Research On Dynamic Detection Technology Of Android Smart Terminal Malware Based On Machine Learning

With the rapid development of the mobile internet,smart terminal plays an increasingly important role in people's daily life,among which android based smart terminals occupy more than 80% of the world's market.At the same time,due to the open features of android platform,the number of malware running on the platform is growing rapidly.Thereby the detection technology of android malware has become an important topic for security researchers,among which the dynamic detection technology is one of the important methods.In addition,machine learning theory has been widely used in many fields,which makes the use of machine learning to achieve malware detection technology has become an inevitable trend.In view of this,based on machine learning theory,this thesis makes an in-depth study on the dynamic detection technology of malware in Android smart terminal.The main contents are summaried as following.1.For the defects of current malware detection accuracy and low execution efficiency,a dynamic malware detection framework based on system calls(SC)is proposed.To solve the issue of too many features,a method of feature dimension reduction is proposed.For the issue of the excessive feature redundancy,a scheme based on tagging system call and processing redundant information is proposed.Finally,the features are constructed as the markov matrix and trained by support vector machine(SVM)to realize the detection of malware.Experimental results show that the proposed dynamic detection framework can greatly reduce the detection complexity of traditional malicious applications while maintaining a high detection accuracy.2.A malware family clustering system based on canopy weight k-means(CWKM)algorithm was proposed in view of the variety of malware families and the similarity of software behavior characteristics of the same malware family.In this system,firstly,a behavior trigger is designed to mine the hidden behavior of malicious software,so as to extract the API of software by hook.Then an effective log processing method is proposed.On this basis,the sequence code table of the software sample is constructed.Finally,CWKM algorithm is used to cluster the malware family.The simulation results show that the proposed system can effectively realize the clustering of malware family with remarkable the clustering effect.