Android Malware Detection Method Based on Behavior Pattern

• Published in: Jisuanji kexue yu tansuo Vol. 16; no. 8; pp. 1792 - 1799
• Main Author: YANG Jiyun, FAN Jiawen, ZHOU Jie, GAO Lingyun
• Format: Journal Article
• Language: Chinese
• Published: Journal of Computer Engineering and Applications Beijing Co., Ltd., Science Press 01.08.2022
• Subjects: malware detection|api call sequences|behavior pattern|sequence pattern mining
• ISSN: 1673-9418
• DOI: 10.3778/j.issn.1673-9418.2102048

Most Android malware detection methods based on API (application programming interface) call sequences use N-gram and Markov chain to construct application behavior features. However, the feature sequences constructed by such approaches are of limited length and contain the call sequences unrelated to the malicious behavior, resulting in low detection accuracy. This paper proposes a method of detecting Android malware based on behavior pattern. Firstly, the longest sensitive API call sequence is extracted by call sequence reduction and call sequence merging. Then, the weighted support is defined, and an improved sequence pattern mining algorithm is proposed to mine sequence patterns with high discrimination from different categories of samples as classification features. Finally, different machine learning algorithms are used to construct classifier to detect malware. Experimental results show that the precision of the proposed method in Android malicious code detection reaches 96.11%, which is higher than th