关键词: 二进制粒子群, 特征选择, 映射函数, 恶意应用检测

Abstract:

To detect Android malware, the API call information, permission information and source-sink information of Android application are extracted. But the amount of these information is huge, and the feature dimension is up to thirty or forty thousand. In order to eliminate redundant features and reduce classifier building time, hybrid feature selection is proposed using L1 and Binary Particle Swarm Optimization（BPSO）. Aiming at the shortcomings of BPSO premature convergence, an improved binary particle swarm optimization algorithm named SVBPSO is proposed. The SVBPSO looks at the transfer functions of binary particle swarm optimization, and studies the influence of different transfer function on binary particle swam optimization. It is found that the BPSO which uses S-shape transfer function is good at global search, and the BPSO which uses V-shape transfer function has better local search ability. On the basis of BPSO using S-shape transfer function, V-shape transfer function is used for local exploration in every certain number of iterations. Finally, it is proved by experiments that SVBPSO has a better convergence effect. After SVBPSO is used for feature selection, Android malicious application detection can be performed with higher accuracy rate.

Key words: Binary Particle Swarm Optimization（BPSO）, feature selection, transfer function, malware detection