Research And Implementation On Android Malware Detection System Based On Machine Learning

The combination of artificial intelligence and mobile communication technology makes the smart phone has become one of the indispensable equipment in people's lives,smartphones with different operating systems add a lot of fun to people's lives.In these operating systems,Android system has become a leader in the field of smart phones because of its unique open source characteristic,which makes the researchers conduct a multi-faceted study of the Android system.However,on the other hand,the Android system has also become the preferred target for malicious code attacks due to its open source characteristic which makes it a constant research direction in Android malware detection technology.In this paper,the security mechanism and defects of the Android platform are researched and analyzed,and an Android malware detection scheme based on machine learning is proposed,at the same time,the corresponding detection system is implemented with the detection scheme.The main work of this paper is as follows:(1)In view of the traditional detection scheme has a defect in the small feature selection type and the single feature selection range.A multidimensional feature extraction scheme combining static analysis and dynamic analysis is presented.This paper extracts five types of static features,including permission information,function calls,hardware access,components and intentions.Considering that the software has an impact on the system performance during running which can also distinguish whether the software has a certain degree of malicious,therefore,this paper extracts the performance of the system,such as battery consumption,memory consumption and CPU occupancy time,from the virtual environment,and constructs the mixed feature set with the static feature.This scheme captures the static and dynamic characteristics of the application.Compared with the analysis based on the permission and function invocation,this paper extracts the twelve types of features,which reflect the behavior of the Android application and enhance the comprehensiveness of the feature extraction.(2)In view of the traditional classification model has a defect of low accuracy in the process of training and testing the high-dimensional feature data,this paper proposes an Android malware detection model based on support vector machine,and designs an optimized Relief algorithm to make up for the defects that traditional Relief algorithm cannot remove redundant features.The algorithm extracts the effective feature subset from the original feature set and reduces the feature dimensionality.Experiments show that compared with the traditional detection model,the support vector machine classification model which combines the feature selection algorithm can effectively improve the classification accuracy.(3)This paper designs and implements an Android malware detection system based on the client-server architecture.The system combines the feature extraction scheme proposed by this paper and the detection model based on support vector machine.The detection model is placed on the server side for deep detection,the client only set the lightweight detection,which helps to reduce the user's mobile phone power,CPU and other consumption of system resources and optimize the system's detection efficiency.Our system detects the unknown software by both lightweight and deep detection modules.The test results show that our system has high operating efficiency and detection accuracy in detecting unknown software.