| Android is the most widely used open source system by smart terminals at present.Due to its open source nature,it makes the system easily become the main object of malicious program attacks,thereby affecting the system security of smart terminals.Therefore,detection of malicious programs of Android system is one of the means to prevent Android systems from being attacked by malicious programs.At present,detection techniques for malicious programs in Android system mainly include detection technologies based on static detection methods and detection technologies based on dynamic detection methods.Static detection methods are prone to false alarms when detecting some malicious programs that disguise themselves,and detection results are not good;the detection method needs to consume a large amount of system resources in the detection process,and it is easy to become a bottleneck for improvement of the detection effect.For the existing problems,this paper has done the following research work:A static detection method for malicious programs based on improved Naive Bayesian algorithm is proposed.The method overcomes the assumption condition that the characteristic attributes are independent from each other in the Naive Bayesian algorithm.Firstly,the features used by the traditional static detection methods are optimized,and the rights features are combined with the sensitive API features.Then the final optimized feature set is obtained by using the Information Gain and Chi-square test combination algorithm to clean the interference data.Finally,aiming at the shortcoming that the traditional Naive Bayesian classification algorithm cannot distinguish the importance of features,each feature attribute is weighted.The experimental results show that the static detection method of malicious programs based on improved Naive Bayesian algorithm has significantly higher accuracy than the traditional Naive Bayesian malware static detection method.This paper proposes a SVM(Support Vector Machine)dynamic detection method of malicious programs based on K-Nearest Neighbor,which overcomes the shortcomings of long training time and large memory consumption in traditional SVM when solving large sample problems.Firstly,the training sample set is formed by collecting the runtime status information such as the traffic consumption and the CPU usage time of the normal program and the malicious program in the Android system.Then,the K-Nearest Neighbor method is used to optimize and reduce the training set data,so as to reduce the duration of classifier training and reduce the CPU resource consumption.Finally,the reduced data set is used to train the improved SVM.The experimental results show that the K-Nearest Neighbor SVM malicious program dynamic detection method has a significantly higher accuracy than the traditional SVM malicious program dynamic detection method.A malicious program detection method combining the static detection method and the dynamic detection method was proposed.The collected data was used to test and analyze the malicious program static detection method and the malicious program dynamic detection method.Combining the characteristics of the two methods,the two detection methods are fused to improve the detection effect of malicious programs.The experimental results show that the detection effect of the malicious program detection method combined with the static detection method and the dynamic detection method is greatly improved. |
PDF Full Text Request