Research On The Static Analysis Of Android Software Malicious Behavior

Android smartphone operating system has become the main stream of the terminal system,the function of the intelligent terminal and PC getting closer and closer.But due to the lack of safety consciousness of ordinary users and backward of market regulation,security detection technology based on mobile terminals of Android system has become a hot research.In this paper,the static analysis technology of the Android software were studied.Because the Android platform is an emerging mobile operating system in recent years.The detection technology of Android platform virus is not mature enough compared to the PC.At the same time,because the Android virus application change cycle is shorter,Conventional signature detection technology already can not adapt to the development of the mobile platform,and the detection rete is low for unknown types of viruses and variant program virus.Many scholars used machine learning to detect Android virus program.This paper puts forward the bayesian network classification algorithm to detect malicious behavior of the Android software.This paper mainly complete the following two tasks:(1)Extracting static feature of Android software.Because the characteristic quantity is too much,in order to extract the characteristics which had a greater influence on the classification,we need to remove characteristics which has no impact on the classification.To select the most effective features for the classification of the bayesian network,analyze three different kinds of feature selection methods,improving the detection rate of the model.And the choice of three different methods are verified through the experiment on the result of classification,Finally better feature selection methods are used to construct a bayesian network model.(2)This paper puts forward the bayesian network classification algorithm to detect malicious behavior of the Android software.Because the malicious behavior of Android applications require the combination of different characteristics,And there is a certain causal dependencies between different characteristics.In order to fully express dependencies between features,the using of Bayesian network classification algorithm willhelp to improve the detection rate of Android malware.In this paper,the association rules algorithm used in the construction of a bayesian network structure,complete the learning of conditional probability tables under Noisy-OR model,and eventually the model will be used in the detection of Android malware behavior.In this paper,combining the static analysis of malicious Android applications with Bayesian networks,Feature extraction using the Python implementation,Bayesian network model constructed using the proposed method.Verified the effectiveness of the Android malicious behavior detection model through the experimental result of the detection rate,the rate of false positives and non-response rates.