Research On Android Application Detection Technology Based On Static Code Analysis

As one of the most popular channels for users to download applications,Android application store urgently needs to adopt effective Android application technology to organize huge applications and provide users with a secure and application's convenient download environment.Among them,malicious application detection technology is adapted to effectively prevent the potential harm of malicious applications to users.In the past research on static detection technology,the context information of static code calls was not considered comprehensively.It caused that malicious applications with high complexity and hidden malicious behavior could not be detected.In addition,in order to manage applications conveniently,so that users can easily and quickly download applications to meet their needs,the application store also needs to provide corresponding application category detection technology based on applications' functions,that is,application functional classification technology.Based on the above situation,this paper proposes and implements an Android application detection technology based on static code analysis.Through using static code analysis technology to extract the static feature information of the application,and using a variety of machine learning models,malicious application detection technology and application function classification technology are realized.It includes the following research contents:(1)An Android malicious application detection method based on static code calls context information is proposed.Th method uses static code analysis technology to extract the context information of API calls comprehensively,including information of API calls,callback functions information of API calls and information of their related API calls,and takes the application's permission declaration information as joint features.Furthermore,a variety of over-sampling algorithms are used to solve the problem of unbalanced distribution of data samples.Random forest features are used as selection methods to select features.Combining with various supervised machine learning methods,the optimal classifier strategy is selected.The experimental results show that the malicious application detection method proposed in this paper achieves 96.2%accuracy,which is better than the previous detection technology which did not consider the context information of static code calls comprehensively.(2)An Android application functional classification method based on fine-grained static code analysis is proposed.The method considers the influence of the probability of using UI on the weight of application features in a fine-grained way.Static code analysis technology is used to extract text characters and API call information used in each application's UIs.Then base on PageRank algorithm,the jump between application'UIs is regarded as a jump between web pages,the UIs'weights are allocated,so that the features'weights which used by each UI are allocated,and the permission declaration of the application is used as joint features.A variety of filtering feature selection methods are used to select features,and a variety of supervised machine learning methods are used to train the application samples.Finally,the best classifier strategy is selected.The experimental results show that the accuracy of the application functional classification method proposed in this paper reaches 86.2%under the 10 classification,which is 7.3%higher than the previous coarse-grained methods which don't consider the relations between the weights of features and UIs.In summary,the Android application detection technology based on static code analysis proposed and implemented in this paper provides certain research and practical value for the automatic management application technology of Android application store.