Android malicious application detection method fusing multi-feature classification

Abstract

The invention discloses an Android malicious application detection method fusing multi-feature classification, belongs to the technical field of Android malicious software detection, and particularlyrelates to an Android malicious application detection method fusing multi-feature classification. The method comprises the following steps: extracting Android permission and static broadcast characteristics by adopting a static analysis method; extracting dynamic broadcast and sensitive API features by adopting a dynamic monitoring method; according to the method, and carrying out dimensionality reduction and decorrelation processing on the features based on the Pearson correlation coefficient dimensionality reduction algorithm. Through carrying out classification detection on the extracted features through the random forest algorithm, existing Android malicious application programs can be detected, and meanwhile Android malicious programs leaking privacy through a broadcast mechanism canbe effectively detected.

Description

technical field [0001] The invention belongs to the technical field of Android malicious software detection, and in particular relates to a method for detecting Android malicious applications fused with multi-feature classification. The invention uses a static analysis method to extract Android permissions and static broadcast features, uses a dynamic monitoring method to extract dynamic broadcast and sensitive API features, and performs dimensionality reduction and de-correlation processing on features based on the Pearson correlation coefficient dimensionality reduction algorithm. The extracted permission, broadcast and sensitive API features are classified, which can not only detect existing Android malicious applications, but also effectively detect Android malicious programs that leak privacy through the broadcast mechanism. Background technique [0002] The Android system is currently the most popular smartphone software platform. According to the 2017 Global Smartphon...

AI Technical Summary

Problems solved by technology

The static analysis method refers to decompiling the application program without executing the application software, and then performing source code-level analysis. Its advantages are fast speed and light weight. The disadvantage is that it cannot simulate the real and lightness of the program, and the false alarm rate is high.

The dynamic monitoring method is to analyze the security of the program by implementing the behavior of the monitoring program during the software execution process and using techniques such as pattern recognition. Its advantage is high detection accuracy, and its relative disadvantages are high overhead and low efficiency.

At present, some works propose to use machine learning and deep learning ideas to detect Android malicious applications. However, most of these methods only analyze the static permissions and API characteristics of Android applications, and there are few methods that consider Android broadcast characteristics.

Images