Jisuanji kexue yu tansuo (Aug 2022)
Android Malware Detection Method Based on Behavior Pattern
Abstract
Most Android malware detection methods based on API (application programming interface) call sequences use N-gram and Markov chain to construct application behavior features. However, the feature sequences constructed by such approaches are of limited length and contain the call sequences unrelated to the malicious behavior, resulting in low detection accuracy. This paper proposes a method of detecting Android malware based on behavior pattern. Firstly, the longest sensitive API call sequence is extracted by call sequence reduction and call sequence merging. Then, the weighted support is defined, and an improved sequence pattern mining algorithm is proposed to mine sequence patterns with high discrimination from different categories of samples as classification features. Finally, different machine learning algorithms are used to construct classifier to detect malware. Experimental results show that the precision of the proposed method in Android malicious code detection reaches 96.11%, which is higher than the other two malicious code detection methods based on API call data, improved by 4.60 percentage points and 2.11 percentage points respectively. Therefore, the proposed method can effectively detect Android malicious code.
Keywords
