A Method Of Hybrid Analysis Of Android Malware Detection Based On Multi-feature

With the development of technology,we have now entered the 5G era.In addition to daily communication,the role of smartphones in daily life is becoming more and more important.In the market share of mobile devices,the Android system has the largest market share in the world.Corresponding to this is the explosive growth of application software.Coupled with the open source nature of the system,the number of malicious applications has also increased.The increase in this has made the security problems faced by the Android system more and more severe.How to effectively detect Android malware has become a research topic for many researchers in recent years.So far,Android malware detection technology can be roughly divided into three categories: static analysis,dynamic analysis and hybrid analysis.Due to the rise of artificial intelligence related technology,most of the detection schemes proposed by researchers now use the relevant knowledge of machine learning,but most of the detection schemes now have a disadvantage.With the development of malware,the performance of these detection schemes will decrease significantly over time.A new sample set is needed to update the detection model.If you add the frequency of new samples is too high,requiring huge labor costs.In view of the above problems,this thesis proposes a hybrid analysis scheme based on multi features,which is divided into two parts: static analysis and dynamic analysis.In the static analysis,this thesis extracts the API interrelationship from Google's official Android API reference document.Through the Trans E algorithm,all the entities and relationships in the relationship graph are converted into vector form,and then the API entities are classified according to the similarity of behavior using the clustering method.Finally,the features such as API calls and permissions obtained in the static analysis stage are combined with the clustered relationship graph to slow down the aging rate of the detection model.Due to the limited use scenarios of static analysis,it is impossible to accurately detect certain malicious behaviors that are dynamically loaded during operation.Therefore,this thesis proposes a hybrid analysis scheme based on multiple features on the basis of static analysis.This solution judges whether dynamic analysis is needed by determining the credibility of the test results obtained from static analysis.In the dynamic analysis stage,scripts are written to greatly simplify the execution process of dynamic analysis and improve the detection efficiency in the process of dynamic analysis.At the same time,in the dynamic analysis stage,in addition to API calls and permission features,it also increases the traffic features that cannot be obtained in the static analysis stage,and uses the information gain algorithm to filter the obtained traffic features,so as to improve the detection accuracy.Finally,the data set is allocated according to the ratio of 1:9 between malware and benign software in reality,and sorted according to the time of software appearance.After sorting out,this thesis selects 5154 malware and 46393 benign software that span five years as the data set.In the experimental stage,the API call,permission features,and the relationship diagram are combined before and after comparison.The experimental results show that the method proposed in this thesis has a 20% slowdown effect on the model's aging speed,and its effect is 16.1% better than that of the model Droid Evolver proposed in 2019.Subsequently,the detection results of static analysis and the results of hybrid analysis were compared,which verified that the detection accuracy of the hybrid analysis method proposed in this thesis was higher,reaching 97.3%,which has exceeded the average value of many detection methods.Therefore,the method proposed in this thesis can effectively prevent the detection model from aging while ensuring the detection accuracy.