Comparative Analysis Of Android Malware Detection Algorithms Based On Multi-features

In recent years,the rapid spread of smart phones and tablet PCs has led more and more hackers to move targets from the PC side to the mobile device.As the market share of Android system in intelligent equipment continues to expand,the possibility of its malicious attacks rose sharply.Therefore,it is important to study effective Android malware detection methods.Existing Android malware detection methods are mostly based on signature-based detection,which is rapid but can only detect known malware.The detection method based on machine learning can detect unknown malware,but it will have different classification test results as the feature set,feature selection algorithm and classification algorithm are different.What kind of feature set,feature selection algorithm and classification algorithm can get more accurate test results?Which algorithms are available for Android malware detection in addition to commonly used machine learning algorithms?How can these algorithms be better organized into a more efficient Android malware detection system?In view of these problems,this paper deeply studies Android security mechanism and security vulnerabilities,summarizing the current research situation at home and abroad,giving a more accurate and efficient Android malware detection prototype system,answered the above questions.The main contributions of this paper are as follows:Firstly,this paper studies the feature extraction and feature selection of Android malware.In this paper,the malware and benign software samples are collected,and then the static detection technology is used to extract the variOous features of the Android installation package(APK file).Finally,the information gain algorithm and the improved GA algorithm(CSF-GA)are used to select the feature,and the selected multi-feature set as sample feature.In this paper,five kinds of machine learning classification algorithms,such as random forest,were selected to classify the selected the Android application.Experiments show that the proposed multi-feature and CSF-GA combination can obtain the optimal feature subset.The obtained optimal feature subset can get the accuracy rate of 96.3%by combining with the random forest algorithm.Secondly,this paper takes the optimal feature subset as the sample feature,and uses three statistical analysis algorithms to detect Android malware.The experimental results show that the accuracy of the discriminant analysis algorithm can reach 93%on the detection of Android malware.In this paper,the machine learning classification algorithm and the discriminant analysis algorithm in statistical analysis are compared and analyzed from three aspects:detection effect,running time and running consumption memory.The results show that the Random Forest algorithm can obtain the highest accuracy rate without considering the running time and the running consumption memory,combined with the optimal feature subset.When considering the detection effect,running time,running consumption memory and other factors,the Fisher discriminant analysis algorithm performs better.Finally,the author uses the above conclusions to propose and implement a multi-feature based Android malware detection prototype system.The system includes a client-side testing program and a cloud-based detection program,where the client-side testing program runs on an Android device,using a Fisher discriminant analysis and detection algorithm;the cloud receives the uploaded application from client side,using the random forest algorithm for classification detection.This paper gives the detailed design and implementation of each module,and finally compares the prototype system with three well-known detection engine in domestic and abroad.The experimental results show that the prototype system proposed in this paper is superior to Avast and ClamAV,which is basically the same as 360 security guards.