The Design And Implementation Of Codeblock-based Android Anti-virus System

Nowadays, smart phones appear in every aspect of people’s life. In domestic,Android phones accounted for81%of smart phones’ shipments, four times more thaniOS phones which take up the second place of smart phones’shipments, and Windowsphones ranked third only occupy3.6%of the smart phones’ market share. On global,Android smart phones account for42.68%.It is the popularity of smart phones and the openness of the Android system thatthe quantity and the complexity of malicious software on Android increasedramatically. Android malicious software has began to surge from66%to96%sincethe fourth quarter of2012. The malicious software, also called virus, will infringe theusers’ legitimate rights, such as silent installation, monitoring SMS, unauthorizeddownloading from the network, sending text messages secretly and so on. The reportreleased by360Security Center says that the quantity of malicious softwaretampering Android games reached134927from January2012to March2013.With so many well disguised Android malwares emerging every day, a fast andaccurate system for detecting and removing malwares is very necessary.This paper describes an antivirus system based on code blocks, by which anAndroid application can be analyzed and its feature can be extracted to determinewhether it is a malware. Besides, this paper has summarized the situation, thebackground and the significance of related security applications on Android,introduced the development environment and technologies, the system’s requirementsanalysis, preliminary design, detailed design and the implementation of the system.The system uses a J2EE SSH framework for serving and implements five large modules including quick entry (record collection and recently used queries), rightsmanagement, virus database management (entry, delete, export), classification(classification feature extraction, block search, The new three-way clustering),dynamic analysis. Hadoop distributed clusters are also used as the underlyingprocessing platform for the tasks. Most of the users of the system are virus analysts.The system has been put into use and been in maintenance.