Research On Android Malware Detection Technology Based On Static Code Analysis

The popularity and openness of Android created vast opportunities for mobile application development.However,a large number of malicious applications in the Android market pose a threat to the privacy and property security of Android users.Therefore,there is an urgent need to seek an efficient Android malicious application detection technology to improve the detection capability of Android malicious applications.The traditional malicious application detection scheme has two core problems:one is how to effectively analyze and extract the features that can distinguish between malicious applications and benign applications;the other one is how to choose the most suitable algorithm to detect malicious applications.In addition,the current research on Android malicious application detection mainly focuses on the classification of benign and malicious applications,while the research on the family classification of Android malicious applications is sparse,and it cannot perform fine-grained classification based on the behavior of Android malicious applications.To solve the above problems,we propose and implement the detection technology of Android malicious applications based on static code analysis,which implements the detection of Android malicious applications and the classification of Android malicious application families.The main research contents of this thesis are as follows:(1)Based on Android static code analysis,an Android malicious application detection technology based on a two-stage feature selection algorithm and an adaptive weighted ensemble classifier is proposed to implement an efficient and accurate large-scale Android malicious application detection system.Firstly,to improve the efficiency of malicious application detection,a two-stage feature selection algorithm is designed,which is divided into a filtering stage and an embedding stage.It can select the most effective feature subset from the static features extracted from the Android applications.Secondly,to improve the accuracy of Android malicious application detection,an adaptive weighted ensemble classifier for Android malicious application detection is designed,which takes into account the adaptability between the test sample and the base classifiers in the ensemble classifier.It makes full use of the complementarity between the base classifiers.After conducting experiments on a large-scale dataset containing 7,089 benign applications and 6,801 malicious applications,the proposed Android malicious application detection technology method reached an accuracy rate of 98.91%.The detection effect is better than the traditional Android malicious application detection methods based on machine learning and ensemble learning algorithm.(2)Based on Android static code analysis,a classification technology of Android malicious application family based on a dynamic weighted feature selection algorithm and machine learning algorithm is proposed.The dynamic weighted feature selection algorithm uses conditional mutual information to assign weights based on the relationship between candidate features and selected features,and the weights of candidate features will also change dynamically whenever new features are selected.It implements the selection of highly correlated and low-redundant feature subsets with low time complexity.A variety of machine learning algorithms are combined with the selected feature subset for experimentation,and the classification algorithm with the best performance is selected for the classification of the Android malicious application family.After conducting experiments on a dataset of 4017 malicious applications containing 10 Android malicious application families,the proposed Android malicious application classification method achieves a high average accuracy rate of 99.50%.In summary,the research focus of this thesis is to design and implement the detection technology of Android malicious applications based on static code analysis.The experimental results show that the Android malicious application detection technology proposed in this thesis has strong feasibility and has important practical significance.