| With the accumulation of a large number of program samples,machine learning methods,based on data statistics,have become one of the important methods to detect malicious applications.Existing machine learning-based detection methods usually use the permissions or API to represent the application behavior.There are many problems in this method.For instance,feature extraction dimension is too high,insufficient feature selection,and a single classification algorithm can not effectively play the different roles of multiple types of features in malicious application detection.Aiming at these shortcomings what has mentioned above.In this paper,a new Android malicious application detection method was proposed.The main research contents are as follows:(1)For the detection of m,alicious applications,all permissions and APIs are extracted,resulting in high feature dimension and low detection efficiency.This paper summarizes the 50 most commonly used malicious applications and 39 APIs,and uses them as features set.After analyzing a large number of malicious applications,it is found that most APIs and permissions cannot effectively distinguish between malicious applications and normal applications,and feature extraction of all permissions and APIs will result in a large amount of redundant data.Therefore,the feature extraction of the feature set summarized in this paper can reduce the feature extraction dimension and improve the feature extraction efficiency.(2)For the single using API or permission feature can not fully reflect the characteristics of malicious applications,which results in a certain false positive rate.Therefore,th,is paper proposes a multi-feature based Android malicious application detection method.On the basis of preserving the API and permissions,the resource file features,such as components,pictures and interface elements,are added.Finally,these features are saved in the same feature vector set,and a multi-feature detection model is constructed by machine learning algorithm.The experimental results show that the new resource features are easy to extract,and the multi-feature based detection method shows better accuracy than the single feature detection method.(3)Different features of the application will vary in performance on different machine learning classification algorithms,a single machine learning classification algorithm can not effectively play the different roles of different features of the application in malicious application detection.To solve this problem,this paper proposes a multi-feature Android malicious application detection method based on integrated learning.The extracted permissions,API and resource features are trained by different classification algorithms and the results are integrated learning as sub-models.The optimal algorithm for each type of feature is selected,and feature classification is performed on the classification results in the optimal algorithm by means of weighted voting.The experimental results show that the integrated method effectively compensates for the shortcomings of the traditional detection methods,so that Android malicious applications can be detected more efficiently. |