Research On The Android Malware Detection Technology Based On Dynamic And Static Multi-Feature

In recent years,with the payment on smart phone quietly popular,smart phones have gradually become one of the essential tools in People's Daily life.However,with the closer connection between smart phones and people,their potential security risks have gradually attracted more attention.At the same time,Google App Store lacks powerful detection mechanisms and processes,providing a wide range of possibilities for the release and promotion of malware.Once these malicious applications are downloaded and used by users,it may give users a personal privacy disclosure or huge economic losses,jeopardizing the user's information security.Therefore,how to detect Android applications quickly and accurately has become a hot issue in research.This paper conducts an in-depth study on the related detection methods of Android applications,analyzes the existing research progress and starts from the APIs called by Android applications.The main research results in this paper are as follows:(1)An Android malware detection model based on ensemble learning is proposed for sensitive API calls.A collection of sensitive APIs is generated using a machine learning algorithm by extracting APIs called by the Android application and combining the mutual information model.The first 20 sensitive APIs are selected as a feature library to generate 20-dimensional feature vectors.An ensemble learning model based on kNN classifier,DT classifier and SVM classifier is used to detect unknown Android applications effectively.(2)An Android malicious application detection model based on dynamic sensitive API sequences is proposed.Because the Android APIs are called successively in the time series,the hook method is adopted to intercept and record the API functions invoked by the Android APK file in the running time under the Xposed framework.According to the sensitive API set studied by the above detection method,20 sensitive API call sequences are generated and used as the feature library of the research.A 20-dimensional feature vector is generated and the proposed ensemble learning model is used to detect unknown Android applications.This method improves the disadvantages of static detection proposed before and achieves better detection performance.(3)From the perspective of practical application,a complete set of Android malicious application detection system based on dynamic and static combination is proposed and implemented.The model combines the above two detection methods and supplements them.The effectiveness of the detection system is proved by experiments.At the same time,this paper compared and analyzed the detection tools and methods of other Android malicious applications,and made a prospect for the future work.