Android Malicious Code Detection Based On Integrated Multi-feature

In recent years,with the increasing demand for mobile Internet,smart phones represented by the Android system begin to play an increasingly important role in people's daily life.Due to the payment and social functions of smartphones,users' property safety and personal privacy are increasingly threatened by malicious mobile apps.So it is necessary to study the detection of malicious code in Android.In this paper,the status quo of Android malicious code detection at home and abroad are researched and analyzed.Based on the static detection,an integrated algorithm framework based on quadratic pruning optimization is proposed.The framework of the algorithm integrates classifiers and classifiers Pruning to enhance the detection effect of malicious code,and verify the effectiveness of the algorithm through experiments.On the basis of dynamic detection,this paper proposes a dynamic detection algorithm of multi-feature MGK,which optimizes feature selection and Gaussian kernel function and applies the improved algorithm to multi-feature training to improve the detection accuracy of malicious code.Finally,the above two methods are combined to propose an Android-based malicious code detection algorithm based on ensemble learning,and a prototype system is realized.Through experiments,the detection rate of 98.5% is obtained when the integration scale is S13.The main contributions of this paper are as follows:1)Research on static detection of malicious code in Android,propose a static detection algorithm based on ensemble multi-feature Android malicious code.According to the limitations of the single feature,the algorithm extracts the privileges,system calls and core components extracted from the decompiled APK file,and takes full advantage of the advantages of multiple features of Android in distinguishing malicious code.At the same time,an integrated detection framework based on quadratic pruning optimization was proposed.The framework pruned the classifiers for each type of features and screened the integrated classifier model clusters to improve the detection rate of malicious code.2)Aiming at the problem of code confusion and encryption in static detection,a dynamic detection algorithm of Android malicious code based on multi-feature MGK is proposed.The algorithm applies multi-feature to dynamic detection.Firstly,the system call and service call sequence obtained during program run are extracted.After that,the feature selection is improved and the features are filtered by the improved information gain method.According to the traditional recognition rate and Gaussian kernel function,Deal with the lack of time,improve the Gaussian kernel function,improve the detection rate of malicious code,and verify the improved effectiveness through experiments.3)Starting from the above theoretical results,The Android-based malicious application detection platform based on ensemble multi-feature learning is designed and implemented.This system fully combines the advantages of dynamic and static detection,and improves the system detection by the ensemble learning algorithm based on Adaboost Efficiency and stability.