Research On Security Analysis Methods Of Android Application Based On Static Detection

With the development and maturity of mobile network technology,smart devices are rapidly gaining popularity and android devices account for most of the market share.Thus,the number of android apps has exploded.While mobile users enjoy the conve-nience brought by android apps,their privacy is also under the threat of leaking.Mali-cious android apps collect valuable private data of users,such as account information,location,device information,sensor data,and so on.If the privacy data is leaked,mo-bile users may be harassed by spam messages and crank calls,and even suffer property losses and personal safety threats.Therefore,to protect the privacy security of mobile users,it is necessary to detect malicious Android apps and analyze their malicious be-haviors.However,due to the rapid growth of the number of Android malicious apps and the rapid iteration of new evasion methods used by these apps,the detection capa-bility of the existing methods is gradually decreasing.To address these challenges,this dissertation focuses on the detection of android malware and carries out the following research work:1.This dissertation proposes a family classification method for android malicious apps based on graph embedding,designs and implements a prototype system.This sys-tem detects malicious android apps with the family characteristics,analyzes the com-mon behaviors of family applications(apps),extracts representative behaviors of apps as family features,and then utilizes these features to detect new malicious samples and identifies their family labels.It can assist security analysts to quickly deal with the im-pact of malicious apps with the prior knowledge of relevant app families.The challenge of this study is that the graph models representing malicious app behavior are very com-plex and the existing graph matching methods have much computational complexity.To address this challenge,this dissertation proposes a graph similarity comparison method based on graph embedding,which can quickly compute the similarity of different graphs and preserve partial topological information of the graphs after graph embedding.The experimental results on the real data set show that the system can accurately identify the malicious app family labels,and the time consumption of detection is less than other similar comparative methods.2.This dissertation proposes a cross-taint analysis based method which detects permission abuse behavior triggered by app interfaces,designs and implements a proto-type system.The system analyzes the user interfaces of android apps that utilize images for rendering.The correlation between images and callback functions is established by using the cross-taint analysis,and the correlation between images and permissions is established by analyzing the required permissions for the behavior performed by the callback functions.Then,a deep learning method is used to estimate whether the be-haviors triggered by the images meet the expectation of mobile users so as to detect the abuse of permissions.The challenge is to associate images with the response events(callback functions)in the full-custom and semi-custom user interface libraries.In the android native interface library,the settings of image and callback function are oper-ated by specific programming interfaces.However,in the full and semi-customized third-party libraries,there are no uniform patterns and names for setting images and callback functions,which hinders the existing analytical detection methods.Moreover,the semantic information carried by the image rendering interface elements is difficult to be understood by the machine.To solve these challenges,this dissertation proposes a cross-taint analysis based method,which is used to establish the correlation between image and callback function.Then,deep learning is utilized to extract the semantic in-formation of images and detect abuses of permissions.The results show that the system can effectively establish the association between the images and the triggered behaviors,and detect whether the triggered behaviors abuse the permissions.3.This dissertation proposes an algorithm of android malicious app detection based on incremental learning.To evade detection,android malicious apps will in-troduce new technologies which bring new features.Thus,concept drifts will be in-troduced into malicious app samples,which reduces the detection performance of the methods based on machine learning.Moreover,the batch machine learning methods are difficult to update the models in real-time because of the endless coming malicious apps and the large number of keeping samples.In addition,the number of malicious apps is much less than that of benign apps,which introduces the sample imbalance problem.And multiple propagation methods of malicious apps introduce the multiple concept drift problem.To solve these challenges,this dissertation proposes an incremental en-semble classification algorithm based on blocks,which processes the continuous mali-cious samples as stream data,and utilize the weight update mechanism,oversampling mechanism and pruning mechanism to process these samples,so as to improve the de-tection performance.