Research On Malicious Behavior Detection Method Based On Android

Along with the wide use of smart mobile devices and the rapid development of mobile Internet technology, the Android system as the most influential mobile operating system, should be paid more attention as well as its security. Due to the openness of Android, we can find all kinds of applications in Android Market, at the same time, many security threats such as malware and Trojan appear constantly.There is a lot of research on Android malicious behavior detection methods at home and abroad, but little is based on the power analysis of malicious behavior. We haven't found a good detection algorithm for malicious behavior to make a comprehensive analysis of power consumption. The time sequence and unidimensional sequence diagram of the power consumption is similar to temporal characteristics of the voice, so that we can use speech detection technology to identify the temporal waveform of the power consumption, so as to realize the detection of the malware. This paper proposes time series analysis method of the power consumption, and put forward a kind of malware detection model based on power consumption.Theories about the the types of malicious behavior are introduced, and also the power consumption of the different malwares. Based on the power monitoring of different Android applications, we find the different application has different power consumption mode and propose a malicious behavior detection method based on the power monitoring of Android system. Firstly, we improve Mel Frequency Cepstrum Coefficient(Mel Frequency Cepstral Coefficients, MFCC) extraction method, and increase the useful information of the MFCC feature vector. Then use the improved MFCC to construct a Gaussian Mixture Model(Gaussian Mixture Model, GMM). At the last, the power consumption information is trained by GMM model, and then according to the classification of application to identify malicious software. Experimental results show that there is a close relationship between power consumption and the behavior of the application, which shows that the power consumption information can accurately detect the malicious behavior of Android system. In addition, a series of contrast experiments have proved that the improved MFCC coefficient can effectively improve the detection performance of the system.