The invention relates to an
Android malware static detection method based on
random forest and belongs to the technical field of
network security. According to the method, characteristic vectors consisting of permissions, monitored
system events, sensitive APIs and permission rates are constructed, a training model and a prediction model of
Android malware based on a
random forest algorithm in support
machine learning are established, then, the validity of the models is verified through sample calculation with a tenfold
cross validation method. The prediction accuracy of the model can reach 89.91%. The method has the significant advantages as follows: 1) main characteristics involved in each
Android application are acquired with a simple and quick
static analysis method, besides, no dynamic tracking is involved, and the characteristics of low cost and high efficiency are realized; 2) the used four groups of characteristic vectors comprising the permissions, monitored
system events, sensitive APIs and permission rates can be captured easily by each
Android application, and the method is easy to popularize on an Android platform.