| With the development of smart phones and mobile Internet in society,smart phones have gradually become our indispensable life tools.People have transferred information such as money,funds,and learning materials from offline to online operations.At the same time,a large amount of personal information is stored in the smart terminal,and this information includes a large amount of private information,including information such as phone numbers,account passwords,text messages,and photos.This information may be collected by some malicious software and transmitted to the Internet.Users' private information is sold everywhere as profitable data.The leakage of information will bring huge losses to smartphone users.In order to prevent malicious software,more and more researchers have begun to study how to detect malicious software,such as through signature information,code information,permission information,etc.,and the detection system for malicious software has gradually expanded.The study found that the detection methods for malware at this stage mainly include static detection,dynamic detection and dynamic and static hybrid detection.On this basis,this article proposes a malware detection method based on permissions and codes based on the analysis of the permissions and codes of smart phones.Through the analysis of system calls during the operation of smart phones,a malware detection method based on call behavior modeling is proposed,and a database generated based on code,permission characteristics,and system call behaviors is designed and implemented to train the detection model.The main research work of this paper includes:First,a static detection method based on permissions and codes is proposed.The program mainly analyzes the installation package before the software is installed,counts the permissions required for software operation,and analyzes the code in the installation package to form a corresponding feature code.Then use N-Gram to preprocess the data set,and finally train and predict the data through multiple classifiers,and select the classifier with the best prediction result as the malware detection classifier.Secondly,a malware detection scheme based on calling behavior modeling is proposed.The program mainly performs statistical analysis on system call instructions made during software operation.Then classify and preprocess the collected data according to the behavior generated by the call,and use machine learning algorithms to train and predict the data set.Finally,in order to deal with possible misjudgments,the program will set a score for each software under test.The specific value is generated based on the detection results of the static detection method based on permissions and codes.The model will continue to detect the system calls of the software until the corresponding value of the software is below a certain threshold,and the software is identified as malware. |
PDF Full Text Request