Android malicious software detection method based on API characteristics

Abstract

The invention discloses an Android malicious software detection method based on API characteristics. The method comprises the steps that a first training sample set and a second training sample set are established, and API characteristic vectors of the training samples are extracted; various API characteristics are selected out according to a value d to form a first API set; a hierarchical structure model of the API characteristics is established to generate first paired comparison matrixes corresponding to second and third layers and second paired comparison matrixes of API packets, and weight vectors are calculated according to the comparison matrixes; weights of the API characteristics in the first API set are calculated; weights eta of the API characteristics called by test samples arecalculated according to the API characteristic vectors of the test samples and the weights of the API characteristics in the first API set; finally, the eta and judgment factors k are compared, whether the test samples are Android malicious software or not is judged according to comparison results, and the detection accuracy of Android malicious software is greatly improved.

Description

technical field [0001] The present invention relates to a detection method of malicious software, in particular to an Android malicious software detection method based on API (Application Programming Interface, Application Programming Interface). Background technique [0002] The fiery mobile Internet has led a new wave of the Internet, and Android has become the most popular mobile operating system in the mobile Internet era. While Android is popular, its own security problems are also becoming more and more prominent. For example, security loopholes are frequently exploited, the number of malicious applications is explosively increasing, and user privacy and property are facing serious security threats. Therefore, the research on the security of Android applications has important academic and application value. Android malware has had a great impact on the daily use of users. Common problems include: harassing calls and text messages, slow or dead mobile phones, unreasona...

AI Technical Summary

Problems solved by technology

Android malware has had a great impact on the daily use of users. Common problems include: harassing calls and text messages, slow or dead mobile phones, unreasonable consumption of traffic, notification bars and pop-up ads, malicious chargebacks, files and data in mobile phones Destruction, leakage of personal information such as address book text messages, mobile phone poisoning or Trojan horses, and account information being stolen, etc.

Static detection technology mainly obtains information such as software components, applied permissions, and called APIs by decompiling the application, and then selects one or several of them as features, and compares it with the samples in the malicious sample library to judge the application. Whether it is malicious or not, but due to the rapid variation of malicious samples, the recognition accuracy of this detection method is not satisfactory

Images