Research On Android Malicious Detection Based On Cascaded Classifiers

With the advancement of technology in recent years,the Android system has developed to a mature stage,which has improved people's daily lives.Mobile phone functions such as mobile payments,live video streaming,and social networking have become inseparable from people's lives.However,accompanied by the development of technology and the huge benefits of the gray industry chain,some malicious Android software has also begun to invade people's lives.Malware's self-protection and anti-detection capabilities are also constantly being enhanced,bringing great obstacles to the development of Android security.Therefore,it is important to research technologies that detect malware and protect people's private data from being stolen and leaked.This paper proposes a malware detection research method based on a multi-feature cascade classifier.This method uses static analysis to detect the Android software installation package,and trains the classifier to classify based on the extracted multi-feature.The research contents of this thesis mainly include the following four points: one is to analyze the security mechanism of the Android system,to study the reasons for the insecurity of the software under the Android architecture,including the sandbox mechanism,the permission mechanism and the signature mechanism;the second is to analyze the routine of malware Behavior,studying the differences between malicious software and benign software in terms of permissions,API calls,and opcodes.Based on this,the Android disassembly file is studied in depth.Third,it is difficult to balance the detection rate by studying the existing Android malware detection methods.And detection time two indicators,the cascade classifier is applied in the field of Android malware detection,using TF-IDF,information gain,and N-gram methods to extract the features of the disassembly file from the permissions,API call and opcode features Matrix,and use the optimized matrix to train different weak classifiers to form an ensemble learning sub-classifier by improving the method;the fourth is to study the cascade classifier when the number of layers is too large,the detection rate will change,and the detection time will increase.Problem,train the hierarchical structure of the best classifier,set reasonable thresholds experimentally,and improve the SVM algorithm and cascade Class series,the optimization of the SVM classifier input features,the cascade classifier+SVM model was applied to the field of Andrews malware detection.In order to verify the feasibility of the cascade classifier+SVM model in the Android malware detection problem,this paper uses experiments to calculate the detection rate,false detection rate,and detection efficiency ratio of the cascade classifier+SVM.The experimental comparison of multiple control groups proves that the cascade classifier+SVM model has an excellent detection rate.The cascade classifier+SVM model and traditional security detection software such as 360 Security Center have higher detection rate and time efficiency,and the model has practical application significance.