Android Malicious Application Detection Based On Application Classification And Static Features

While the fast-developing Android smartphones bring convenience to people's daily life,the number of Android malicious applications is also increasing,how to effectively discover Android malicious applications has become one of the hot issues in the field of information security in recent years.According to whether or not the application needs to be run during detection,malicious application detection of the Android platform is divided into two detection methods: dynamic detection and static detection.The static detection method does not need to actually run the application program.Instead,it extracts the application program's permissions,API(Application Programming Interface)and other static features,and analyzes its usage to achieve the purpose of detection.However,the traditional malicious application detection method does not take into account that due to different categories of applications have different application requirements and functions,the required access permissions and the required API calls are not the same.If the different categories of applications are used for the same category to be tested,the problem of misjudgement may occur.In response to the above problem,based on the static detection method,this paper further studies and proposes an Android malicious application detection method based on application classification and static features.The main contents of the work are as follows:(1)In this paper,the method of Android application classification is studied.Due to the functions and behaviors to be implemented in each category of application are similar,the permissions to be accessed and the APIs to be called for each category of application should be similar.Therefore,the two representative static features of the permissions and APIs are extracted from the application,and then the data is preprocessed by using the chi-square and Pearson correlation coefficient combination algorithm,then the classification model is formed by using SMO algorithm.After classifying the application,the purpose of malicious application detection is achieved by analyzing the extracted static features.(2)In this paper,a method to quantify the usage of sensitive permissions and sensitive APIs for each category of applications is proposed.Apriori algorithm is used to mine the frequent itemsets of sensitive permissions and sensitive APIs for each category of applications,thus,the sensitive permission threshold and sensitive API threshold for each category of applications are obtained.By comparing the sensitive permission value and sensitive API value of this application under test with the sensitive permission and sensitive API threshold of the category to which the application belongs,to determine whether it is malicious.(3)This paper designs an Android malicious application detection framework based on application classification and static features,and the above method was tested by this framework.The experimental results show that the method is feasible and effective,and the malicious application is detected on the basis of application classification,which improves the permission of detection and reduce the FP rate.