| In recent years, Mobile Intent gradually matures, all kinds of smart mobile devices has become one of the indispensable tools in people’s studying and working life with the development of technology and many technology corporations have brought their operating system for smart mobile devices. Android is the most widely used operating system for smart mobile devices. Android improved our efficience and user experience of smart mobile devices, and at the same time, also brought the security problem of smart mobile devices. At present, Android has become the platform which has the most malwares, and Android devices are suffering a huge security thread. Therefore, the malware detection technology for Android platform has become one of the hottest topics in the field of mobile security to be researched and discussed.This thesis presents a dynamic detection method combined with similarity and behavior detection based on the traditional detection methods, and designs and implements the detection system prototype. The main works include:First, Android malware and dynamic detection technology research. Firstly, in this thesis, the architecture, components, and inter-process communication mechanism of Android are introduced, security mechanisms of Android are analyzed, and the shortages of Android security mechanisms are point out. Next, this thesis has deep reverse analysis and research on the malwares of Android platform. The hiding technique, event listening technique, data acquisition and transmission technique are summarized, and the characteristics of the malwares are found. Finally, based on the above two studies, combining with the current existing detection technology, for privacy of malicious software, this thesis presents the method of automatically execution of software and behavior triggers, the method of detection based on the similarity of dynamic software birthmark, and the method of behavior detection based on the data tainting tracking. By combining these three methods, the software which to be detected will be automatically executed from the UI of frontend and the events of backend, and the malicious behaviors will be triggered as far as possible. At the same time, software birthmark as software features will be fetched through the API intercept technology in the process of the execution of the software. The software birthmark will be used in the detection of the malware which belongs to the known malware family produced by repacking. Data tainting tracking will be used to monitor sensitive data used by the software detected in system, and detect the behavior of the software.Second, the design, implement and test of the prototype of the malware detection system of Android platform. Based on the above methods, the thesis designs the prototype of the detection system, elaborates the design goals and plan, and implements and tests the system. The prototype can be automatically detect the Android malware, avoid the difficulties presents by code obfuscation, dynamic loading and the emulator environment testing as far as possible, and reduce the workload of malware analysts. |
PDF Full Text Request