Android Malware Detection Method Based on Multi-feature and Optimized Feature Selection

• 1、School of Computer Science (National Pilot Software Engineering School), Beijing University of Posts and Telecommunications, Beijing 100876

Abstract：With the rapid development of mobile Internet, more and more mobile phones are carrying people\'s privacy and important data. The threat of Android mobile phones by malicious applications is becoming more and more serious. In order to effectively detect the endless Android malicious applications, this paper proposes an efficient and convenient Android malware detection method. Firstly, for the selection of feature types, on the basis of Android permissions and system API, Dalvik opcode group based on natural language processing N-gram algorithm, security vulnerabilities with larger granularity and more complete semantics is proposed as feature. Secondly, for Android malware detection as the representative of the supervised classification task, this paper proposes an optimized feature selection algorithm TIOE based on traditional TF-IDF, and uses the widely used GBDT as the classification model to detect applications. Finally, the features selected by the two algorithms are trained and compared. The results show that the selected features of TIOE outperform the traditional TF-IDF in all indicators. This method can detect Android malware more effectively, and also provide a new idea for feature selection methods of other supervised classification scenarios.?????

Keywords： Technology of Computer Application Android application Malicious application detection Feature engineering Machine learning