Research On Android Malware Detection Technology Based On Functional Classification

Android has become the most widely used mobile phone operating system in the world,which attracts many developers to develop applications with various functions.However,with the rapid development of Android malware,effective detection methods are needed to prevent malware from being released to the application market.The current Android malware detection technologies do not pay enough attention to the application function category.They excessively rely on the similarity between malware,and ignore the similarity of benign applications in the same functional category.As there is no distinction between the functional categories of applications in current research,the number of features extracted is large,but the generalization ability is weak.Benign applications in same functional category have strong similarities in permissions,APIs and APIs' relationship.Therefore,malware detection in the same functional category will further improve the detection accuracy.The premise of high accuracy is a reasonable and accurate application functional classification method.The existing Android application functional classification technology pays more attention to expanding the types of application feature,ignoring the relationship between them,which limits the improvement of classification accuracy.Based on the above considerations,this paper proposes a framework of Android malware detection based on functional classification and similarity calculation.The goal of this framework is to improve the accuracy of application functional classification and malware detection.Firstly,aiming at the problem of application functional classification,this paper proposes an Android application functional classification method based on HITS algorithm.HITS algorithm is used to filter the API features of applications in this method.It sets different weights for API features,and the API which plays a key role in the implementation of application's functionality has higher weight.In this way,this method improves the accuracy of functional classification.This method uses the filtered weighted API features,combined with a variety of static features,and uses the ensemble learning model to classify the applications according to their functions.Through the experimental verification,this method uses the application from Google application market as the data set,and achieves 86.9%classification accuracy in 16 functional categories,which is about 7%higher than the existing research.Secondly,this paper proposes a new method to calculate application similarity.The types of APIs and the relationship between them are taken into account in this method.It builds relationship matrix for APIs according to applications'code logic and data flows and uses matrix operation to calculate the similarity between the two applications.Based on the above two methods,this paper proposes an Android malware detection framework based on application functional classification and similarity calculation.Firstly,the framework classifies the applications and detects malware within the same functional category.This framework uses KNN algorithm for reference,integrates the concept of similarity into the process of malware detection,and proposes an improved KNN algorithm for Android malware detection.Through experimental verification,the framework achieves 99.0%malware detection accuracy,which is about 2%higher than the existing research.This paper proposes a malware detection framework to improve the accuracy of malware detection.The application functional classification method in the framework can improve the accuracy of functional classification under the classification granularity of application market.The framework can help the application market to detect malware,at the same time,classify and manage massive applications.