论文部分内容阅读
Withthefast development ofmobileinternet, the shipment ofmobiledeviceshasexceeded that of traditional PCs, among which the Android system takes the first place in installation. Increasing traditional platforms (e-commerce, e-government, mobile banking, games, etc.) are expanding Android-based applications. At the same time, hackers also aim at users of Android system. Behavior of malicious application against android is becoming more and more serious, which brings users a lot of security problems such as malicious fee deduction, information theft, remote control, malicious dissemination, cost consumption, system damage, deception and fraud. Therefore, the research on Android malicious application detection and risk assessment is of great theoretical and practical significance.
In this dissertation, comprehensive research has been done on the theories and techniques of Android malware detection and risk assessment. At present, the main academic research mostly focuses on feature engineering and machine learning classification. There exists some space to further research on the rationality of malicious feature selection, high accuracy and efficiency of algorithm, and quantitative evaluation of malicious level. In this dissertation, a series of problems are studied, including static feature dimensional reduction, dynamic feature validity, accuracy and efficiency of machine learning algorithm, malicious risk assessment framework. The main research work and innovations are as follows:
1) Concerning the analysis of high-dimensional features in the static malware, Principle Components Analysis (PCA) is adopted for dimensionality reduction. To improve both the accuracy and efficiency of malicious app detection, Random Deep Decision Forest algorithm is proposed which combines adaptive boosting and random forest methods with enhancement of the tree weighting and the forest depth strategy.
2) Considering the validity of malicious behavior derived from dynamic features, we use Markov Chain method to analyze the time series combination of dynamic features and derive malicious behavior. Meanwhile, integrated SVM machine learning classifier is applied to classify malicious applications, which effectively improves the accuracy of detection. For dynamic feature engineering, we use Monkey runner test tool to extract and analyze 12 groups of sensitive operation features, 4 of them are novel feature groups proposed in this dissertation.
3) Regarding to the malicious risk assessment, an effective evaluation framework based on Fuzzy-AHP is proposed. Compared with the traditional AHP framework method, this method uses the Fuzzy-AHP process to calculate the weights of standard layer elements and uses the enhanced maximum deviation method to get the weights of index layer elements. The malicious quantitative risk assessment is carried out from four aspects: permission, data leakage, sensitive API call, network and hardware operation.
The theory and method presented in this paper are compared with the existing research methods by using open accessed test samples from VirusShare. The experimental results show that the proposed Android malware detection method has higher accuracy and computational efficiency than previous research. The proposed malicious evaluation framework is feasible and has good application prospects.
In this dissertation, comprehensive research has been done on the theories and techniques of Android malware detection and risk assessment. At present, the main academic research mostly focuses on feature engineering and machine learning classification. There exists some space to further research on the rationality of malicious feature selection, high accuracy and efficiency of algorithm, and quantitative evaluation of malicious level. In this dissertation, a series of problems are studied, including static feature dimensional reduction, dynamic feature validity, accuracy and efficiency of machine learning algorithm, malicious risk assessment framework. The main research work and innovations are as follows:
1) Concerning the analysis of high-dimensional features in the static malware, Principle Components Analysis (PCA) is adopted for dimensionality reduction. To improve both the accuracy and efficiency of malicious app detection, Random Deep Decision Forest algorithm is proposed which combines adaptive boosting and random forest methods with enhancement of the tree weighting and the forest depth strategy.
2) Considering the validity of malicious behavior derived from dynamic features, we use Markov Chain method to analyze the time series combination of dynamic features and derive malicious behavior. Meanwhile, integrated SVM machine learning classifier is applied to classify malicious applications, which effectively improves the accuracy of detection. For dynamic feature engineering, we use Monkey runner test tool to extract and analyze 12 groups of sensitive operation features, 4 of them are novel feature groups proposed in this dissertation.
3) Regarding to the malicious risk assessment, an effective evaluation framework based on Fuzzy-AHP is proposed. Compared with the traditional AHP framework method, this method uses the Fuzzy-AHP process to calculate the weights of standard layer elements and uses the enhanced maximum deviation method to get the weights of index layer elements. The malicious quantitative risk assessment is carried out from four aspects: permission, data leakage, sensitive API call, network and hardware operation.
The theory and method presented in this paper are compared with the existing research methods by using open accessed test samples from VirusShare. The experimental results show that the proposed Android malware detection method has higher accuracy and computational efficiency than previous research. The proposed malicious evaluation framework is feasible and has good application prospects.