Research And Implementation Of Malicious Application Detection Algorithm Based On Dynamic Analysis

With the development of mobile Internet,smart phones have become the mainstream devices in the network era,among which Android system occupies the highest share of the smart phone operating system market.At the same time,many malicious applications seriously affect the security of Android system and the privacy,property and information security of users.Through the analysis of Android applications,the detection and verification of malicious applications is an important means to protect Android security.In this paper,based on the existing Android security research,we design and implement a dynamic behavior feature information acquisition and feature processing scheme,and propose a dynamic analysis-based Android malicious application detection model.This method can automatically collect the framework layer API call information during Android application running,and extract the statistical characteristics and timing characteristics of Android API call information.A model of malicious application detection algorithm,LR_XGB model is proposed,in the detection stage.The model takes Logistic Regression as the primary learner and XGBoost as the meta model,which effectively improves the detection accuracy of malicious application and has faster model training and detection speed.The main research work of this paper includes:(1)This paper summarizes the theory and main technology of Android system architecture and malicious application detection,and analyzes the progress and problems in the current research.(2)Based on the analysis of the dynamic behavior characteristics of malicious applications,the method of obtaining dynamic behavior characteristics information is studied.To solve the problem that it is difficult to obtain dynamic behavior feature information,an API hook module is designed based on the Xposed framework to monitor the behavior feature related API of Android framework layer and automatically collect and record the API call information when the application is running.(3)In the aspect of feature processing of API call information,this paper puts forward a feature processing method which combines the statistical feature and timing feature of API call information.The statistical features are calculated from two aspects:sample dimension and API dimension.The temporal features of Android applications are extracted by N-gram modeling and TF-IDF weight adjustment.(4)Aiming at the problems of easy over fitting and low training and detection efficiency in the current malicious application detection algorithm model,this paper analyzes the advantages and disadvantages of the existing solutions,and puts forward an improved LR_XGB malicious application detection model,which takes Logistic Regression as the primary learner and XGBoost as the meta model.Experiments show that this method effectively improves the detection accuracy and detection speed.(5)The Android application sample data set is collected and established,and the experimental environment is built to verify and analyze the detection effect of LR_XGB model.Combined with the current research progress and the research results of this paper,an Android malicious application detection system is designed and implemented.