Due to the completely open-source nature of Android, the exploitable vulnerability of malware attacks is increasing. Machine learning, leading to a great evolution in Android malware detection in recent years, is typically applied in the classification phase. Since the correlation between features is ignored in some traditional ranking-based feature selection algorithms, applying wrapper-based feature selection models is a topic worth investigating. Though considering the correlation between features, wrapper-based approaches are time-consuming for exploring all possible valid feature subsets when processing a large number of Android features. To reduce the computational expense of wrapper-based feature selection, a framework named DroidRL is proposed. The framework deploys DDQN algorithm to obtain a subset of features which can be used for effective malware classification. To select a valid subset of features over a larger range, the exploration-exploitation policy is applied in the model training phase. The recurrent neural network (RNN) is used as the decision network of DDQN to give the framework the ability to sequentially select features. Word embedding is applied for feature representation to enhance the framework's ability to find the semantic relevance of features. The framework's feature selection exhibits high performance without any human intervention and can be ported to other feature selection tasks with minor changes. The experiment results show a significant effect when using the Random Forest as DroidRL's classifier, which reaches 95.6% accuracy with only 24 features selected.

翻译：由于安卓系统的完全开源特性，其可被恶意软件攻击利用的漏洞日益增多。近年来，机器学习技术在安卓恶意软件检测领域取得了重大突破，通常应用于分类阶段。由于传统基于排序的特征选择算法忽略了特征间的相关性，因此探索基于封装器的特征选择模型成为值得研究的课题。尽管考虑了特征间的相关性，但基于封装器的方法在处理大量安卓特征时，需要消耗大量计算资源来探索所有可能的有效特征子集。为降低封装式特征选择的计算成本，本文提出名为DroidRL的框架。该框架采用DDQN算法获取可用于有效恶意软件分类的特征子集。为在更大范围内选择有效特征子集，模型训练阶段采用探索-利用策略。框架使用循环神经网络（RNN）作为DDQN的决策网络，使其具备顺序选择特征的能力。特征表示采用词嵌入技术，以增强框架发现特征语义相关性的能力。该框架的特征选择过程无需人工干预即可实现高性能，且可通过少量修改迁移至其他特征选择任务。实验结果表明，当采用随机森林作为DroidRL的分类器时，仅需选择24个特征即可达到95.6%的准确率，效果显著。