Android Malware Classifier based on Static Feature and Machine Learning

• Main Authors: ZIH-HUEI YOU, 游子慧
• Other Authors: Yi-Ming Chen
• Format: Others
• Language: zh-TW
• Published: 2017
• Online Access: http://ndltd.ncl.edu.tw/handle/73974670880931543578

碩士 === 國立中央大學 === 資訊管理學系 === 105 === It is important to classify each particular type of malware in order to know the malware features of each class, so that the corresponding protective measures can be made. The number of malware is not only gradually rising and constantly variants. Making a malware features more than one possibility class, but also may contain other malware class characteristics. In this study have to detection of malware for classification and in addition to check whether it contains other classes of risk values, the use of time-saving and high coverage of the static analysis. The static analysis past literature extraction feature almost all use permissions, API calls, components and so on to detect malicious programs, but these features need to rely on expert analysis to filter these features before they can be used, and opcode do not need to rely on expert analysis, Directly using raw data for analysis, and is closely related to the application code, this study uses opcode as a static analysis feature as a study. In this study, we propose an application detection platform, which uses opcode sequence and machine learning to classify. We use J48, RandomForest (RF), NaiveBayes, LibSVM and Partial Decision Tree (PART), which are commonly used in static analysis literature. We use 10-fold cross validation to training and testing. The result is the RandomForest with 4gram opcode sequence of F-Measure has of 97.5%. After classification we can calculate risk value of application that whether contains other class of malware features and given the percentage as a basis for judging.