Android Malware Detection Based On Multiple Information Fusion

With the popularization of smartphones,the number of mobile applications has grown substantially.There are numerous mobile system platforms,and the openness and flexibility of the Android system makes it the most popular platform,however,hackers and virus authors are beginning to invest their interest in the Android system platform because of such character,resulting in a massive influx of malware in the application market.It poses a serious threat to users' mobile terminals,it will inevitably bring serious damage to the country and society as well as unimaginable losses if not prevented.Therefore,the security of mobile terminals has become a public concern.The problem has also begun to become the goal of academia and security industry.In recent years,researchers have begun to study the identification of malicious applications from the static analysis,the dynamic analysis and the network traffic analysis.However,due to the limited information at one level and the constraints on information processing and analysis,the existing relevant researches has their own limitations,and there are few study analysis of the relationship between multiple levels in depth.Therefore,this paper focus on above issues and proposed two kinds of intelligent recognition of Android malicious application detection method.First of all,since the subject is identify malicious Android applications from static code,network traffic and geospatial levels and the relationship among levels,and the data sets has become the important problem to be solved,therefore,this paper designed a method of Android application automatic decompilation and geospatial data automatic collection,and network traffic collection platform was built by our team.On this basis,this article collected the source code and the geospatial information of 20000 Android application samples,which solved the problem of data sets at multiple levels,thus promoting the research on malicious application detection by fuse multiple information.Meanwhile,we visualize and analyze malicious Android applications and malicious application families from three different levels,namely,Android source code,network traffic,and geospatial levels,then discover features of malicious Android applications that can be effectively identified from the visual image,and applied to subsequent experiments.Then,aiming at the problem of malicious Android application detection in a single level and limitations,this paper proposes a dual detection method of malicious Android application with smart detection ability,which is carried out from code and network traffic analyses and extraction of features,respectively,then combined with the machine learning algorithm to train a static code-based detection model and network traffic-based detection model,finally use these two detection models to detect malicious applications,thereby enhancing the detection ability and get better detection results.Next,aiming at the problem that the related researches do not analyze and study the relationship between multiple levels,this paper presents a method of malicious Android application detection based on data fusion.This article shows the relationship between the Android source code,network traffic and geospatial levels,and fuse data through this relationship among the above level,then extract features and use the support vector machine algorithm training a malware detection model.Besides,this paper provides explanations for the experimental results,helping users and researchers to have a deep sight of malicious behavior.At the end of this paper,we designs a prototype system of Android malware detection based on all the research production,which can detect unknown Android applications easily.