Research On Android Malware Detection Technology Based On Permission And API

The endless Android malware has brought threats to the security of wide users.It is urgent to explore efficient methods for Android malware detection.Although the current detection method based on machine learning can detect certain unknown Android malwares,it still contains some problems such as too many features,low detection efficiency and complex technical implementation.This thesis does deep research on the method based on machine learning.Aiming at the problem that high-dimensional features affect the training efficiency of machine learning model,this paper proposes a new feature selection method.This method first calculates the occurrence frequency of features in the malware app and the occurrence frequency difference of features in the malware app and benign app,and then takes the harmonic average of the above two values as the sensitivity coefficient to measure features' performance of recognizing the malware app,finally selects features with high sensitivity coefficients.In the experiment,permission and API features are selected.The results show that the training time of GBDT classification model can be reduced by more than 80% after feature selection while keeping the detection accuracy.Aiming at improving the efficiency of the detection method based on mixing multiple features,this thesis proposes a detection method based on two-level classification.The first level classification uses the permission feature that has fast extraction speed to recognize the malware app rapidly,the app that is unreliably recognized as the malware app and the app that is recognized as the benign app need the second level classification so as to reduce false and missing detection.The second level classification uses the API feature that has high detection accuracy to recognize the malware app or the benign app,which not only keeps the detection accuracy,but also improves the overall detection efficiency.Compared with the method which only mixes multiple API features,the experiment results show that the proposed method can reduce the average detection time by 43% while keeping the detection accuracy of 98.4%.Aiming at the high complexity and heavy workload problem of static code analysis in the detection method based on program structure analysis,this thesis proposes a detection methodbased on deep structure relationship analysis of API.It selects API features with high sensitivity coefficients and analyzes their co-occurrence relationships on the program structure to avoid the global structure analysis of program and lowers the complexity of static code analysis.In order to learn the API feature and its structure relationship furtherly,the co-occurrence matrix is constructed,and Convolutional Neural Network is used to learn to classify the matrix.The experiment results show that its detection accuracy can achieve 99.2%,which outperforms the detection method based on the permission,API and operation code sequence.To sum up,this thesis selects permission and API features,and proposes two novel methods based on them for Android malware detection.Compared with the related research,the two methods have certain advantages in terms of detection efficiency and complexity of technical implementation.