Research And Implementation Of Android Malware Behavior Detection System Based On Incremental Learning

The development of technology has gradually reduced the cost of making malicious applications on the Android platform,and the number of new Android malicious applications has also shown a continuous increase in the past few years.These applications usually interact with the network while running,thus generating a certain amount of network traffic.There are some differences between the traffic generated by benign and malicious applications,such as the IP address,network protocols,the size and transmission speed of the uploaded or downloaded packets.It is possible to use these differences between different traffic to identify malicious behavior of the application.At present,the methods of Android malicious applications' behavior detection based on network traffic mostly use machine learning.However,these methods still face some problems.One of the important problems is that when the machine learning model is facing the growing and changing Android malicious applications,only constantly updating the model can ensure its detection performance.And the traditional machine learning models can only be updated by retraining,which will consume a lot of time and system resources.In order to solve this problem,this thesis has carried out the following work:(1)This work collected 12 months of Android application samples from October 2019 to September 2020,and extracted 337257 flow data from them.According to the acquired data,we propose a feature extraction method based on Relief and ADASYN.The work at this stage laid a solid foundation for follow-up research.(2)In this work,incremental learning algorithm is applied in Android malicious application detection.And based on the Online-Ada Cost framework,this thesis proposes Online-Ada Cost.HT Android malicious traffic detection algorithm.This method can accurately classify the benign traffic and malicious traffic generated by Android applications,and can effectively deal with the incremental update and imbalanced dataset classification problems faced by Android malicious application behavior detection.(3)An Android malicious application behavior detection system is designed and implemented in this work.The system can detect malicious network behavior of Android malware through network traffic,and supports visual management.In conclusion,this thesis proposes a set of solutions to the problems faced by Android malicious application behavior detection in real network environment,and implements a Android malicious application behavior detection system on this basis,which can efficiently detect malicious applications in Android devices.This research has certain practical value in the industry.