Random Forest Based Malware Detection System On Android

Currently,the number of malware in Android market has been growing up crazily,and Android security is faced with a serious challenge of the flaws of Android's permission mechanism.The solution is more biased towards detection of malicious applications.The existing detection methods are divided into two parts,static method and dynamic method,static method is more lightweight,while dynamic one is more accurate.Generally,the static method uses the permissions and API calls as input,and outputs the detection result by rule matching or machine learning classification model.However,these methods may have noise-sensitive,over-fitting and other issues in the real world.Therefore,in this paper,we present a Random Forest based method to detect android malware.The main work of this paper includes:1.Malware characteristics analysis.The existing Android security mechanisms are intro-duced,and we will also analyze general characteristics of malware in installation,activation,payloads and permissions used by malware.2.Studies in candidate information which can be regarded as feature.Through the analysis of the malware's behavior,the following information can be used as the basis for classifying the goodware and malware,the permission set and size,uses-feature set and size,broadcast action set and size,protected and suspicious API call set.3.A Random Forest method based design of malware detection.The method will judge he existence of the malware,and if it is not existed,the analysis will be done for apk ecompilation,feature extraction and feature vector construction.At last,the random orest classifier will perform the classification and outputs are thus printed.4.Evaluation of Random Forest model.There are two datasets in this paper,dataset 1 contains 16254 normal samples,16235 malicious samples(from 2013 to June 2016),and ataset 2 includes 243 malicious samples(after June 2016).Random forest,other classifiers,and VirusTotal popular scanners are evaluated on dataset 1.The experimental results how that random forest model is better than other classifiers and it has a moderate performance in the scanners.We have also evaluated the performance of the RF on dataset ,the results show that the model has a good predictive ability.5.Implementation of the malware detection system based on Random Forest.