Research On Android Malware Detection Method Based On Permission

With the rapid development of Internet technology,the mobile terminal represented by the Android operating system has become an indispensable and important device for people to study and work.While bringing great convenience to people's lives,a large amount of privacy data is concentrated on mobile Terminals,once leaked,will pose a great threat to the safety of users' funds.In addition,the high use frequency of mobile terminals has led developers of a large number of malwares,such as privacy theft,to consider them as important targets,which seriously affects the user experience.At the same time,the self-protection,anti-detection,and anti-analysis technologies of malware are also progressing,which has brought great resistance to the security protection of the Android operating system.Therefore,the research on Android malware detection methods is particularly important,which can bring effective guarantees to users' privacy and property security.Based on the analysis and research of current Android malware detection methods at home and abroad,this paper proposes a permission-based Android malware detection method.The main contents are described as follows:1)The current Android malware detection methods(static detection,dynamic detection)are collated and analyzed.The Android architecture,Android security mechanism(permission mechanism,signature mechanism,sandbox mechanism),Android operation mechanism(four major components,startup process,inter-process communication),and APK file structure are studied in depth.2)Through research on traditional Android malware detection methods,a permission-based Android malware detection method is proposed.This method focuses on evaluating the number of application requests and permissions in its Android configuration file.If an application applies for unnecessary permissions,it will perform a risk assessment on them and determine suspicious values.As a result,applications with suspicious values above average are classified as malicious applications.This static analysis combined with machine learning can be used to classify applications by comparing suspicious value data.In addition,this method can overcome many technical problems caused by applications that exploit zero-day vulnerabilities and is equally applicable to the classification of new applications.3)Based on the research on traditional Android malware detection methods,a genetic algorithm based Android malware detection method is proposed.This method uses three different machine learning algorithm classifiers(Naive Bayes,Decision Tree,Support Vector Machine)to classify applications using a subset of permissions selected by genetic algorithms.The results show that in the test of the application sample data set(including malicious applications and benign applications),the combination of support vector machine and genetic algorithm achieved the best detection rate.