Android Malware Static Detection With A Lightweight Semantic Feature

The openness of Android operating system and its tedious third-party application market have resulted in the large number of Android malware,which poses a serious threat to users' personal privacy and property security.The research on Android mal-ware detection is of great significance.The related research work of Android malware detection mainly extracts grammatical features or semantic features of applications.The semantic feature of application is more reliable to determine the malicious behavior,and it plays a key role in Android malware detection.Since the method of extracting semantic features is usually complicated,this dissertation defines a lightweight seman-tic feature,extracts the semantic feature and the grammatical feature of applications through static analysis and utilizes machine learning technology to automatically clas-sify Android applications to detect malware.The specific work is as follows:(1)This dissertation proposes a lightweight semantic feature that has low com-putational cost and can effectively detect application security:" generalized sensitive API"with its trigger method and emphasizes to focus on whether the trigger point of the generalized sensitive API is a UI event related callback method,which is the basis to classify Android applications.(2)This dissertation comprehensively considers the grammatical feature and the semantic feature of applications for Android malware detection.It extracts the really used permission of applications to form the grammatical feature.In addition to the system permission corresponding to API in the program,this dissertation also defines"approximate permission" for the dynamic code loading related method as well as the source and sink methods outside the sensitive API.(3)The experiments on 24288 samples have found the optimal classification al-gorithm of this dissertation-Random Forest.The average time for analyzing an appli-cation to extract the feature vector is about 60 seconds,which shows the low overhead of our approach.The experimental results demonstrate the effectiveness of the feature set of this dissertation in Android malware detection.By analyzing the features,it is found that the feature whose occurrence frequency in benign applications is more than that in malicious applications can also be used to help distinguish applications.Finally,this dissertation analyzes the Information Gain and Pearson Correlation Coefficient of features to determine the feature set containing 425 features.The overall accuracy of Android application classification is 97.9%.and the precision of Android malware de-tection is 99.3%.