Research And Implementation Of Android Malware Detection Algorithm Based On Ensemble Learning

With the continuous development of smart mobile terminals,the market share of Android devices has increased year by year.As of January 2020,it has exceeded 72.48%,and more than 36 million Android malicious applications have been detected worldwide.It is crucial that fast and accurate automatic classification of Android applications to improve management efficiency.Facing the emergence of new and complex malicious applications,it is easy to avoid the current traditional detection system.We need effective methods to detect malicious programs.The objects detected by the static analysis method of Android applications base on the bottom layer.It is could make the features extracted by static analysis are more comprehensive and the detection method is easy to implement.For applications encrypted by obfuscation technology,semantic analysis can also be used to understand the code logic.The ensemble learning method adopted in this article can make the base classifier "strengthen its strengths and avoid its weaknesses",use less computing resources and training time than deep learning,and obtain better detection accuracy.The main work and innovations of this article mainly include the following three aspects:(1)Expanded the Android application data indicator model.Based on static analysis technology,this paper adds the characteristics of certificate information,hard-coded information,payload information,and code patterns on the basis of existing research features.The feature set constructed in this article expands the breadth of static features and could describe Android applications from more perspectives.(2)Improve the method of determining the weight of the base classifier in ensemble learning soft voting.In this paper,the gradient ascent algorithm is used to determine the weight of the ensemble learning weighted vote,and the ACC result of each base classifier is used as the input of the gradient ascent algorithm,thus obtaining the weight value that makes the ensemble learning effect optimal.Using this method can quickly and accurately obtain the weight value of the base classifier,so that the ensemble model shows more excellent classification performance.(3)This paper proposes a malicious application detection method MASV(Malware Soft-Voting Algorithm)based on an ensemble learning voting algorithm to effectively classify unknown applications.Firstly,the SVM-RFE feature selection algorithm is used to reduce the dimension of features.A set of multiple classifiers,SVM,K-NN,Na(?)ve Bayes,and Random Forest,to detect malicious and benign applications.At the same time,the gradient ascent algorithm is used to determine the weight parameters of the base classifier of ensemble learning soft voting.Experimental results show that this method achieves 99.27% accuracy and false-positive rate of 0.16% in malicious application detection.On the basis of theoretical research,a web-side Android application detection system is designed and implemented.