Research On Android Malware Detection Method Based On Traffic Features

Internet era has been very convenient and still rapidly developing,it brings a lot of advantage to human life,but everything has its particularity,the developed computer network has also brought a new way of attack.According to the recent statistics from Gartner,a third-party statistical authority,Android has occupied global market share of 87.2%,it far ahead of other operating systems and still has great market potential.So,Android can be called the current mainstream mobile device operating system,at the same time,Software in the android App Store,such as Google play,is growing unbelievably.Furthermore,almost all of these third-party applications need to access the Internet to exchange data at runtime or work in networking mode.So,monitoring of software uploads and downloads will be treated seriously.Especially the new born android malware,the traffic characteristics generated by the software can be used as an important basis and reference for differentiating between normal software and malware,the situation is still grim.Currently,due to the widespread existence of malware,the research on the detection of malware is still an important research field.Nowadays,the machine learning algorithm has been developed rapidly and widely used in many fields.On the basis of reading and analyzing relevant literature,this paper puts forward an improved Bayesian prediction model based on Bayesian method,and our purpose is increasing its applicability to fit the circumstance which we met.First,the natural logarithm is used to correct result when the multiplication is performed,compared with the original algorithm,the time complexity will be surely reduced.Secondly,the Laplace smoothing is introduced to modify the results.Third,we process feature values on a case-by-case basis.For example,probably,the feature is continuous and clustered in a certain interval,the Gaussian distribution will be used to build the probability distribution.The parameters of Gaussian density are set by the mathematical expectation and variance of the training data,and the corresponding Gaussian density will be used to compute.Through repeated experiments and analysis of the results,it is concluded that the improved Bayesian model classifier based on traffic characteristics has better classification effect,and also provides a new method and train of thought for Android malware detection.