| As the development of mobile Internet, Smartphone is being used more and more widely. The functions of the Smartphone are being more and more powerful. The usages of Smartphone bring us big conveniences from shopping to learning. As the proposing of the "Internet plus", the use of Smartphone will be wider than before. For these reasons, the eyes of the hackers have been shifted from the PC system to mobile system. Among all mobile systems, Android system is now the most-widely used Smartphone operating system and is easy to be attacked. So, to detect Android malwares quickly and accurately is the most important issue to be solved in mobile security area.The article takes Android system as the object of study. At first, the article introduces the history of emerge and development of Android system, then explains the reasons why Android malwares are being increasing so quickly, at last analyzes the security mechanism of Android system. On basis of these, the article proposes a method called LWD which can detect malwares quickly. The method is on basis of the differences on the use of permissions between malwares and normal applications. As all methods based on permissions have a high false positive rate, the article proposes a method which is based on the combination of permissions and resources. The experiment shows that the method which is based on the combination of permissions and resources can reduce the false positive rate. The main contribution of the article include following:1) The analysis of Android security mechanism. The article introduces the architecture of Android system and analyzes the security of the Linux kernel layer, the core function layer, application framework layer and application layer. The article points out the weakness of all the layers and presents the basic foundation of Android malware detecting.2) Proposing a static method which is based on permissions. The article counts the frequency of all permissions that is used in Android applications and analyzes the malicious degree of the application. The method can detect Android malware quickly and cost less time than other methods. So the method can provide the foundation for further detecting Android malwares.3) Proposing a method which is based on the combination of permissions and resource files. The article analyzes the difference of the number of resources files between malwares and normal applications and proposes a method which is based on the combination of permissions and resource files. The result shows the method can reduce the false positive rate remarkably. |
PDF Full Text Request