Analysis And Research Of Android Malicious Application Behavior

Currently the intelligent terminal based on the Android has occupied most of the market, and Android system has become a main target for malicious software. Therefore, how to make the security assessments and metrics effectively for the security of application has become a research hotspot in recent years.In this paper, firstly details Android system and security mechanisms, including system architecture, application components, etc. On the base of depth understanding of architecture and mechanisms of Android, the existence of vulnerabilities and security risks is pointed out, as well as the malicious application attacks the system exploiting these vulnerabilities so that causing serious losses to the users.Secondly, this paper analyzes the behavior characteristics of current mainstream malicious application with reverse analytical techniques. Through the signature information analysis, the author founds the signature of repackaged must be different from the source, and the MD5algorithm can be used to verify the signature information to determine whether there is evidence of repackaged. Through the permissions information analysis, this paper introduces the fuzzy comprehensive evaluation based on AHP method to carry the weight of permissions to make safety assessments. What’s more, malicious code scanning is part of security testing procedures, this paper introduces fuzzy hashing algorithm to generate fingerprint information and match the similarity, then determines the security of the program.Thirdly, this paper designs and implements an Android application static detection system, including APK file parsing module, feature properties extracting module, repackaged detecting module, permissions security detecting based on AHP Fuzzy comprehensive evaluation method module, fingerprint matching based on Fuzzy hashing module, and completes the database by Mysq15.5. The system implements functions of detecting repackaged, evaluating permissions security and testing malicious code.Finaly, this paper tests and analyzes the system. The system installs "rapid detection"and "deep detection"."Rapid detection" can quickly detect repackaged, and "deep detection" can not only detect repackaged but also evaluate the safety of permission and scan malicious code.The final test result analysis shows that the system has achieved good results, and proves the correctness and effectiveness of the system.