The Android Platform Intrusion Detection System Based On The Behavior Patterns Design And Implementation

With the popularity of Android platform, malicious attacks aimed at Android are increasing. Android platform has some security measures such as the sandbox, permission mechanism and so on to ensure the security of the system, but huge commercial interests encourage numerous attacks against the system. Meanwhile Android platform has exposed some serious security threats such as the open mode, system vulnerabilities, software vulnerabilities, permission mechanism. There is urgent need for a new security mechanism to deal with the security threats faced by the Android platform.The fundamental starting point of this paper is to ensure the safety of Android users, and the main targets are to indentify the existing and unkown malicious attacks. This paper starts from the research of the Android security mechanism and the security threat, as well as the Android platform malware attack intention and means of attacks. Then the paper presents the application and user behavior patterns as anomaly detection object and designs anomaly detection algorithm based on Markov chain model. Finally, based on the overall design of the behavioral patterns of the Android platform intrucsion detection systems, the paper presents the detailed design and implementation of the anomaly detection subsystem.The paper is divided into seven chapters. The first chapter analyzes the background of the Android platform security research, presents an intrusion detection system in Android platform to ensure the safety of the system. The second chapter gives overviews of the Android system architecture and security mechanisms based on a detailed analysis of the security threats faced by the Android system, intrusion detection systems, research status of smart phones anomaly detection and Android platform anomaly detection requirements analysis. The third chapter summarizes the Android platform malware attacks intentions and means of attack on the basis of a detailed analysis of the mainstream Android platform malware behavior patterns. The fourth chapter defines and describes the Android application and user behavior patterns, and then designs the anomaly detection algorithm based on Markov chain model. The fiveth chapter gives the overall design of the system. The sixth chapter gives detailed design and implementation of anomaly detection subsystem, and tests the usability of the system at the prototype level. The last chapter summarizes the paper work, the prospect of the next stage of work.