Study On Detection And Protection Techniques Of Mobile Phone Malicious Code Under The Android Platform

In recent time when smart phones are very popular, the safety of mobile terminal is the most important problem that users concern. The phone malicious codes not only makes the user’s personal data security be threatened, but also creates a significant risk to the security of national information. In recent years, high-tech theft and leaks occur frequently. The classified staff in government or some research institutions often have not enough awareness of information security. When using the smart phones, they can easily make something like illegal operation or unintentional disclosure in the daily life and work, which leads to incalculable damage to the state. Therefore, the detection and protection technology research about mobile malicious code has become increasingly urgent.Due to the differences of virus signatures between which applies to detect the classified staff’s smart phones and common commercial virus database, the former one has the characteristics such as narrow range, strong targeted, and un-downloaded, and is classified as classification resources. Without authorized of the administrative organs, the common commercial virus database cannot use the classification virus samples. Therefore, common commercial mobile phone anti-virus software cannot be used to detect the smart phones of classified staffs. As the reason, after analyzing the mainstream detection protection technology, this paper selected traditional mobile malicious code detection technology which is based on characteristic values match, developed phone malicious code detection tools based on the Android platform. This tool is divided into three modules. They are virus signatures loaded module, file parsing module and malicious code scanning module. The virus signatures loaded module is used to put the virus signature database into the program memory; The file parsing module is used to judge and resolve the file type of the user-selected object which is to be scanned, and submits the analytical results to the malicious code scanning module; The malicious code scanning module is used to scan the parsed files, match the virus signatures, send the scanning results back to the foreground program and display output.