Design And Implementation Of Android Malicious Application Detection System Based On Dynamic Analysis

In recent years,Android platform developed rapidly for its openness and good user experience.However,the number of Android malicious applications has grown rapidly,effectively vetting Android applications has become an emerging issue.Traditional static analysis is ineffective in anti-obfuscation and anti-encryption.Dynamic analysis is suitable to deal with the obfuscation and encryption of codes.However,the commonly used features in dynamic analysis can not achieve desired result.Therefore,how to extract effective features to characterize malicious behavior and improve the accuracy of dynamic analysis has become the focus of our research.This paper analyzes features in dynamic analysis and introduces 6 kinds of effective features.666 Android apps are used in the experiments and the evaluation results show that combining our 6 novel types of features and the other 9 features are more effective than existing methods.At last we present Droid Vet,a malicious application detection system based on dynamic analysis and static analysis.Our work is summarized as follows:(1)This thesis conducts a meticulous study on the Android system architecture and security mechanism,including the security mechanism of Linux kernel,permission check,sandbox and digital signature.Meanwhile,the paper presents the method of Android malicious applications including dynamic analysis and static analysis.(2)We analyze features in dynamic analysis and introduce 6 kinds of effective features,the 6 features are anti-simulator,hidden apps' icons,packet size,the number of distinct API calls,the number of API calls per unit time and request Root permission.In addition to the existing 9 features and compared to existing work,we improve the TPR with 16.07%and suppress the FPR with 1.31%with SVM,indicating that it is more effective than existing methods.(3)We introduce a system called DroidVet to automatically vet Android applications through dynamic analysis and static analysis.DroidVet runs apps,extracts features and identifies benign and malicious apps with Support Vector Machine(SVM).