| With Android device into the life of people, the spread of Android malware seriously affects people’s life. As a result of the security flaws and openness of Android, attackers can easily make malicious operations, such as stealing privacy information, malicious chargeback, and establishing a mobile botnet. It is not only a threat to the terminal user, but also poses a threat to mobile Internet. Therefore, I design a terminal security protection solution, the solution provides malware detection and processing functions, the network traffic information monitoring function, permission management function, calls and sms filtering function, operation log view function and module settings function, which provide safety protection for Android terminal users.I analyze the characteristics of the behaviors of the malware and find that, the Android terminal under the normal use of traffic information based on users’ habits will maintain a relatively stable state, but once the virus invasion or malicious code is executed, the state of traffic information will show varying degrees of abnormality. For example, applications without prompt frequently connected to the Internet to download software or receive remote control command through the network. Therefore, I use terminal traffic information modeling to detect malware. The principle of the malware detection method is capturing the key information of Android terminal data packages, and then uses the SVM classification algorithm to obtain the model parameters of terminal network traffic information, finally the software uses that model parameters to malware detect and process. Malicious software processing is done by uninstalling software and controling the permissions of software.In this paper, the controling of the malicious software permissions, not only can carry on the effective processing of malicious software, but also can prevent malicious software via calls and sms for malicious operation; the principle of permission management is to analyze the Android applications access authorization principle, and then to add permission checks, monitor and control method in the Android source code associated with application software permissions.In order to prevent malicious software to receive control commands by calls or sms before being detected, intercepting calls and sms is needed; I have studied the principle of the calls and sms of the Android system to implement this method, and I add the intercept method in the Android source code associated with calls and sms, to achieve the intercept of the incoming calls and sms in advance. Finally, the test results show that the development of malware detection method can detect the malware, and the development of permission management functions can get effective access control, the depth of the calls and sms filter can provide better user experience than existing solutions. |
PDF Full Text Request