Research On Android Malware Detection Based On Multi-feature Fusion

Android has become the most popular mobile operating system among developers and users due to its fully open source feature.With the increasing demand of users for applications,the number of various types of applications has also increased rapidly,including a large number of malware,which can cause infringement on users’ information security.Therefore,the research of malware detection has received widespread attention and has resulted in various detection mechanisms and protective measures.However,with the popularization of obfuscation and encryption technology,the malware detection technologies based on code similarity has been difficult to meet the current needs of malware detection.Therefore,it is of great practical importance to design an efficient,accurate and obfuscation-resistant malware detection algorithm for Android.This thesis proposes a multi-feature fusion malware detection algorithm to address the limitations of single detection algorithm in terms of accuracy or efficiency.Firstly,to improve the efficiency of malware detection,this thesis proposes a malware detection algorithm based on the feature of system call.Based on the feature vector of system call,the algorithm uses the improved KNN algorithm based on KD-Tree to detect the maliciousness of Android applications.Experimental results show that this algorithm has a significant improvement in detection speed compared with the traditional KNN algorithm.Secondly,to improve the accuracy of malware detection,this thesis proposes a malware detection algorithm based on the feature of interface layout.This algorithm transforms the interface layout features of Android applications into a tree structure,and calculates the similarity of the layout feature tree at both widget and structure levels,and analyses the maliciousness of the application based on the similarity.Experimental results show that this algorithm has a higher accuracy compared with other malware detection algorithms.In addition,this thesis combines the two detection algorithms to ensure both high detection efficiency and high accuracy in the process of malware detection.Finally,based on the fusion of the two detection algorithms,this thesis implements an Android malware detection system,which can effectively perform malware detection tasks and display the detection report in a graphical interface to user.The system test proves that the system has good usability and stability and is suitable for large-scale Android malware detection scenarios.