Research Of Android Malware Detection With Topics And Sensitive Data Flows

The open nature of the Android and the cumbersome third-party application mar-ket have led to an explosive growth in the number of malicious applications,which caused huge financial losses and privacy leaks among users.Therefore,the research of Android malware detection has important significance.Traditional Android malware detection approaches are mainly based on the grammatical features extracted from ap-plication through static or dynamic analysis,because these grammatical features can reflect the behavior of the application to some extent.However,the behavior of an application is closely related to its functions.The same behavior considered malicious in some applications may be normal in a particular application.Therefore,the analy-sis of application security issues should take their functions into account.This article takes full account of the relationship between application functions and behaviors and proposes a malicious application detection method based on topics and sensitive data flows.The specific work of this paper is as follows:1.A method for classifying Android applications by their function based on natural language processing is proposed.According to the description of the application,the topics can be abstracted by the topic modeling algorithm.Then the application can be clustered through the relevance of the topics to classify the applications by their functions,which provides prerequisites for the Android malwares detection.2.A feature abstraction method based on anomaly analysis of sensitive data flows is proposed.Sensitive data flows extracted from application through static analysis are more representative for application's behavior.Therefore,this article uses anomaly analysis algorithm to analyze the abnormal usage of sensitive data flows in same func-tion category combined with the sensitive permission applied by the application,and then abstracts an outlierness vector.It may guide investigators towards potential issues,or inform end users about potential risks.Besides,this vector can also be used to train a classification model to detect malicious applications.3.Considering both the function and sensitive data flows of the application,an An-droid malware detection system based on the topic and sensitive data flow is proposed and implemented.By experimenting on 11451 application samples,the algorithm which is most suitable for this method in five machine learning classification algorithms—random forest algorithm is selected.Besides,multiple sets of comparison experiments are carried out to prove the effectiveness of the malware detection method proposed in this article.What's more,this article provides a macro analysis of sensitive data flows for normal and malicious applications within several function categories,which vali-dates the rationality of the detection method based on the function and sensitive data flows of application.Finally,the detection model trained according to the method of this article gets a good result:the overall application classification accuracy reaches 98.67%,and the precision of Android malware detection reaches 98.76%.