Research On Android Malware Detection Method Based On Multi-feature Improved Random Forest

With the development of the mobile Internet,mobile devices equipped with the Android system are emerging one after another.In particular,the market share of Android smartphones keeps increasing year by year,accounting for 87% of the market share in 2019.However,due to the high market share and open source of the Android system,it has intensified the rampant of Android malware,undermined the security of the Android ecosystem,and caused great losses to users and the community.In recent years,the number of Android malware has increased significantly trend.Therefore,the detection of Android malware has become a very important subject.After a lot of research based on previous studies,we propose an Android malware detection method based on improved multi-feature random forest.The main work is:1.We collected a total of 14,540 Android malicious samples and 15,000 benign samples,and then decompiled a large number of Android installation package(APK)files to analyze permission characteristics,API call characteristics,and opcode call sequence characteristics in malicious and benign samples Differences.2.Through the analysis of the characteristics,it is found that the proportion and importance of these characteristics in malicious samples and benign samples are different.For example,in the permission feature,the proportion of network-related permissions in malicious samples and benign samples is not much different,so such features do not contribute much when distinguishing malware from benign software.However,the permissions related to text messages differ greatly in malicious samples and benign samples,and the proportion in malicious samples is significantly higher,so such characteristics have a greater contribution rate to distinguish malware from benign software.After analysis,we finally select some features among the permission features,API call features,and opcode call sequence features that have a large contribution rate to distinguish malware from benign software,and generate a training set.3.We creatively propose to use the two-layer decision principle to improve the random forest algorithm.First,we adopt the random forest algorithm for each of the three optimized feature training sets to obtain a decision result with each feature contribution rate as a weight;The accuracy of the result is used as a weight to make a decision on voting again,and the final classification result is obtained.The comparative analysis of the experimental results shows that the Android malware detection model based on the improved multi-featured random forest has a high accuracy rate of 93%.