Research On Android Malware Detection Technology

With the rapid development of the Internet,the number of the smart phone has also grown rapidly.The smart phone has become an essential electronic device that integrates communication,shopping,entertainment,and mobile payment function from a single device.In many smart phone operating systems,Android smart phones also take the lead in absolute advantage.Due to the unique open source nature of the Android system,android operating system is the first in the world.Malware has emerged in android system.From adware,malicious chargeback software to spyware,tracking software.Malware has brought great threats to mobile phone users.How to detect Android malware is a problem that needs to be solved urgently.Being faced with the upgrade of malicious software,Android's own security mechanisms and traditional detection methods are not valid.This paper includes the behavioral characteristics of malware and a system is based on multiple features.Combined with machine learning algorithms,this system is more efficient and precise.The following three aspects are contributed to this arcticle.First,in the data preparation phase,a large number of malicious software samples are obtained from foreign malware websites through web crawlers,and normal software samples are obtained from the domestic Android application market and github.Second,the feature extraction and optimization phase: handle the sample software by writing an automated script using the decompilation tool APKTOOL,and then obtain the API and permissions information through regular matching and automated extraction techniques.For the sensitive API,the IG algorithm is used to optimize the sensitive API.For the permission information,the chi-square algorithm and cluster algorithm are used to obtain the optimal characteristics.The Fourth,the optimal number of APIs and permissions for the experiment are selected to detect unknown malware.Lateral testing and longitudinal testing are used to test various aspects of the system.Compared with the single features,According to the results,it can be analyzed that combining the improved random forest algorithm with multiple characteristics achive higher result,it can meet the current demand for Android malware detection.