Research On Android Malware Detection Technology Based On Knowledge Graph

In the current rapidly developing digital age,the popularity of the Internet and smartphones has brought great convenience to people's lives.Due to the open source nature of the Android system,various malware such as naked chat scams and ransomware emerge in an endless stream,causing leakage of sensitive information and economic losses to users.Therefore,how to improve the detection accuracy of Android applications has become a research hotspot of current Internet security.This thesis analyzes the existing Android malware detection methods at home and abroad,and aims at the problems of traditional grammatical detection being easily bypassed by packing and obfuscation techniques,and the coarser granularity of traditional behavioral semantic information detection and analysis leading to low detection accuracy,etc.Combining the advantages of knowledge graph,which can analyze the semantic information between entities in a fine-grained manner,this thesis proposes an Android malware detection method based on the knowledge graph.The main research results of this thesis are as follows:(1)Aiming at the problem of low detection accuracy caused by insufficient semantic information analysis,this thesis proposes an Android malware detection method based on API knowledge graph,which constructs a knowledge graph by extracting sensitive API call sequences.Our experiments prove that this method can effectively detect unknown Android applications by fine-grained analysis of the behavioral semantic information between API calls through the knowledge graph,but there are certain false positives.(2)Aiming at problems such as false positives caused by single features.This thesis proposes an Android malware detection model based on the multi-feature knowledge graph.This method extracts sensitive permissions and sensitive APIs,and uses API call relationships and permissions and API mapping relationships to construct a knowledge graph.Experiments prove that compared to the Android malware detection method based on API knowledge graphs,this method has improved in terms of accuracy and recall rate,and effectively reduces false positives and has better detection performance.But the detection efficiency is slightly reduced.In summary,the method of introducing knowledge graphs combined with Android malware detection technology can perform fine-grained analysis of API behavior semantic information,improve the detection accuracy rate,and effectively detect Android application software.