Research On Android Malware Detection Method Based On Dynamic And Static Analysis

In recent years,with the rapid development of mobile intelligent terminal technology,mobile intelligent devices are more closely related to people's life.Due to the open source and popularity of Android system,the number of malware targeting the system increasing dramatically.Android smartphones store plenty of sensitive information,such as contacts,bank accounts,passwords,photos,etc.Hackers use malware to eavesdrop on sensitive information and other personal information on devices,posing a serious threat to users.Therefore,how to quickly and accurately detect Android malware has become one of the hot research directions in the field of information security.This thesis does research into the existing Android malware detection approaches in depth,commencing with the API call sequence and system call sequence to analyze the behavior of the application,and combined with machine learning algorithms to achieve Android malicious code detection.The main research contents of this thesis are as follows:(1)A static detection method for Android malware based on behavior patterns is proposed.The method first extracts the longest valid sensitive API call sequence of the application through the proposed filtering approach,and then an improved sequence pattern mining algorithm is used to mine frequent sequence patterns in the datasets to find representative behaviors.Finally,SVM,RF and MLP machine learning algorithms are used to construct the classifier.The improved sequence mining algorithm solves the problem of unbalance distribution of the number of sensitive API call sequences of the application,and effectively improves the detection accuracy of the model.(2)An Android malware detection method based on system call is proposed.System call records of the Android application are obtained at runtime by dynamically executing the APK file on the emulator.And a set of key system call is generated by the method of chi-square test combined with word frequency,then the key system call sequences are generated based on the filtering of the call sequences.Co-occurrence matrix and word frequency vector are used to model the key system call sequence to construct the feature vector.The detection method considers the continuous,non-continuous relationship between system calls and the frequency of system calls,provides more classification information to a certain extent,and further improves the detection accuracy of the model.(3)By fusing the static detection model and the dynamic detection model,an Android malware detection system based on hybrid analysis is proposed.First,the static analysis module is used to analyze and identify the Android samples,and the unidentified samples will be submitted to the dynamic analysis module for further analysis.By combining the two detection models,the detection efficiency and accuracy can be effectively improved.