Research On Android Malware Detection With Multiple Characteristics And Application Risk Assessment

With the convenience that mobile platforms bring to people,people are willing to complete online shopping,social and business activities on mobile devices,which equipped with the Android system are more popular.With the rapidly growing of the Android system,the number of Android application showing a rising trend and being released to the market with the different functions,people can easily download and install the Android applications they need on different platforms.However,more and more people use Android devices and rely on applications,which makes the hackers start to target from computer to mobile phone.The Android platform has been under threading seriously,a number of malicious applications have developed which are used to steal personal privacy and property.This thesis will revolve around Android malware detection with multiple characteristics and application risk assessment,mainly divided into the following several parts:1.Firstly,according to the Android system framework,this thesis paper introduces the linux layer,framework layer,native libraries,Android runtime and application layer.Based on the analysis of Android core components,Android core mechanism and Android security architecture,tag level ratio based on Android Manifest file structure is proposed as feature to detect Android malicious applications.Secondly,in order to reduce the impact of custom permission and custom api and improve the data interpretability,this thesis proposes a hybrid feature selection method to reducing the number of features in dataset,at the same time,combining the joint mutual information maximisation based on subset search to preprocessing the training sample set of Android.Finally,a series of simulation experiments are performed through a single model that based on svm,knn,decision tree and logistic regression and ensemble model that the first level classifier is based on svm,knn,decision tree and the second level classifier is based on logistic regression model.2.After getting the permission and API dataset,the risk attribute dataset is introduced and combining with the equidistant binning and jaccard similarity coefficient to divide the factor sets and generate a multi-factor evaluation matrix.Then,a double weight strategy is proposed,which uses set-valued iterative method to calculate the weight of different factors and the entropy weight method to calculate the weight of different features in the same factor.At the same time,risk assessment is performed for Android applications,using the fuzzy comprehensive evaluation method.