| With the rising popularity of smart phones based on Android system, Especially with the popularity of 3G network and the high speed development of the 4G network, Smart phones have replaced part of the computer functions and gradually into people’s life. The current smart phones already have the functions like bank payment and shopping even social contact, this make the malware action which is for the purpose of profit, like theft of user privacy information even money are increasing. However, because of the Android open source characteristics make its security problem is more outstanding, Android platform’s Malware has been became the main impact factors of the Smartphone’s safety.This dissertation puts forward a hidden Markov models based Android malware behavior detection method, which is on the basis of the sufficient study about malware behavior characteristics and the current malware detection method. In the way of choice to detect,we choice the software dynamic behavior based method which is named dynamic detecting, To avoid the need to constantly update of malicious code library, and it also can test the unknown malware. On the testing content of this dissertation, we focused on the SMS and telephone and network and location information which are likely to be the key function to harm the users’ privacy. The Detection model is based on hidden Markov model, using the evaluation method to estimate the malicious software. Using the learning ability of the hidden Markov model to realized the function of Machine self-learning. Through repeat learning of users’ habit to improve the accuracy of assessment about malicious software, When there is a difference behavior, it can be determined whether it is a malicious behavior by the model which parameters is already trained.In the implementation method, this dissertation a detection model which is established on the basis of the user judgments. In the model parameter selection, in order to reflect user habits. Considered the balance of malicious behavior detection efficiency and utilization of system resources, this dissertation selects several behavior parameters which can reflect user’s using habits to establish the model. Considering the limitations of Smartphone hardware configuration, In order to decrease the System resources usage, Realize the lightweight malicious behavior detection software. First, the parameters of the model does not need to be get through from the third party analysis software, By means of broadcast mechanism of the Android system itself and its excellent framework layer monitoring system to realize the parameter acquisition. Secondly to implement the software behavior detection based on the Android broadcast mechanism, it makes that the system need not to be always running, Only to be launched by receiving related broadcast intent. In the judgment model, In addition to the system automatically judgment there also joined the user’s judgment. By setting up a black and white list, not only improve the efficiency and the flexibility of the malicious behaviors judgment, but also reduces the occupancy rate of system resources. In the test, this dissertation compared with the normal SMS and the malicious programs which send SMS messages in background.Through the test system is able to identify the different between the normal behavior and the malicious behavior, it is achieved the desired effect. |