| With the development of Mobile Internet, Android has became the biggest intelligent mobile termination platform in the world. For the open-source system and opening market, any third party can develop application software and uploads it to the application market, which lacks uniform security standards and has greatly stimulated the spread of mobile malware. Android malwares, which bring security threats to users, have been used to steal individual privacy and business secrets, and the incident increased dramatically. Therefore, it is very important to strengthen the research of analysis and detection technology on Android malicious code.In this paper, by comprehensive analysis of a large number of android malware program, samples are collected from work, including the types of the android malicious permission and the use of frequency, which determines the need of focusing on the static analysis of the authority. Generalize an active method of the android malware and sum up an effective method of analyzing the behavior of malicious software from information security assessment practice.In this paper, the static and dynamic analysis of Android malware samples are used for the analysis of the existing android malware, and the similarity hash algorithm Simhash is applied to the malicious software detection field. A method for the detection of the complex characteristic comparison of Android malware is proposed. The APK-featured Text are composed of the access to the permission, the Broadcast Receiver, and the service. The NCD (Normalized Compression Distance, NCD) is used to characterize the similarity of the text of the malicious program, and the problem of the feature fingerprint of the malicious program is converted into the problem of text similarity detection. Finally the paper realized the Android malware detection based on Simhash algorithm, which effectively improved the efficiency of the analysis and detection of malicious programs. |
PDF Full Text Request