution and small redundancy.5)Aiming at the problem of interfering with the API sequence to the detection accuracy caused by the normal behavior of malicious applications in the existing research,we propose a model called EIA GDBT that uses vector space model and GDBT algorithm to discriminate the application properties.6)The effect of improved behavior monitoring technology and malicious application detection model was verified.And a detection system was designed and implemented.