Design And Implementation Of Android Malware Analysis System

In recent years, based on Android smartphone terminal market share is growing rapidly, Due to the openness of Android platform, the low threshold of programing, the diversification of the application market, the Android application development is extremely prosperous.The Android malware is also explosive growth, a direct threat to personal privacy, payment security and other aspects, will undoubtedly become an important goal of mobile security protection work. But the massive amount of APK files as Android platform malware analysis work, to bring great pressure, how to make the analysis work flow standardization, to strengthen management, improve efficiency, how to convergent of the number of APK files, have become the practical engineering problem.In this paper, on the basis of deep analysis of characteristics of Android platform, the main hazards of mobile malware and related analysis & detection technology, use static reverse analysis technique to unpack and analyze the APK files on the Android, to anti compile the DEX file; cross use of sensitive API identification, digital signature and identification of suspected key words recognition, privilege analysis technology, implement the automated scanning & classification of unknown samples of Android Application. With this technology, a web management system for Android malware analysis is designed, in order to improve the use efficiency of Android malware APK files analysis work, promote the APK file analysis work flow and standard, at the same time effectively convergent the number of APK files need analysis before the artificial analysis.Finally, the key indicator of the system is tested and analyzed.The system can scan a packet in the average per second when the two threads are opened,meeting the default performance indicator. The output results of the scan are completely consistent with the engine rules, and meet the requirements of the accuracy indicator. The convergence rate of the suspected packet is 5.6%, which significantly reduces the workload of manual analysis, and achieves the expected engineering application effect.