Research On Android Malware Detection And Malware Family Classification Based On Multi-context Features

With the popularity of Android applications,the generation and spread of Android malware has exploded,which has aroused great attention to the security of Android applications,and there is an urgent need to develop effective solutions to prevent malicious attacks.At present,commonly used solutions include stain analysis method based on data stream and malicious detection method based on machine learning.Because the stain analysis method based on data flow needs to analyze the mechanism of malicious behavior of the program,it has the disadvantage of high complexity.The machine learning-based detection method establishes a mapping model of features and behaviors through statistical analysis of program features,thereby judging the maliciousness of the program,which has the advantages of simplicity and high efficiency.However,the existing machine learning work still has the following problems:?Because the selection and generation of features are the main factors affecting this method,and most of the existing work selects features without completely checking the program architecture,so it is lost Important semantic information related to features,resulting in low detection accuracy;? This method treats malware detection as a binary classification problem,which can only determine whether the program is malicious,and cannot let users know the specific malicious behavior of the program.Therefore,this paper proposes a method for Android malware detection and malware family classification based on multi-context features.The main research contents are as follows:(1)Malicious judgment based on multi-context features.In order to solve the problem that the traditional machine learning-based detection method loses the semantic information of the program,this paper selects sensitive permissions,generalized sensitive API and sensitive system broadcast as the original features,and combines the original features with their context to form the program features,thus the semantic information of the program Taking into account,the final classification using machine learning algorithms.In addition,in order to effectively extract features,an iCFG based on a callback function is constructed,and a set of reduction rules applied to the graph are defined,which can reduce the graph size without losing graph information;(2)Malicious family classification based on text analysis technology.Applying text analysis technology to the family classification problem of malicious programs,first analyze the behavior characteristics of the programs in each malware family,then construct a family feature vector for each family,and finally construct a family classifier,which is judged as malicious in(1)But the program of the unknown family makes the family prediction;(3)Security summary generation based on manual analysis.First extract the common behavior of applications in the Android malware family,and use this behavior as the malicious category generated by the family,then manually analyze the extracted common behavior to generate a security summary for each family,and finally predict in(2)Based on the family to which the malicious program belongs,the safety summary of the malicious program is given through the family safety summary.