Research And Implementation Of Malware Detection Methods On Android Platform

Currently,Android mobile operating system is the most popular mobile operating system in the market of all smart phone operating systems.Due to insufficient supervision of the mobile application market and weak security awareness of users,more and more malware come out,so a mature Android malware detection method is particularly important.In this paper,we choose the topic of Android platform malware detection.We analysis of Android malware detection technology in recent years and discuss its advantages and disadvantages.On this basis,we focus on behavioral Android platform malware detection methods.The content of the paper mainly includes the following several aspects:(1)We study domestic and foreign research achievements in the field of Android malware research in recent years.The architecture of Android system,the authority mechanism of Android platform and the common components in Android are also described in our paper.Besides,we also discuss the security mechanism of each layer in the architecture of Android system,including the Linux kernel layer,system runtime layer,application framework layer and so on.At the same time,some commonly used data mining algorithms are expounded,laying a theoretical foundation for the proposed malware detection method in this paper.(2)Aiming at the problem of applying the classic association rule mining algorithm to detection of low detection efficiency in Android malware detection,this paper designs an algorithm of frequent pattern mining based on improved association rule mining algorithm Eclat that we called AEclat.Based on AEclat we design an Android malware detection method.This method mines the correlation between software permissions and constructs a maximal frequent item sets.Then,the distance between the software to be detected and the maximal frequent item sets is calculated.Compared with the size of the threshold we determine whether the software is malware or not.Finally,the effectiveness of this method is verified by experiments.(3)Aiming at the problem that the detection of malware based on only one feature has low accuracy,this paper designs a method based on multi-feature multi-classifier integrated classification.For the different features of the software,we choose the algorithm which has the best classification result on them and then we use Adaboost to improve the classification effect of the basic classifier.Finally,the strong training classifier results obtained by weighted average calculation,as the basis for the final software classification.The effectiveness of the proposed method is verified by experiments.(4)Based on the above two detection methods,this article gives an Android malware detection system.The system is divided into two stages:First,based on the AEclat algorithm to filter out suspicious software;secondly,through the static and dynamic analysis,the different features of the software are obtained.On this basis,we use the multi-features multi-classifier integrated classification method to classify the software to determine whether the software is malware.This article also provides the basic algorithm for system selection and feature selection expansion interface,enhanced system scalability.Finally,the validity of the proposed system is verified by experiments.