| In recent years, with the rapid development of mobile internet and app emerging, intelligent devices, such as smart phones, brought great convenience to people’s life, meanwhile, which are becoming the essential tools in the people’s daily life. Android system has been the mainstream operating system of the mobile platform due to its open-source characteristics used by major manufacturers.With the increasing market share of Android system, Android malicious codes are becoming a major factor which harm the Android system user information and property security. According to the latest Internet mobile security report released by Baidu mobile guards, an explosive growth about Android malicious code has been witnessed. Therefore, the detection technology of malicious code for Android platform, has become the focus of the research and discussion in the field of mobile security.This thesis mainly focuses on the Android malicious code detection. Combing with the traditional detection technique, this thesis proposes a static detection method including malicious factors and components similarity, and the dynamic detection method for behavioral data analysis, and then presents a detection system prototype. The main work of this thesis includes:On the one hand, the detection technology of malicious code on Android platform was discussed. Firstly, the Android system framework architecture, and the key process of service system as well as component were introduced. The security mechanism of Android system and application was analyzed, which pointed out the defect in system security mechanisms. In addition, the malicious code detection technology was also introduced in this thesis. This thesis has taken the deeply reverse analysis and research on the malicious code of Android platform. The ELF encryption technology, danamic loading technology and data theft technology are summarized and the common malicious code API was founded. Last but not least, based on the above two studies, this thesis presents the method of the detection of malicious factor, the method of the detection of similar components, and the analysis method based on the adjusted cosine similarity of the behavior data of app, which were combined with current detection technology of the malicious code. Detection system will firstly calculate application’s malicious factor by traversing application permissions and component information, and then use the component similarity detection method to detect whether the application is repackaged malware samples or not, and lastly obtain the application of behavioral data by using the dynamic injection technique and the adjusted cosine similarity algorithm computing applications with the similarity of all malicious code behavior data. Combined with these three detection methods, the detection system can give the application on the test report.On the other hand, the design, implementation and test of the prototype of the malicious code detection system on the Android platform were presented. Based on the above proposed malicious factor, component similarity and adjusting the cosine similarity algorithm, the thesis has realized the detection system of fast static detection and dynamic detection of application code behavior data. The prototype system can detect the Android malicious code perfectly, which not only can avoid the technique interferences of the dynamic loading, code obfuscation and so on, but also can improve the detection rate of malicious code, and reduce the workload of analysts. |
PDF Full Text Request