Research On Maliciousness Detection Methods For Android Applications Based On Automatic Category Determination

Malicious apps on smart mobile devices steal private user data through illegal permission calls.In order to protect the legitimate rights and interests of users,smart mobile devices generally use the app store model to provide download and update services of legitimate application packages.The app store first conducts a malicious app detection,and only after the detection is passed will it be available for download.At present,the app store adopts the technology based on the application permission call feature analysis to achieve malicious application detection,but there will be a large false detection rate based on permission call alone,mainly because:(1)the same permission call in different applications or different scenarios to determine the legitimacy of different,for example,social chat applications to read the address book permission is generally considered a legitimate act,but the picture taking applications to call the permission is generally considered a malicious act;(2)part of the permission call and the application is not very relevant to whether it is a malicious application,and the degree of correlation between the permission call features of different application categories also varies,traditional detection methods will extract all permission features for analysis,which will lead to increased detection time and higher false detection rate.Based on the above analysis,this paper proposes an Android malicious application detection mechanism based on application category adaptive matching,which automatically determines the category of the application to be detected,and on this basis,determines whether the application to be tested is a malicious application based on the permission feature.The specific process is as follows: first,the application category automatic determination method based on semantic analysis is used to label the application to be detected;then,the sensitive permission feature collection corresponding to each category label is obtained by the feature selection method based on permission sensitivity;then,the permission call situation of the application to be detected is compared with the sensitive permission feature collection,and the permission call situation is quantified into numerical features measuring the maliciousness and benignity by the feature processing method based on permission weight assignment;on this basis,the classifier model is constructed and parameter optimization is performed to complete the work of Android malicious application detection.The main work and innovations of this paper are as follows.(1)At present,Android app stores generally use manual methods to determine application categories,but in the context of the increasing number of applications in the app store,manual methods are too inefficient.In response to the above problem,this paper proposes a semantic analysis-based automatic application category determination method,which does not need to study the application code file,but rather,by semantic analysis of the application description information text,the basic function of the application is determined and the correct category label is applied,greatly improving the application classification efficiency.The method first uses TF-IDF algorithm to extract the feature words from the application description text,then uses the improved BOW model to process the feature words into digital vectors,and finally inputs the digital vectors into the classifier model constructed by the traditional machine learning algorithm and the deep learning algorithm respectively to process the category determination of the application,and compares the performance of various models in terms of classification accuracy and efficiency.(2)To address the problem that the same permission feature in different categories of applications has different strengths in distinguishing between malicious and benign,this paper proposes a permission sensitivity-based feature selection method to obtain the sensitive permission feature set corresponding to each category label,and only need to analyze the permission features within the sensitive permission set to complete the filtering of invalid permission features when conducting Android malicious application detection.The method first transforms the application permission call information into a two-dimensional permission matrix,then calculates the permission sensitivity of all single permission features and permission feature combinations under different category labels based on the matrix,and finally extracts the sensitive permission feature sets corresponding to each category label separately by dynamic threshold adjustment.(3)In view of the fact that the binary value method adopted by the traditional permission analysis method can only reflect whether the permission feature is invoked or not,but not the shortcomings in distinguishing the intensity of maliciousness and benignity of the permission feature,this paper proposes a feature processing method based on permission weight allocation,which is used to process the applied permission invocation information into numerical features that measure the intensity of maliciousness and benignity.The method firstly classifies permission features into two categories of overflow and lost permission according to the distribution of permission feature calls in malicious and benign applications,then assigns weights to these two categories of permission features to measure the strength of the distinction between malicious and benign,and finally quantifies the permission calls to be detected into digital features according to the assigned weight value.(4)This paper obtains 4527 Android applications from Huawei App Store,which constitutes a benign sample set,and 3434 applications from the open source malicious application database Virus Share and Drebin,which constitutes a malicious sample set for testing the performance of the Android malicious application detection mechanism proposed in this paper.Experiments show that the parameter-optimized best model accuracy rate of the application category auto-determination method based on semantic analysis can reach 91.65%,and the time to determine a single application category is only 0.5090 s,which ensures a stable accuracy rate and greatly improves the efficiency of category determination compared with the traditional manual method;the parameter-optimized best model accuracy rate of the Android malicious application detection method can reach 92.17%,and the accuracy rate can reach 94.68%,which is 62.51% less than the traditional permission-based detection method.