The Research On SVM-based Android Malware Detection Techniques

Owing to the openness and scalability,Android is the most popular operating system on mobile devices.However,with the rapid growth of system software and third-party applications on Android platforms,hazards caused by malicious applications on user data and system security etc.become the primary problems for Android security.Static feature detection is difficult to deal with code confusion and Java reflection,and there is a high risk of false positives.Virtual environment based dynamic feature detection is weak to environmental evasion technology,and it is difficult to trigger the behaviors of applications.This thesis studies the technology of SVM-based Android malware detection.Aiming at the problem of application behavior trigging,a behavior simulation method based application function traversal is proposed,which can install or uninstall applications on device automatically,and traverse GUIs of target application.The implemented malware detection platform interacts with application through simulating user actions,and makes application running automatically and improving the trigger rate of application behavior and efficiency of dynamic analysis.To solve the problem of the correct rate seriously depends on the number of samples which extracts feature randomly,a category based feature quality optimization method is proposed,and the feature space models based on system call frequency and system call dependency are established.As a result,the accuracy of the classifier to detect malicious applications under a certain category is improved.In order to solve the problem that malwares can evade detection in the simulation environment,an Android malware detection platform on the real device is designed and build,which tracks system call sequence generated by the target application and solves the circumvention problem in virtual environment.The implemented platform in the thesis analyzes the applications dynamically on the real device.Both the behavior trigger rate and dynamic analysis efficiency were improved by traversing application functions automatically.The sample features were optimized in the category-based SVM classifier designed and the accuracy of the classifier to detect malwares is improved.The results show that the average accuracy of category-based SVM classifiers has 2.3~5.08% higher than non-category classifiers.