Android Malware Detection Method Based On Sensitive Permission And API

With the development of mobile technology,software enriches our daily life,meanwhile the number of malware continues to rise,users' privacy leaks,mobile phone deductions and other incidents occur frequently,causing harm to the property and privacy of the users.Therefore,efficient detection of Android malware has become a research focus in the field of smart phone security.Considering the mismatch between the accuracy and efficiency of malware analysis tech,nology,a static detection method based on sensitive permissions and sensitive API is presented based on sample decompile,feature information extraction,feature information processing and fuzzy analytic hierarchy process.The following researches are done in this paper:(1)the process of decompile processing is studied.Taking Android malware family name as entry point,we studied malicious applications of different malicious families,and classified them by malicious family names.The emphasis is on the decompile operation of the sample software.(2)extraction of feature information.This paper analyzes the global configuration files and smali files,extracts feature information and stores therm in a unified format.(3)feature information processing.The privilege information is processed to get the permission frequency value text and permissions sensitive intensity text.The API information is processed to get the API frequency value,and at the same time,the API sensitivity sequence is determined to determine the API sensitive intensity.Taking these four data as the influencing factors,we use the fuzzy analytic hierarchy process to determine the threshold,and propose a static analysis method of Android malware.(4)method implementation and evaluation.By testing two kinds of software tests,the ratio of this method and the other three methods on the five measure indexes is collected,and the validity of the method is higher and the setting of the threshold is relatively reasonable.Using this method,the classification accuracy is achieved,and it can quickly and efficiently discriminate malicious value for a large proportion of Android software.This paper has the following innovations:(1)the establishment of permission frequency value and API frequency value.Taking the privilege frequency value setting as an example,considering the gap between the number of privileges is too large,in order to show the gap and reduce the error caused by the large gap,this paper adopts frequency linear operation to set the frequency value of the authority.(2)setting of API sensitive intensity value.The API corresponding to sensitive permissions is used as sensitive API,and API sensitive strength value is set according to the traceability calling sequence of sensitive API.(3)setting the threshold using FAHP.The influence degree of influence factors is converted to numerical value,and thresholds are determined through weighting and distributing factors.