| Along with the wide use of smart mobile devices and the rapid development of mobile Internet technology, the application of mobile intelligent device should be paid more attention.Due to the openness of Android, we can find all kinds of applications in Android Market, at the same time, many security threats such as malware and Trojan appear constantly.Firstly, this paper proposes a mobile honeypot, which can decoy, capture and analysis malwares for the increasingly attacks on mobile intelligent terminals. The MHP contains three kernel modules that is decoy module, malicious behavior capture module and malicious data analysis module. The experimental results show that MHP can capture the malicious behavior effectively and is suitable for deploying on mobile terminals.Secondly, this paper proposes a malware classification method based on text mining.The classification process mainly contains four stages, code string extracting stage decorticate and disassemble malwares, extract malwares structured code strings. Using hierarchical clustering algorithm cluster malwares into malware families is the second stage. Then we need to quantitative analysis the malware families, and get the malware families feature vector.Calculating the distance between the malwares captured by MHP and the malware families.Then we divide the nearest malware into the corresponding malwares' family. Through the classification progress, we can better analyze malwares' mechanism.Finally, we design two experiments to verify the malware classification method. The first classification experiment is based on MHP, results show that the method is effective. The second experiment is based on data sets, the results show the accuracy of the method.Through the analysis of distance matrix and Youden index prove that the malware classification method can accurately and efficiently classify malwares. |
PDF Full Text Request