Research And Implementation Of Android Malware Detection Method Based On SimHash

With the increasing popularity of smart phones,people gain a great convenience and entertainment,in the meanwhile,it also brings lots of security risks.Several malicious attacks such as privacy theft,spam bombing,malicious deductions,system attacks and others not only bring problems in the usage,but also bring huge economic losses to users.Android smart phones,that occupying most part of the global phone market,loved by broad masses of users because of its open,open source and other characteristics,but these characteristics attract lots of malwares,too.Therefore,the study of Android malicious applications and find a good method to test and classify have some practical significance.Firstly,the thesis describes the framework of Android system,then studies its security mechanism,introduces the purpose,propagates and trigger ways of malicious software,also studies the classification of malware family.At the same time,the thesis analyzes the file structure of APK file,emphatically studies the internal dex file.Secondly,the thesis has a research on the SimHash similarity detection algorithm,points out the deficiency under the actual situation.According to this,the thesis proposes an improved SimHash algorithm,improves the accuracy by using a threshold.In addition,through the analysis of APK file,the thesis proposes a new similarity detection scheme based on hierarchical SimHash algorithm.The scheme extracts contents from different aspects to represent the APK file,then uses the improved SimHash to respectively represent the file.The scheme analyzes the APK file by extracting the AndroidManifest.xml file in it,the sum of the smali code from the decompilation of dex file,instructions extracted in smali files,Java code set,and instructions extracted in Java code files.Through the study of Voted Perceptron voting algorithm,the scheme uses trust weight method,by valuating a trust weight in every layer,then combines all the result with weight in every layer as a resule of scheme,the result can be more reasonable and more convincing.Finally,based on all the theory,the thesis designs and implements a Android malware detection and classification system,the thesis verifies and evaluates the scheme by using malware.During the experiment,the result shows that the scheme has fine effect.