Research On Android Malware Detection Technology Based On Static And Dynamic Combination

In recent years,with the leapfrog development of the mobile communication network from 3G to 4G to 5G,the mobile Internet is gradually penetrating into each field of people's life and work.In the global smartphone market,due to the release of 5G phones and the accelerated clearing of inventory of old devices by relevant manufacturers,Android devices are gaining more market share and various applications are emerging in an endless stream.The number of malicious apps has increased dramatically as many third-party app stores lack a uniform code for reviewing and regulating apps.Therefore,one of the focuses of current research is to develop efficient and automated detection methods to effectively detect Android malware to reduce the infringement of users.In this thesis,a comprehensive detection system based on Android malware is designed and implemented by combining static detection and dynamic detection techniques.The system includes the static detection method based on the image and the dynamic detection method based on the number of system calls,and can realize the malicious judgment of third-party applications.The main work of this thesis is as follows:(1)Starting from the development status of mobile Internet,the security problems of Android smart phones are analyzed.Then the research status of Android malware detection at home and abroad is introduced.(2)The system architecture of Android is introduced in detail,and on this basis,the security mechanism of Android and Android virtual machine are analyzed.Next,the decision tree algorithm and the machine learning algorithms in the papers related to integrated learning algorithm are studied.(3)A static detection method based on the image is designed and implemented,including four parts,feature file selection,source code image generation,entropy image generation and software detection based on improved deep forest algorithm.In this section,two modules of feature selection and subtree weighting are added on the basis of the original deep forest algorithm.The experimental results show the improved deep forest algorithm has better performance,thus the static detection method is feasible and effective in the detection of malware.(4)A dynamic detection method based on the number of system calls is designed and implemented,including three parts,feature extraction of system calls,feature selection based on TF-IDF and distance correlation coefficient,and software detection based on XGBoost and LR algorithm.In this section,the XGBoost model is used to encode the original features to obtain the new features,and then new features are input into the LR model for further training.The experimental results show the proposed method has a high detection accuracy.(5)A comprehensive detection system based on dynamic and static combination is designed and implemented.In this section,the result set of suspicious software is introduced according to the category vector of the static detection output.Then the suspicious software continues to be dynamically detected,and the result is taken as the final classification result of the detection system.The experimental results show the comprehensive detection system is feasible and effective in the detection of malware.