| Nowadays the Mobile Internet develops fast,smart phones becomes popular rapidly,and mobile phones running the Android operating system is also accounted for a large proportion. More and more people have to rely on smart phones,however the number of Android virus and devices infected is also growing fast.Study on the detection technology of malicious Android software is on urgent need.At present,since Android is created soon,detection of Android malware is based on the traditional binary code detection, which is deal in the detection rate?false alarm rate etc.So we selected the malicious of several coverage over 90%, puts forward a detection model based on the SVM theory according to the behavior of Android software.This model consists of two parts:static detection and dynamic monitoring,puts forward a layered structure : “API sequence- basic behavior sequence- malicious behavior”.After extracting the characteristics of samples,we create a self-learning mechanism based on the value standard of SVM theory to select characteristics.Then we establish the rule set, add the characteristics extracted from untested samples to the SVM to get it detected.Both static modules and dynamic module are created based on the model,we also make some improvement according to the operation characteristics of Android:The dynamic detection module change the code of taintdroid engineer,modify Android monitor which simplied the catch of virus behavior.According to the prototype system, the known virus sample ? unknown samples and normal samples were tested,we also compared the detection result with the main security company.The final test data show the validity of the model,we put forward the idea of improvement and expansion ofthe system according to the test results?... |
PDF Full Text Request