Android Malware Detection System Based On Supervised Machine Learning

With the rapid development and popularity of Android mobile phone,Android malware is also increasing.Malware can lead to malicious behaviors such as malicious deductions,privacy theft,traffic consumption,remote control and so on,which posed a serious threat for mobile phone users on data security and property safety.As a result,it is necessary to design and implement a malware detection system for Android mobile phone to detect malware and analyze malicious behaviors.This thesis mainly focuses on the research of Android mobile phone malware,and the main works describe as follow:?1?For the problem that a large percentage of Android applications are over-privileged,which results in low detection accuracy for Android malware,an algorithm to preprocess dataset is proposed.By reverse analysis of the usage frequency of permission for different types of malicious application samples to refine significant permissions for each type of malicious application so as to improve the accuracy of malware detection.?2?For the problem that the subset of features selected in the process of splitting each node when using random forest to construct malware classifier for Android malware detection may have redundant features which may affect the performance of random forest classifier for malware detection,an algorithm to optimize the subset of features is proposed.By selecting the features that are more valuable for random forest classifier so as to improve the accuracy of the random forest classifier in the process of malware detection and classification for Android mobile phone.?3?For the problem that the most existing researches on malware family classification only focus on large families for which samples are available,and ignore small families,and different malware families have similar malicious behaviors,which lead to inaccurate analysis of malware behaviors,Android malicious applications will be further divided into SMS Trojan,spyware and botnet based on the popular malicious behaviors so as to analyze malicious behaviors of malicious applications more precisely.In the experiment,the proposed system uses the Macro-average of precision,recall and F1 to evaluate the efficiency on malware detection for different types of malware.The system proposed can achieve results with precision about 89.7%,recall about 84.4%and F1 about 86.7%based on the dataset of dataset₁000?There are 1028 applications in total,of which 655 are benign and 373 are malicious?.The experimental results show that the method proposed in this thesis has good detection effect and analysis results for Android mobile malware.