Research And Design Of Android Malware Detection And Analysis System Based On Machine Learning

The Mobile Internet is now developing rapidly,and the Android system,which accounts for 76%of the mobile operating system,has also been widely spread and popularized.However,due to its openess,the Android system is facing a serious threat from hacker attacks,among which Android malware is the main threat.To cope with the challenges of malware's variants and the rapid increase in number,this paper focuses on the Android malware detection and Android malicious family analysis algorithm based on machine learning algorithms.By designing an online Android Malware detection and analysis platform,the algorithm can be well applied to practice,thus ensuring the ecological security of Android platform applications.Firstly,research on the precise lightweight Android malware detection algorithm.To make model more lightweight,this paper adopts the feature selection method based on support degree filtering+Lasso LR model,which greatly reduces the feature space dimension.In order to achieve accurate malware detection,this paper uses Field-aware Factorization Machines(FFM)model as the classifier,achieving the detection performance of F1 score 0.99087.Besides,research on Android malicious family classification algorithm based on multi-feature fusion of bytecode images.To further determine the according malicious family of the malicious application,this paper conduct study based on the bytecode images,which have texture differences among different malicious families,this paper extracts the binary bytecode images from the APK for visualization,and by fusing the three image features of GIST+GLCM+CNN,then obtains an accurate Android malicious family classifier,achieving the classification performance of Macro F1 score 0.92297.Furthermore,proposing a malicious family feature association analysis method based on TF-IDF value of each feature.In order to analyze the behavior information of malicious families,this paper uses FP-growth association analysis algorithm to mine the association feature information of each Android malicious family.At the same time,to solve the unintuitive problem of too many related feature items in the association analysis,this paper calculates the TF-IDF values of each feature and its combined items,according to which the important feature combined items are recalled and ranked.Finally,lightweight deployment of machine learning models based on the Django framework.In order to deploy the above algorithms,this paper designs a Django-based Web online detection and analysis platform to provide convenient,stable,and accurate Android malware detection and analysis services,thus helping to speed up the application of machine learning algorithms.In the future,we can conduct further research on the Android dynamic detection,incremental learning,and few-shot learning to further improve model performance.