Abstract:
In order to improve the detection accuracy of Android malware, a static detection method of Android malware based on LSTM-SVM (long short-term memory network-support vector machine) model is proposed. Firstly, by means of the APK (Android Package) file of decompilation Android software, three types of information, including permission, component and intent, are extracted from the AndroidManifest.xml file to form the XML features. Then, the API features are formed by analyzing the API (Application Programming Interface) called situation. By considering the timing and feature dimension of malware operation, LSTM anomaly detection model is constructed based on XML feature, meanwhile, SVM anomaly detection model is constructed based on API feature. The obtained models are parallelly undergone to obtain the final detection result via the probability difference fusion algorithm. Finally, the experimental results on CICAndMal2017 data set show that the detection accuracy of this proposed method can reach more than 98%.