| With the rapid development of the Internet and the gradual popularity of 5G,the use of mobile devices has become more and more common.Among mobile devices,the Android operating system is the most popular operating system.Android is an open source development environment,and malicious people can develop malicious applications,abuse the functions provided by the platform,or add a piece of malicious code to legitimate applications.Therefore,how to accurately and effectively detect Android malicious applications has become the focus of current research.The current detection methods are divided into static detection,dynamic detection and mixed detection.Static detection is performed before the installation of the Android application,mainly by collecting various information of the application.Dynamic detection is to obtain dynamic execution information by executing the application.Hybrid detection is a combination of static detection and dynamic detection.Because static detection does not require an environment to deploy and run applications,it costs less and is more secure,so this article chooses the static detection method.First,for the problem of feature redundancy directly extracted from the application,this paper proposes a two-level feature selection method based on permissions and API.This article selects representative permissions and API features in Android malicious application detection.Because the permissions and APIs extracted directly from the application are large and redundant,which increases the detection time,it is necessary to perform the extracted features.select.Through the two-level feature selection method,redundant features can be effectively reduced,and the detection speed can be improved.Second,in order to solve the problem of low accuracy of Android malicious application detection and imbalance of samples,this paper proposes a class-weighted XGBoost Android malicious application detection method based on artificial bee colony optimization parameters.XGBoost has many parameters and the selection of parameter values greatly affects the subsequent detection accuracy.At the same time,the imbalance between the number of benign applications and the number of malicious applications will also reduce the accuracy of detection.Therefore,this article uses the artificial bee colony algorithm to optimize the parameters in the XGBoost classification algorithm to find an optimal combination of parameters,and then uses a class-weighted method to correct the imbalance of the data set,thereby further improving Android maliciousness.The accuracy rate of application detection.Finally,experiments prove that the two-level feature selection method based on permissions and APIs proposed in this paper can reduce the detection time while ensuring accuracy.At the same time,the class-weighted XGBoost Android malicious application detection method based on artificial bee colony optimization parameters shows better detection performance when compared with other classification algorithms. |
PDF Full Text Request