Research On Static Detection Method For Android Malicious Application

Android malicious application detection is an important method to ensure user information security.In order to improve the accuracy of Android malicious application detection,this paper conducts research from the three perspectives of feature selection,imbalanced learning,and confrontational attacks,and proposes a feature frequency difference enhancement algorithm for static detection of Android malicious applications,Android malicious based on imbalanced learning Application detection method,and Android malicious application confrontation sample generation and detection method based on feature selection,the validity of the method is verified through experiments and the developed APK detection tool and website.The main research work and results include:1.This paper proposes a feature frequency difference enhancement algorithm.Aiming at the feature selection for static detection of malicious applications,this paper presents concepts such as benign typical features,malicious typical features,and atypical features.This algorithm removes atypical features from static features by calculating the frequency of features appearing in benign and malicious applications.The experimental results on the data set show that the algorithm can effectively remove atypical features from static features and screen out more effective features.2.This paper proposes an Android malicious application detection method based on unbalanced learning.First of all,the method uses a data grouping strategy based on integrated learning to alleviate the imbalance of data,and solves the impact of part of the imbalanced learning.At the same time,in order to further improve the recognition accuracy of malicious applications,this method adopts the strategy of assigning weight to the loss function,and designs a weight value determination method.Experimental results show that the strategies proposed in this paper from two perspectives can effectively alleviate the impact of unbalanced data and improve detection performance.3.This paper proposes a method for the generation and classification of Android malicious applications based on feature selection.In order to clarify the process and principle of adversarial sample generation,this paper designs and proposes an adversarial sample generation algorithm,which generates adversarial samples on real malicious samples.The adversarial samples formed by this method can effectively avoid the detection of multiple classification algorithms.At the same time,based on the analysis of the modified features,this paper designs and implements a multi-feature set detection algorithm.The algorithm classifies features into two categories,uses the two feature sets as the input of the classification algorithm,and determines with corresponding rules.The experimental results show that the method Can effectively detect adversarial samples.4.This paper uses Py Qt and Django technology to develop APK detection tools and websites.The design implements functions such as algorithm selection,APK decompilation,feature extraction,feature selection,algorithm detection,and result display,and successfully applies the research method in this paper to actual APK detection.Main contributions: According to the frequency of features appearing in different types of applications,a feature selection algorithm is designed and implemented;using data grouping strategy and loss function weighting strategy,design and implementation of an imbalance-based static detection for Android malicious applications Learning detection method;based on the distribution of features in two-dimensional space,the principle of generation of adversarial samples is clarified,and effective detection of adversarial samples is realized.