The Research On The Mobile Malware Detection Method Based On Android System

Android's open source feature gives the Android system vitality but meanwhile enables it to become hacker's main objective of attack.The research on the malicious software against the Android system is the key content of the handset software security research.The paper introduces the structure, the module and the application procedures of the Android system as well as the established safety mechanism and the loophole in these mechanism to draw out the method which this article proposes.According to the close relationship between the security authority application related API transfer in Android system and the recognition of malicious application software, the paper proposes the concept of sensitive API transfer and has put forward the method of extracting sensitive API in the application software based on smali document.In view of different sensitive API transfers,it uses the AHP to carry on the weighted process to the sensitive API transfer and proposes the improved FP-growth algorithm which makes the connection rule excavation to the weighted sensitive API data set and obtains the excavated rule set for the detection of the malicious software.The paper designs and realizes the malicious software detection system based on the method.The system includes the Android handset end operating procedure and the pc end operating procedure.The pc end operating procedure primarily focuses on the malicious software rule set data mining work. In regards of the limitation of the Android system end, pc end also handles the operation with high needs of resources.The Android system end only deals with some surface development work. Besides,the C/S pattern is applied between the correspondence of the Android system end and the pc end.It uses the authoritative data set to confirm the feasibility and the validity of the handset malicious software detection method. The experiment has tested the malicious software data set and the normal software data set. The experimental result indicates that the false alarm rate of non-malicious software reduces after carrying on the weighted process to the sensitive APItransfer by AHP and removing some frequent but low weight rules by using the support threshold value. Then the malicious software detection rate reaches 81.7% and the non-malicious software detection wrong rate reduces to 11.3%.