| With the fast development of the communication technology, mobile internet is evolved from the connection of people toward the connection of people and all the things. The intelligent terminals play key roles in our daily life, and more and more privacy information are carried by them. Android, who accounts for more than 80% of the intelligent terminal market, becomes the prime target of the malicious attacks. Since Android has many mobile application markets, which lacks unified auditable and supervisory standards, Android becomes the worst-hit area of malwares. Leading to leaks of the privacy of users and the damage of huge amount of property. As a result, more attentions should be paid to the detection and prevention technologies of Android mobile malware, which has very important theoretical and practical significance.In this thesis, a novel Android mobile terminal application is realized based on a consistence of the static detection and dynamic detection technologies. The application consists of a characteristic-code based static detection module and an action-monitoring based dynamic detection module. With the two aforementioned modules, the third-party applications can be classified according to the characters. When the malware is detected, the application can intercept the malicious actions of the malware to protect the privacy of users. The main work of the thesis is as follows,(1). Analyzing the current situation of malware in the Android platform, displaying the existed security problems of the Android platform, listing research achievements on Android security and focusing mainly on the detection technologies of the malware of Android.(2). Displaying a brief analysis of the security mechanisms of Android, including the security mechanisms of the Linux kernel, running environment and application framework, focusing mainly on the static detection related signature mechanism and the application permission mechanism. Then deeper study on the background of the action based dynamic monitoring technologies is displayed, including the Binder IPC communication mechanism, the underlying Linux linking and loading technology, the format resolving of ELF and the key dynamic loading function ptrace.(3). Based on detailed extraction technology of the signature and permission of applications by using PackageManager, each portion of the characteristic-code based static detection module are designed and demonstrated, including signature information comparison, permission information extraction and synthetic matching. An advanced detection and classification method based on naive bayes algorithm is proposed, which can synthetic match the signature information and permission information so that to realized a preliminary classification of the software and improve the detection accuracy.(4). The relevant technologies of the action-monitoring based dynamic detection module is researched. With the conjunction of the static and dynamic detection technology, a final match rules is made so that the classification of the third-part applications and the detection of the malware can be realized. In addition, user-defined monitor and intercept function is also enabled in this application to intercept the sensitive behavior of the malware efficiently. As a result, an application for detection and prevention of the malware for Android platform is realized. |
PDF Full Text Request