Research On Android Platform Malware Detection Technology

Smartphone has brought convenience to people’s lives but also suffered a serious security threat. The endless stream of malicious attacks has brought heavy losses to the user of mobile phone. Android is an open-source operating system, so it’s easier to launch attack in Android than in other operating system. So the Android platform has sufferd the hardest attack. Researching the detection method of malicious software on Android platform is valuable and necessary.This paper has studied the security system of Android platform, introduced the commonly used detection method, and combined the static behavior detection method and the dynamic behavior detection method to detect malicious software.In the aspect of static detection, put forward a static detection method based on mixed feature. Firstly, use the permissions features and API function features of the APK file to construct the feature vector. Then, calculate each feature’s information gain to define features’ weighting value, and present the improved naive Bayes classifier based on feature’s weights. Lastly, use the Bayes classifier to detect samples. Collecting normal app and malicious app to construct sample-set and using the proposed static behavior detection method to test samples, the result is that the correct rate is high and the false alarm rate is low. The experiment proves that the proposed method is effective.In the aspect of dynamic detection, put forward a dynamic detection method based on support vector machine. Firstly, gather the normal and abnormal system information, such as CPU usage, the remaining memory size, process number, battery power, to construct the feature vector. Secondly, use the improved support vector machine based on K nearest neighbor algorithm to constructed classifier. Lastly, use the classifier to detect samples. The experimental results of the UCI data set and the Android data set verified the effectiveness of the proposed method.Combine the static detection method and the dynamic detection method to detect malicious software of Android platform. The comparison to 360 and Rising verified the validity of the integrated solution.