Research On Detection Technology Of Android Platform Malware

In recent years,with the rapid development of mobile Internet,smart phones and mobile devices have gradually become popular in personal or business use,playing an important role in human daily life.Because of the openness and expansibility of Android platform,Android system has rapidly developed into the most popular mobile OS in the world,while becoming the primary target of malicious attackers on mobile terminal.There are a large number of malicious software infiltrating into the Android system,causing great loss of privacy and property for mobile users.Our work begins with studying the static features of malware,and analyzes the security mechanism of Android system and the behavior of malware.Then a complete malware detection scheme on Android platform is proposed,in which the static analysis technology and machine learning algorithm is used.The scheme consists of two parts:the first part finishes the identification of the malware among unknown software,and the second part is responsible for the classification of the identified malware.In the part of identifying unknown malware,our work analyzes the permissions,Intent actions and API features of malware,and then after filtering the combination features of sensitive permissions,Intent actions and sensitive API sequences are extracted as the identification features of malware.In the part of classification to identified malware,our work uses the improved method of keywords weighting in the field of text classification to quantify the degree of association between a certain kind of permission and different categories of malware,so for each access gives different weights,and malicious software applications to be detected all permissions list into can be applied to machine learning classification model of feature vector.Then we assign different weights to each permission,and converts the list of permissions,which are declared by the malware to be detected,into feature vectors that can be used in machine learning classification model.Finally,our work extracts static features in the above two processes respectively,and then uses a fusion model based on Gradient Boosting Decision Tree(GBDT)and logistic Regression(LR)to complete the identification and classification of Android malware.Experimental results show that the malware detection scheme proposed in this paper has a good detection effect.