A malicious application detection model to remove the influence of interference API sequence

Abstract

This paper proposes a new model for detecting Android malicious applications. The model obtains the API call sequences of APP runtime, and extracts features from them. These features have the highest correlation with malicious attributes detection, and have the characteristics of small redundancy between each other. And noticed that API subsequences generated by normal behavior that may exist in a malicious application can interfere with the training of the detector. We use VSM and K-means combined with GBDT algorithm to eliminate this interference and improve the detection accuracy. Experiments show that this method can effectively eliminate the influence of interference API sequence and obtain higher detection accuracy.