Font Size: a A A

Research On Hybrid Detection Scheme Of Android Malware Based On Ensemble Learnin

Posted on:2024-02-14Degree:MasterType:Thesis
Country:ChinaCandidate:Z X ZhanFull Text:PDF
GTID:2568307106482204Subject:Electronic information
Abstract/Summary:
Android is an open source mobile operating system,with more than 70% of the mobile market share.It is widely popular on various intelligent terminals.At the same time,the number of new malicious applications is growing every year.In this paper,the relevant principle knowledge and detection technology solutions of the Android operating system are introduced,and then the ensemble learning classification algorithm is studied,and the commonly used algorithms are compared and analyzed.The advantages and disadvantages of various detection schemes for Android malware obviously coexist.Static detection relies on decompiled file information,and the information obtained on obfuscated code and dynamically loaded programs will be very limited.Dynamic detection requires high system permissions,consumes a lot of system resources,and has a complex operating environment.Usually,the detection efficiency is not high,and a single detection method can only cover specific types of malware.In order to meet the above challenges,this paper conducts in-depth research on the Android malware detection scheme.The research contents mainly include:(1)Android malware hybrid detection scheme based on ensemble learningIn view of the limitations of traditional detection schemes,this paper proposes a hybrid scheme combining static structural analysis and dynamic detection of malware,and the components of the scheme are designed in a modular manner.A double detection approach was used,namely the first static analysis and the double mixture analysis.The first static analysis defines the extraction process and algorithm of feature information such as permissions,signatures,and library files.Introduced the permission feature differential calculation method.Double mixture analysis research on the log monitoring process of dynamic detection.The key API is divided into layers,and the feature information extraction method is improved.Optimized the automated detection coverage method.Redundant data was filtered during feature data processing,and chi-square test was used for further screening,which improved the detection efficiency.(2)Malware detection method and experimental results analysisAccording to the feature information obtained by the detection scheme,through the analysis and research of machine learning algorithms,the random forest classification method of ensemble learning is used to accurately identify malware.The experimental data collected a total of 4,240 Android software samples,of which malicious applications accounted for about 20%.A cross-experiment of malware detection was carried out on this sample set.According to the analysis of experimental data,feature selection can effectively improve the efficiency of classification algorithms.In unbalanced samples,feature data has good stability.The classification method proposed in this paper outperforms other classifiers on evaluation metrics and achieves high accuracy in malware detection.The test resource overhead is less,and it has a stable accuracy rate on the datasets over the years.Compared with related research,the scheme in this paper has certain advantages in accuracy and coverage detection range.In addition,the detection scheme can record the behavior details of malware to better prevent malware intrusion.
Keywords/Search Tags:software detection, software security, Android malware, hybrid detection
Related items