中图分类号： TP393
文献标识码： A
DOI： 10.19358/j.issn.2096-5133.2020.11.002
引用格式： 冯垚，王金双，张雪涛. 基于特征生成方法的Android恶意软件检测方法[J].信息技术与网络安全，2020，39(11)：8-13.

Android malware detection based on feature generation method

Abstract： Considering the expert experience and manpower required in traditional feature engineering, a detection method based on feature generation was proposed in this paper. ExploreKit was adopted as the automated feature generation method, which can improve Android malware detection model performance by generating and selecting new features. A large of candidate features are obtaioned by calculating the initial features. According to the meta-features of the candidate features, their performance is predicted and evaluated. New features that will improve the performance of the model are selected by greedy algorithms. The time spent on feature generation is reduced by filtering the initial features input to ExploreKit and limiting the number of generated features. Many features were extracted from APK, such as sensitive API and dangerous permission. By using C4.5, SVM and random forest as the classification models, our experiments show that the error rate of Android malware detection decreases 24.6% on average, the accuracy reaches 96.5%, and the AUC reaches 0.99.

Key words : malware detection；feature engineering；feature generation；ExploreKit