Research On Android Malware Detection Method Based On Multi_feature

Nowadays,using smartphones seems to be an inseparable part of modern people's life.Smartphones make daily activities much easier than without them.Android operating system based smartphones occupied the primary market share of smartphones.There are many ways,which are provided by Google itself and some smartphone_making companies' third_party app store,to download an application for an Android smartphone.Illegal downloading resources,which can't ensure the safety of applications,are the majority basement of malware applications.A large amount of malware is threating the safety of user's properties and private information.Lacking the safety conception,the Android users are exposing themselves to the malware.This paper proposes a method that can detect malware before users install malwares into their smartphones to deal with malware issues.Firstly,in the paper,after an in-depth study of the Android operating system's framework and the structure of APK files,we present a feature combination,which contains permission name,action name from the intent_filter label,category name from the intent_filter label and *.so files name,for malware detection.According to the feature combination that we have got,we have collected 2,000 benign samples and 2,050 malware samples and build a sample matrix by extracting features for samples.Secondly,based on other researchers' works of Android malware detection,we propose a new method of feature selection,which is the combination of chi2 test and ExtraTrees,to get better feature set and build the final sample matrix.We calculate the chi2 scores,keep those features with the high scores and delete those with low.Then,build an ExtraTrees on the new Matrix we just have got,and sort the features with their importance scores.Keep the high_importances features again and update the sample matrix with the remain features.Thirdly,boosting algorithms that include Adaboost and GBDT are used in the progress of classification.Adaboost,GBDT,Xgboost,LightGBM and CatBoost,especially the two newest implementations of GBDT—LightGBM and CatBoost,are been tested on the final sample matrix.Choosing the top three performed algorithms based on their performances of accuracy,hit rate,precision,recall,and F1 measure.By using the results with weights of Adaboost,Xgboost,and Catboost,a weighted voting model is built for the improvement of classification.Finally,with further experiments,we have confirmed the fact that CE feature selection method can reduce the time cost of feature selection and classification progress,shrink the size of sample matrix dramatically,and maintain the accuracy of classification algorithms at the same time.With the help of the feature's combination that we provided,CE feature selection and Voting model,the accuracy is 97.33%,and the hit rate is 98.73%.