Design And Implementation Of Malicious Code Detection For Android

With the rapid development of Internet of Things, mobile Internet applications and content is more and more rich, more of the application of the integration of the user's life needs also arise, such applications and content to promote the development of mobile Internet users, but also makes the smartphone user experience quickly upgrade, the application of loaded by the terminal is also becoming diversified. At present, on the whole of intelligent terminal market, the Android system accounts for an important share, however, due to the openness of the Android system, causing it to become a major target of malicious code,having a serious impact on the entire mobile Internet healthy and stable development. So the Android operating system security analysis and the mobile terminal malware detection technology is very necessary.In this paper, as the research platform of Android operating system, mainly studies the Android system architecture and security mechanism, malicious exploits that classification and the generation of the vulnerabilities of Android operating system. By analyzing shortcomings of traditional methods at detecting malicious loopholes, designed an automatic detection system for Android system of malicious behavior, and gives the system requirements analysis, design and the implementation process. This system mainly uses static analysis and dynamic analysis methods to detect malicious behavior sample,without use the traditional morphology and syntax analysis,but through the data flow analysis to find if there are sensitive API and sensitive field in the application, and whether these sensitive fields as a parameter was sent out by sensitivity function, in order to determine if the application is a malicious program.Considering the system running time and accuracy also exist deficiencies, so this paper first to uses the SMO classifier to classify the sample, second to mini the sensitive permissions of applications by an efficient HEA association algorithm,calculating the frequency of use of certain types of sensitive privileges as malicious threshold is compared with the test sample, to determine if the sample generatedmalicious behavior, By using the algorithm not only improves the speed of the system,but also makes the system to reduce the number of false negative rate.At the end of this paper, the research content is summarized, the main work is described, the shortcomings of the paper is pointed out, and makes a prospect for further work.