| With the rapid development of mobile Internet, a variety of smart mobile deviceshave gained popularity in people’s life and work gradually. In multiple smart mobiledevice operating systems, Android system, with its excellent performance andeasy-to-use features, has occupied the largest share of the mobile device market. Andbecause of the popularity of Android system, traditional viruses and Trojans producersbegan to shift the point of attack from PC to smart mobile devices. That makes a largenumber of Android applications with malicious code has been found, and theseapplications have caused great harm to the information and property security of users.The fundamental reason for the large number and variants of the malicious code isthe open-source characteristics of the Android. Basing on the reverse tools, theproducers of malicious code can decompile and modify the applications to addmalicious, and release them again. This paper sums up the operation mechanism ofmalicious code basing on collecting and analyzing a large number of Android malwaressamples, and study in-depth on how quickly and effectively detect malicious code forAndroid system.First, according to the characteristics and operation mechanism of malicious code,the paper studied the key detection technologies for Android and introduces the three ofthem: For the repackaged applications, first introduced is black and white lists detectionmethod based on signatures and similarity detection method based on fuzzy hash. Thesecond is a detection method by computing the permission-function ratio based on thepermission abuses in malwares, and optimize it. The third is the improvement of theexisting surveillance technology for malware dynamic behaviors.Second, summarizing the experience in analysis the project has, this paperproposed a Android malware detection model based on support vector machine.Extracted and processed variety of features based on the main difference between thenormal applications and malwares. Through model training and parameter tuning,ultimately establish an effective detection model for Android malicious code.Finally, the paper designed and implemented an Android malware joint detectionsystem(AMJD). According the performance characteristics of smart mobile devices andexisting servers, split the system into rapid detection and depth detection. By integratingof the key technologies and model in this paper, detailed the structure of the AMJD andmain function modules in it, then tested its performance for detecting malwares frommultiple perspectives. |
PDF Full Text Request