Design And Research Of Android Malware Detection System Based On Machine Learning Algorithm

With the rapid development of the mobile Internet,the number of smart mobile terminals on the Android platform has grown rapidly.Compared with traditional mobile phones,smart phones have many new functions in addition to basic call and text messaging functions,such as shopping,going to the vacation,mobile office,social communication,financial transactions,etc.It can be seen that smart phones have covered all aspects of people's daily life and work.Due to the open source of the Android system and the openness of the Android application market,the malware of the Android system has rapidly grown and the security issues have become more and more serious.At the same time,the lack of professional safety knowledge and high security awareness of ordinary users makes this situation even more severe.Therefore,in this background,how to provide ordinary users with simple operation and intuitive detection software detection system has become an urgent problem.This paper designs and implements a malicious application detection system based on permission for ordinary users,which makes the software detection process more standardized and simple,and the detection results are more intuitive and clear.The main research results of this paper are as follows:(1)It is proposed to use the distance difference in the minimum distance algorithm and the probability difference in the naive Bayes algorithm to measure the security value of the Android application to be detected.(2)Realize the extraction of various features of APK files.Through decompilation and decompression of APK files,useful feature information such as AndroidManifest.xml and digital signatures are extracted.(3)The use of mutual information in information entropy for feature selection.The article uses mutual information to quantify the correlation between permissions and categories,permissions and permissions,so as to select appropriate permission features for the algorithm.(4)Use the Androguard open source project to detect application overflow privileges,thus providing users with a secure permission strategy for installing software.Finally,the test accuracy,safety value distribution,system efficiency and system robustness of the system were tested.The test results show that the system's detection efficiency and robustness basically meet the target requirements.In terms of the distribution of accuracy and safety value,the Euclidean distance in the minimum distance algorithm has the best performance in measuring the safety value of the software.The accuracy rate reaches 90.26%.The safety value distribution is relatively uniform,and there is no case where the safety value is concentrated in a certain range.Therefore,Euclidean distance is recommended to measure the security value of the software when the user detects the software.