中圖分類號： TP393
文獻標識碼： A
DOI： 10.19358/j.issn.2096-5133.2020.11.002
引用格式： 馮垚，王金雙，張雪濤. 基于特征生成方法的Android惡意軟件檢測方法[J].信息技術與網絡安全，2020，39(11)：8-13.

Android malware detection based on feature generation method

Abstract： Considering the expert experience and manpower required in traditional feature engineering, a detection method based on feature generation was proposed in this paper. ExploreKit was adopted as the automated feature generation method, which can improve Android malware detection model performance by generating and selecting new features. A large of candidate features are obtaioned by calculating the initial features. According to the meta-features of the candidate features, their performance is predicted and evaluated. New features that will improve the performance of the model are selected by greedy algorithms. The time spent on feature generation is reduced by filtering the initial features input to ExploreKit and limiting the number of generated features. Many features were extracted from APK, such as sensitive API and dangerous permission. By using C4.5, SVM and random forest as the classification models, our experiments show that the error rate of Android malware detection decreases 24.6% on average, the accuracy reaches 96.5%, and the AUC reaches 0.99.

Key words : malware detection；feature engineering；feature generation；ExploreKit