The Malware Detection Of Android System Based On Application's Multi-information

In recent years, Android system quickly occupies the market of smart mobile devices due to its open source features. Meanwhile, its open source features also attract a lot of developers and criminals, this leads to the security threats and malware of Android system emerge in an endless stream. The phenomenon of malware flooding shows that the detection and recognition of malware under the Android platform is imminent.This paper proposes a detection model of Android system which takes the application's multi-information as the behavior information. Firstly, we made a research of the Android system's security mechanism, the Android system's malicious behavior, typical malware and the advantages and disadvantages of the mainstream classification algorithm in malware detection of Android system which provides a theoretical basis for the proposing of the detection model. Secondly, we made a design of the detection model. We selected the application's multi-information as the detection model's behavior information, used the blacklist to match the application's signature to filter out part of the malware and used the whitelist to match the application's signature, broadcast information and service information to filter out part of the benign applications, then we removed the application's redundant behaviour information and quantified them as n-dimensional behaviour vectors and used the behaviour vectors to train the detector to figure out the optimal hyperplane according to the geometrical interval, then used the trained detector to detect the malware. Again, we used the Android system's library function, the knowledge of disassembling technology and J2 EE to describe the prototype system of the detection model and we also provided the logic structure diagram of detection model's prototype system.Lastly, we selected the experimental environment to fulfill the detection model and we used the Android simulator, Android mobile devices and PC to test the detection model. The experimental results show that the detection model has a higher detection rate and the comparative experiment proves that the detection rate of the detection model is higher than the current mainstream detection algorithm. The experimental analysis and comparative experiment prove that the detection model proposed in this paper has high detection rate and good application which can satisfy the rigid demand for detecting the malware currently.