Design And Implementation Of Malware Detecting System Based On Android Platform

Due to its openness, Android has been the most popular smart phone platform. Numerous users and Android’s openness makes itself be the Hackers’focus. The number of malwares in Android platform is increasing rapidly. Analysis and detection of Android malware becomes the task of security researchers. Dynamic analysis is an important method of malware analysis. It needs to run the software and monitor its behavior. But the log provided by Android is not enough for the dynamic analysis. So, to supply enough input for the dynamic analysis, this paper designs and inplements a monitor system of Android application’s dynamic behavior.The system adds log module for the sensitive APIs in the application by means of its smali code. Then it loads the new application, creates environment to trigger the suspect behavior, generates the call log of sensitive APIs, and makes risk analysis based on the log.First of all, this paper introduces the background, significance and content of the research. It also introduces the related technology. Then it analyzes the system’s requirement and defines the function of the system. After this, it designs the system’s outline and devides the system into eight modules. The whole system contains Android client and server. The Android clients is consisted of dispatching module, APK installation&uninstallation module, HTTP engine module, file operation module, malicious behavior module, and UI module. The server is consisted of log embedded module for sensitive APIs, malicious behavior trigger conditions module, HTTP engine module, and parser for dynamic behavior log. Based on the outline design, this paper gives the detail design for each module, explaining its mechanism and process, and shows partial implementation. Finnaly, this paper verifies the function and performance of the system through tests and experiment.The monitor system of Android application dynamic behavior is a fundamental part for Android malware analysis, and it could provide enough information for the dynamic analysis. The system has been put into use, and makes great contribution to the quick identification of new malwares in Android platform.