| The mobile phone becomes more and more popular since it is invented for the convenience itbrings to people. With the continuous evolution of mobile phone, it is endowed with many features.Users can install software from third-party service provider in their mobile operating system, andaccess internet through mobile communication network. However, the threat of malware alsoappears. Android has become the one of the most popular mobile operating system after thepopulation of J2ME, Symbian and WM platform. At the same time, the development of mobilemalware has also reached new heights.The main forms of Android malware are the Premium Rate Number Billing, Privacy (e.g.IMEI, SD card data) Spyware and Transaction Authentication Number Stealing. The hackersusually release a malware by decompiling normal Android application and then embed maliciousmodule into it. Therefore, the implementation of malware behavior and detection has a practicalsignificance to protect users from attacks.The pre-detection and real-time block are two usual ways against malware. Pre-detectionmeans detect Android APK before it is installed. While real-time block means block maliciousbehavior when Android APK is running. This paper mainly focous on the previous way, and themain accomplishments are as follows:1. Implement and reproduce Android malware behavior, display the essence of malware fromthe code level.2. Reveals the main procedure of How malware developers implant malicious module intousers’ smart phone system, and provider user with the appropriate preventive measures.3. Design a static behavior detection solution with the conclusion drawn from the above twopoints. Firstly, by matching critical System API, this solution deployed in local can effectivelydetect malicious behavior. At the same time, by introducing signature check mechanism on thecloud, this solution deployed in the cloud can detect re-signed application effectively. As the result,the whole system improves detection efficiency without much loss of accuracy. |
PDF Full Text Request