Research On Android Malware Detection Based On Software Measurements

Android,as the majority of operating systems in mobile devices,due to the openness of its source code and the insufficient auditing of third-party application markets,various Android malware threat users' privacy,property security,network security,etc.In this case,how to effectively detect Android malware in real scenarios has attracted much attention in both theoretical and practical views.In recent years,researchers have investigated the effective detection of Android malware and achieved quite a lot of progress.However,there are still two shortcomings.Firstly,major existing investigation of Android malware detection emphasizes the improving on the accuracy while pays little attention to false positives and false negatives.Secondly,existing works ignore the inherent space bias and time bias of the goodware/malware datasets in real world,and related models are easy to fall into chaos during malware detection,leading to the false positive.To deal with the above two shortcomings,this dissertation starts from the coarsegrained and fine-grained Android software measurements,and the work is as follows:1)Aiming at the first shortcoming,this dissertation designs a weighted integration algorithm based on information difference by considering the combination mode of coarse-grained measurements permissions and Intent features.In this method,a two-layer mode based on Stacking is implemented.In the 0th layer,the information difference is defined according to the false positives and false negatives,and the weighted integration of several basic models is guided by the information difference in the 1th layer to get the final classification model.Experimental results show that the detection accuracy of our proposed method is capable of 0.951?0.985 with low false-positive rate and falsenegative rate(lower than 0.008 and 0.004,respectively),which is better than other detection methods.2)To address the second shortcoming,based on the fine-grained system API measurements,a detection framework is proposed to guide the spatiotemporal metric clustering of datasets.In this framework,a set of constraints are designed to select the optimal cluster number and the suitable clustering algorithm,and multiple subsets with temporal and spatial attributes are generated after clustering.Experimental results verify that models trained on these subsets are more sensitive to the judgment of other information inconsistent with its own features after clustering based on spatio-temporal metrics,and thus obtain better generalization performance,which effectively mitigates time bias and space bias existing in real-world,and support multiple detection algorithms.Consequently,the overall detection is improved.Experiments show that coarse-grained and fine-grained measurements can describe the behavior of malware from different levels.Based on this,the trained model can locate malware effectively,and the feasibility and validity of our method offered are confirmed.