基于随机森林算法的Android恶意行为识别与分类方法

针对当前Android恶意软件检测方法对检测出的恶意行为无法进行识别和分类的问题，提出基于随机森林（RF）算法的Android恶意行为的识别与分类方法. 该方法在对Android恶意软件的类型进行定义的基础上，利用融合多种触发机制的Android恶意行为诱导方法触发软件的潜在恶意行为；通过Hook关键系统函数对Android软件行为进行采集并生成行为日志，基于行为日志提取软件行为特征集；使用随机森林算法，对行为日志中的恶意行为进行识别与分类. 实验结果表明，该方法对Android恶意软件识别的准确率达到91.6%，对恶意行为分类的平均准确率达到96.8%.

Android malicious behavior recognition and classification method based on random forest algorithm

An Android malware behavior identification and classification method was proposed based on random forest (RF) algorithm aiming at the problem that the existing Android malware detection method cannot identify or classify the detected malicious behavior. The types of Android malware behavior were defined, and the potentially malicious behavior was triggered with a complex Android malicious behavior induction method. Application behavior can be captured by system function hook and transformed into behavior log. Then application behavioral feature set can be extracted from behavior log. The random forest algorithm was used to identify and classify the malicious behavior from the behavior log. The experimental results showed that proposed method had 91.6% accuracy in malware behavior identification and 96.8% accuracy in malicious behavior classification.