Research On Operation Mechanism And Prevention Of Malicious Code On Android Platform

With the development of technology and improvement of people’s daily life, the smart phones have become more and more popular. The majority of mobile phone manufactures enjoy Android system because of its openness, and so it is become the largest market share of smart phone operating systems in the world, and malicious code on the Android platform is also growing rapidly, the users’ economic losses which caused by malicious code was reached 75 million Yuan at the first quarter of 2014 with the rise of mobile payment. Therefore, it is important to study malicious code in order to prevent them from spreading.At present, there are two mainly malicious code detection based on behavior, one is dynamic detection and the other is static detection on Android platform, and dynamic detection needs to software running in a controlled environment and then records its action, but it easy to miss the malicious behaviors which are not triggered, while the static detection needs to reverse and analysis them, but it is not good at detecting the malicious code which is deformed in traditional. This thesis proposed a prevention solution that is based on the similarity which is the calling sequences of sensitive API according to the malicious code behaviors where are summary from 30 kinds of malicious code captured recently on Android platform, it is better than traditional detection method.Firstly, this thesis studies the feature of malicious code for extraction, the weight of sensitive API distribution technology and the similarity matching technology. Secondly,this thesis designed a malicious code prevention system AndroidDetection according to the above technology. AndroidDetection is composed by client and server. The client is monitoring application installation action, the application of APK file in MD5 or DEX file is sent to the server by the client when the application is installed. The server detects malicious code by the DEX file, the calling of sensitive API, the algorithm of TF-IDF in data mining and similarity matching. Finally, AndroidDetection is good at detecting malicious code by tested it on Android platform being compared with King Soft and360.