Research And Implementation Of Android Malware Detection Methods

Android is an open source system and many handset makers have developed the Android system twice,which expand the android market share greatly.Hence,many lawbreakers find the exploitable loopholes and develop the malicious Android applications to achieve illegal profits.Thus,in order to protect users' privacy and data security,the detection technology against malicious Android applications has become one of the hottest topics recently.We all know that static analysis cannot bypass code confusion and reinforcement and dynamic analysis cannot guarantee that each line of code will run completely.Aiming to overcome those shortcomings,this paper,combining the properties of static and dynamic analysis,proposes a detection method against malicious applications based on ensemble learning and has realized the detection system.The specific research work carried out in this paper is as follows:(1)In order to overcome the low detection efficiency of single static or dynamic detection,this paper combines the two methods and extracts the hybrid features to characterize Android applications.In order to overcome the problem that single classification algorithm can not make full use of the feature information,this paper proposes the detection method against malicious applications based on ensemble learning.This method uses multiple classification algorithms to establish the base classifier and filtrates the base classifier with good performance by checking accuracy and diversity.And the integrated strategy fusion base classifier is further designed to realize the malicious application detection.5000 samples are used in the experiment and the result shows:1)the detection effect based on ensemble learning is better than those of single classifiers;2)combining static and dynamic features can improve the classification efficiency.3)filtering base classifier by checking can improve the classification efficiency of detection model.It can reach the accuracy of 98.3%through the method of this paper(2)This paper proposes the maliciousness detection method,design and realize the Android maliciousness detection system-DroidSafe.This paper mainly describes the architecture design and function module design of the detection system,and analyzes the key business process.In terms of key technical implementation,APK analysis is emphasized to obtain the method of achieving hybrid features,including the access of permissions features,sensitive API features and third-party library features through anti-compilation retrieval;Monitoring API calls and system resource consumption is realized in the Android virtual machine by Hook technology.Finally,this paper displays the realization results of the system.