Key Technologies Of Android Malware Detection Based On SVM

The number of Android applications rapidly increase which makes the Android platform a major target for attackers.Android malware attacks to steal valuable information in a variety of ways,for example,charging maliciously,stealing personal and financial information,advertising maliciously and etc.Therefore,the detection and classification of malicious software on the Android platform has become the focus of the research.The difficulty lies in classification.The current problem of research is that the collection of unnecessary features during the execution of malware detection would lead to degradation of the performance of the machine learning classifier.This paper proposes a comprehensive detection model combining static detection and dynamic detection which would overcome the above problems.The main contributions of this article are as follows:(1)Based on Android permissions and system calls,this article proposed the comprehensive detection model based on static and dynamic detection(DMSD).DMSD first checks the initial security of software in the static detection,and then performs dynamic detection based on support vector machine(SVM)classifier.The machine learning classifier performance is optimized by selecting the features and a suitable classifier.(2)This paper designs a static detection module,which uses the combination of malicious permissions in a malicious dangerous permission database.There is a clear difference between the combination of normal software permissions and the permission of malware,and these differences can help distinguish them between normal and malicious software.After the decompilation technique,the rights information in the configuration file is analyzed.Compared with the malicious permission combination in the malicious dangerous permission database,the model can determine whether it is malicious software.Although the static detection module has a low accuracy and a high false positive rate,it can give a direct and quick judgment.(3)In the dynamic detection model,an Android malware detection method CSCdroid based on SVM has been proposed.It is divided into two parts.The SVM classifier model is established first,and then the SVM module is used for prediction later.Classifying by contribution levels of system calls(SCs),depending on the level of contribution,CSCdroid can classify the SC into two categories,namely,a defined SC and a normal SC.Then,CSCdroid constructs the target feature vector through the determined SC witch uses a Support Vector Machine(SVM)to detect Android malware.The experimental results show that the overall detection rate of malware is above 95%,basically achieving the expected results.The inadequacies of this article are as following.(1)In static detection,only the feature of permissions is extracted with not using other potentially useful features.Combining with other features maybe expected to improve the accuracy of the results.(2)In dynamic detection,the selection of detection features for SVM and that of kernel functions,and etc can be further improved.