Android Malware Detection Based On Dynamic And Static Analysis

With the rapid development of the mobile Internet,the usage of various mobile terminals such as smart phones and tablet computers is increasing.At the same time,mobile operating systems are rapidly gaining popularity.Among them,the Android system occupies most of the market share.The open source feature and the loose policy for app verification at release are important reasons for the popularity of Android.However,this also brings huge security risks.In recent years,the proliferation of Android malware has severely restricted the healthy development of the mobile Internet.In order to protect mobile terminal users from the illegal infringement of malware,relevant researchers have proposed some malware detection methods.According to the detection form and analysis content,malware detection methods are mainly divided into two types: static analysis and dynamic analysis.However,there are still some shortcomings in the existing detection methods.To this end,this thesis proposes effective solutions,the main contents are as follows:(1)Aiming at the problems such as unreasonable sample characterization in static analysis,this thesis proposes a static detection method of Android malware based on sensitive patterns,which aims to find the differences between malware and normal software in frequent combinations of sensitive permissions and API calls,and provides a new perspective for malware detection.In order to improve the mining efficiency of frequent itemsets and avoid the generation of redundant information,the existing FPgrowth algorithm is improved.Aiming at the similarity measurement of sensitive patterns,a dual similarity combining method is proposed.In addition,for the first time in this field,the multi-layered gradient boosting decision trees algorithm is used to train a detection model.Simulation results show that the proposed method can not only accurately identify malware,but also has strong generalization ability.(2)Aiming at the problems such as inefficient model training in dynamic analysis,this thesis proposes a dynamic detection method of Android malware based on traffic analysis to find out malicious behaviors from application runtime traffic.Among them,in order to overcome the problem of the slow convergence speed of the traditional neural network algorithm,the F2S-ELM algorithm is proposed.On the basis of retaining the fast learning speed and strong generalization ability of ELM,the accuracy and stability of the original algorithm are improved.This thesis extracts traffic features from multiple perspectives and proposes a F2S-ELM algorithm based on multi-view learning to build a malware detection model.Simulation results show that the proposed method has excellent performance in all aspects,and verifies its superiority.(3)In order to realize the complementary advantages of static analysis and dynamic analysis,this thesis designs and implements an Android malware detection scheme based on dynamic and static combination analysis,which makes a decision for detection process by the confidence index.Simulation results show that the scheme has a good detection effect.