Author's: Fei Wu, Xiangqian Wu and Yuan Pei
Pages: [67] - [85]
Received Date: June 1, 2017; Revised June 7, 2017
Submitted by: Bin Guo
DOI: http://dx.doi.org/10.18642/ijamml_7100121838
Existing traffic flow research methods have some defects and shortcomings, which cannot accurately determine and analysis the traffic flow features. In many cases, the malwares which static analysis methods cannot accurately identify and detect them, such as the high degree of source code confusion or such use of dynamic code loading technology, we extracting the network traffic generated during the Internet connection. Then the information gain algorithm is used to select the discrimination features, after that we improved Naïve Bayes classifier with natural logarithm which could transfer multiplication into addition and Laplace calibration can also correct the result of calculation. Our experiments under ten-fold cross validation method, the results show that improved Naïve Bayes algorithm can both reduce the time complexity and achieve 93% accuracy, compare with the privilege based malware detection method, the improved Naïve Bayes classifier based on traffic features has better classification effect. To some extent, this method also provides a new way to detect android malwares, accurately.
traffic features, Bayes model, android, malware.