基于机器学习算法的Android恶意程序检测系统

对于传统的恶意程序检测方法存在的缺点，针对将数据挖掘和机器学习算法被应用在未知恶意程序的检测方法进行研究。当前使用单一特征的机器学习算法无法充分发挥其数据处理能力，检测效果不佳。文中将语音识别模型与随机森林算法相结合，首次提出了综和APK文件多类特征统一建立N-gram模型，并应用随机森林算法用于未知恶意程序检测。首先，采用多种方式提取可以反映Android恶意程序行为的3类特征，包括敏感权限、DVM函数调用序列以及OpCodes特征；然后，针对每类特征建立N-gram模型，每个模型可以独立评判恶意程序行为；最后，3类特征模型统一加入随机森林算法进行学习，从而对Android程序进行检测。基于该方法实现了Android恶意程序检测系统，并对811个非恶意程序及826个恶意程序进行检测，准确率较高。综合各个评价指标，与其他相关工作对比，实验结果表明该系统在恶意程序检测准确率和有效性上表现更优。

A Malware Detection System Implementation of Android Application Based on Machine Learning

For the weakness of traditional malware detection methods, this paper proposed a method in the detection of unknown malicious applications based data mining and machine learning algorithm. While a single feature of machine learning algorithms could not play the role of ability of data processing, detection effect. A method to combine speech recognition model with random forest algorithm was first proposed, which considered multi-class APK features in unknown malware detection. First, it combined a variety of ways to extract 3 classes which could reflect the behaviors of Android malware including sensitive permissions, DVM function calls and OpCodes characteristics; then, according to the characteristics of each type of N-gram model, each one could evaluate behaviors of malware independently; finally, 3 classes of feature model would join into a random forest learning algorithm, so as to detect the Android apps. It implemented an automated system based on this method to detect 811 non-malicious and 826 malicious apps with higher accuracy. Considering comprehensive evaluation of various indicators, the experimental results show that the malware detection system has a better performance than other related works on effective and accuracy.