Detection Of Malicious Android Application Based On Permissions And Categories

With the rapid development of mobile Internet, smartphones play an increasingly important role in daily life. The operating system as a supporting platform for smartphones also gradually step into people’s horizons. As an open source operating system, Android becomes one of the most popular operating systems following J2ME, Symbian as well as VM mobile. As the rising of Android’s market occupancy rate, the malware designers focus on Android operating system directly. As a result, people pay more and more attention to Android applications’security issues. Thus detection and research on Android malwares become particularly important and crucial.Typically, malwares access to some sensitive permissions. Once the user’s authorization is successful, malwares will abuse these rights to carry out some malicious behavior in the background, such as to obtain private information of user, consume charges of user by sending short messages or run daemon to occupy the mobile phone memory and consumption mobile resources which lead a variety of hazards to users. In this thesis, addressing the information leakage to the user of devices, a method for detection of Android malicious programs based on categories and permissions is proposed. By analysis and induction the system permissions applied during application installing to find the malicious privileges from software. In this way, containing the installing of malicious software and theft of information.According to the different application scope of the Android program, Google Play classifies programs into twenty-seven categories. Applications of each category perform similar function, so the access to permissions are similar. By studying the permission security mechanisms of the Android platform, this article comes up with a vector model to detect malicious applications. Based on the usage of permission, each application is abstracted to a multidimensional vector. Through extensive collection of different categories of Android applications, the paper train the multidimensional vector and sum up the basic distribution of permissions for each category using machine learning methods. Then analysis the permissions of each application category and calculate the mal-threshold of each category. When detecting a malicious Android application, statistics the application permissions usage first. Then according to the category which the application belongs to, calculate the application malicious value, compare the malicious value and the category’s malicious threshold. Determine whether the application is a malicious applications or not, and advise users and help them to determine the program’s security.Experiments verify the effectiveness of this method, prove the method which based on the permissions and application category of Android malware detection can prevent users’ information disclosure, protect user information security.