The Study On Detection Of Android Malware Based On Permission Characteristics

In daily life,the appearance of mobile phones has brought endless convenience to the contemporary people,and it plays a more and more important role in the daily life.At this point,the operating system also has a wide range of versions.As a support platform for smartphones,it is also gradually extended to the world in the people's life.The market share of Android has been increasing year by year,and it has become the most popular operating system.The increasing demand for permissions has led to a growing number of applications for malicious rights that steal privacy or compromise the security of personal property.Therefore,this paper makes a thorough research on the detection of Android malware based on permissions.1.An Android malware detection method based on improved naive Bayes algorithm is proposed.Firstly,the method of combining the Pearson correlation coefficient and the chisquare test is used to preprocess the training sample set of Android malware.The Pearson correlation coefficient was used to find the attribute features that had a greater impact on the classification,after the chi-square test was used to filter out the redundant features between the attribute features,it will improve the independence between attributes and pave the way for the next naive Bayesian classification algorithm.Secondly,in order to effectively improves Weighted Naive Bayes,this paper according to the thought of information gain rate and mutual information and using information gain rate and mutual information to calculate the weight of attributes and normalize them.The weight obtained effectively avoids the problem of poor classification results caused by the same weight of attributes.Meanwhile,this paper use the principle of Jelinek-Mercer smoothing technology,and it obtains the optimal value of the model parameter? through a series of simulation experiments and analysis to solve the problem of classification “zero probability” in Naive Bayes algorithm and have a good classification results.Finally,through a series of experimental analysis,the detection rate of malicious applications is TNR 90%,and the overall detection accuracy is ACC 91%,which is higher than the result of Patrick p.k.chan and Liang Shuang.The experimental results show the rationality and effectiveness of the detection method in this paper.2.A classification method of Android malware based on improved k-modes clustering algorithm.After getting the Android malicious application,the density peak clustering algorithm is introduced to initialize the k-modes cluster center,which avoids the sensitive problem of cluster center selection.And using the improved k-modes clustering algorithm to obtain three clusters.In the three kinds of clusters,and calculating the number of key privileges accessed by all samples in each cluster and the number of times the key privileges are accessed in the cluster,and dividing the three malicious program clusters into high-risk malicious applications,ordinary malicious applications and low-risk and no significant harm to malicious applications,users can handle different operations according to the harm degree of malicious programs.In the simulation experiment,the k-means clustering method proposed by Isredza Rahmi A Hamid compared with the improved k-modes clustering algorithm proposed in this paper for the classification of Android malicious programs.The evaluation index value is on average 6% lower than this paper,the algorithm in this text has better experimental results.