Android Malware Detection And Analysis Based On Behavior Features

With the widespread popularity of the Android operating system,the amount of Android malware is increasing,which poses a major threat to the privacy and property security of users.Therefore,it is of great significance to detect malware and protect users' information security.In order to prevent Android malware,improve the detection rate and reduce the false positive rate,this paper mainly studies malware detection technology based on behavior feature analysis.It does not need to perform heavy code checking on applications,and malware can be identified by lightweight detection.The main contents are as follows:(1)Malware detection scheme based on multi-level feature extraction.This scheme decompiles the APK file and extracts permission features from the code,and then generates high-order permission combinations to characterize the application.The detection model is builded to identify malware.Experiments show that this scheme is superior to SigPID,and can achieve 97.88% malware detection rate.(2)Malware detection framework on the basis of multi-strategy combination.This framework performs static analysis on the APK file and extracts five sorts of behavior features,and then filters and selects the most informative feature subset to characterize the application.Finally,ensemble learning are used to vote to predict the application class.Compared with the comparison approach,the false positive rate is reduced by 2.85%,and other detection indicators are improved by about 2%.(3)Rule matching based application vulnerability analysis scheme.This scheme establishes a rule base containing 46 vulnerabilities.Then based on the detection results of the first two schemes,it extracts malware source code and performs string or regular matching with vulnerability rules to effectively detect the vulnerabilities in the code.Vulnerability analysis helps to enhance the security of Android applications.In general,this paper systematically studies the Android malware,and proposes innovative malware detection approaches and a vulnerability analysis scheme.While effectively detecting malware,it also provides reasonable suggestions for improving the security of Android.