Android malware detection method based on naive Bayes and permission correlation algorithm

Abstract

In order to detect Android malware more effectively, an Android malware detection model was proposed based on improved naive Bayes classification. Firstly, considering the unknown permission that may be malicious in detection samples, and in order to improve the Android detection rate, the algorithm of malware detection is proposed based on improved naive Bayes. Considering the limited training samples, limited permissions, and the new malicious permissions in the test samples, we used the impact of the new malware permissions and training permissions as the weight. The weighted naive Bayesian algorithm improves the Android malware detection efficiency. Secondly, taking into account the detection model, we proposed a detection model of permissions and information theory based on the improved naive Bayes algorithm. We analyzed the correlation of the permission. By calculating the Pearson correlation coefficient, we determined the value of Pearson correlation coefficient r, and delete the permissions whose value r is less than the threshold $$\rho $$ and get the new permission set. So, we got the improved detection model by clustering based on information theory. Finally, we detected the 1725 Android malware and 945 non malicious application of multiple data sets in the same simulation environment. The detection rate of the improved the naive Bayes algorithm is 86.54%, and the detection rate of the non-malicious application is increased to 97.59%. Based on the improved naive Bayes algorithm, the false detection rate of the improved detection model is reduced by 8.25%.