| Android malware detection is based on malware analysis technology to obtain program information,conduct statistical analysis and build data sources,and finally use different method to classify and identify malware.The information source mainly depends on the program analysis technology to obtain the information of malicious software,while the static information is easy to obtain compared with the dynamic information,and the disassembly technology can obtain part of the program information in batches.The detection methods,such as traditional signature matching methods and machine learning,are often used to classify program informationThis thesis mainly uses machine learning methods to detect Android malware.In view of the different importance of features of Android malware samples,unbalanced data sets,and high-dimensional software features that will reduce the detection efficiency,this thesis mainly studies how to build joint feature detection methods for different types of information,and studies two methods,namely,multi feature fusion and long text classification,for ultra long string type but monotonous operator code sample information,The specific research is as follows:(1)Aiming at the different importance of features of Android malware samples,a low correlation feature joint malware detection scheme is proposed.First,the Android software samples are decompiled to extract fine grained and high-dimensional features;Then,the data source is statistically analyzed,different processing schemes are designed for different kinds of program information,the extracted high-dimensional information is processed,and the low dimensional detection data source is constructed.Finally,the machine learning classifier is used to detect malware.Among them,for the permissions and API information that are easy to obtain,the high frequency of malware is counted,and some information is selected for processing;The auxiliary information that is not commonly used for detection uses the certificate date and confusing technology use information,and is processed according to the use of different information.(2)Aimed at the problems of low efficiency of feature detection of super long sequence semantic opcodes,unbalanced data set information,and unstable detection effect,this thesis proposes a multi feature fusion malware detection method that combines N-gram method with permissions and API information after processing opcodes,and uses machine learning model fusion method to classify,which improves the stability of malware detection while ensuring efficiency.(3)Aiming at the problem that the data capacity of the opcode information of the super long sequence semantics with instruction as word unit is too large and the training time consumption is too long,a method of local semantic detection of instruction sequence with method interval as word unit is proposed,which improves the detection accuracy and significantly reduces the training time consumption.To sum up,this research is based on the program information category of Android malware samples,and proposes different malware detection schemes.The experimental results show that the Android malware detection scheme proposed in this thesis can effectively reflect the program information,improve the detection performance,and has practical significance. |
PDF Full Text Request