| The influence of malicious applications on users has become more and more serious.From July to September 2017.there were 1.88 million malicious application software samples on the Android platform.The criminals use malicious applications to deduct the user's charges,steal user's privacy,and consume user's network traffic.Therefore,it is of great practical significance to research Android malware detection problems.The current research methods mainly use static analysis or dynamic analysis to extract Android application features and combine machine learning methods to detect malicious applications.After researches and analyses,it is found that the current research methods have three limitations:The use of static analysis methods for Android applications which use obfuscation techniques has limited detection efficiency;Using dynamic analysis methods take a long time;Researchers didn't notice the different features that different categories of Android apps have.In view of the above problems,this thesis has finished the following researches:This thesis designs and implements an Android malware detection system based on the category and mixed features.The system combines static analysis and dynamic analysis and extracts the mixed features of Android applications.which remedies the defects of the single analysis method.At the same time,this thesis notices that Android apps are organized into different categories,and the apps under a specific category are similar in their static and dynamic features.This thesis proposes category-based machine learning classier to enhance the performance of classification models detecting malicious apps under a certain category.In the aspect of static detection,this thesis studies the static feature extraction and feature screening of Android applications.Firstly,this thesis improves the traditional decompilation program,and a new decompilation program of Android applications was realized.Then the traditional signature detection technology is studied.For its flaws,this thesis extracts a variety of static features of Android applications by static analysis.After screening,permissions,broadcasting,and API are selected as static features.In the aspect of dynamic detection,this thesis proposes a dynamic analysis method.Using the package name and activity obtained by static analysis as parameters,the hijacked Zygote process extracts the call to the system function from the detected application as a dynamic feature.In machine learning,this thesis uses the static features,dynamic features and mixed features,and combines three different SVM with different kernel functions to finish Android malware detection experiments respectively.Experiments show that the detection effect is best when using mixed features combined with RBFSVM.In order to further improve the accuracy of detection,this thesis associates the functionality of Android application with other applications of this category,and proposes a machine learning classification method based on categories and mixed features.On the other hand,the performance of RBFSVM classifier was improved by AdaBoost algorithm.Taking into account the impact of noise data in mixed features and the defects of AdaBoost,this thesis improves the traditional AdaBoost-RBFSVM by detecting diversity of component classifiers and limiting the weight of samples.Experiments show that the Android application software detection scheme designed in this paper can effectively detect Android malware by classifying Android application software,extracting mixed features,and using the improved AdaBoost-RBFSVM algorithm to train the classifier.Based on the above static and dynamic detection techniques and the improved AdaBoost-RBFSVM algorithm,an Android malware detection system is implemented. |
PDF Full Text Request