Research On Security Analysis Based On Android Application

With the rapid development of science and technology,smart phones have become people's essential daily necessities.Due to the openness of the platform,Android system get a lot of support of developers and manufacturers,Android applications continue to expand the scope.With the increasing of the number of applications and users,Android applications are faced with more and more attacks.For example,malicious code have permissions to read user sensitive data and send it to the server,or the developers use ICC mechanism wrongly to send sensitive data,the attackers steal sensitive information by disguising the recipient.How to determine whether the Android applications are safe or make malicious attacks is users and developers problem need to solve.Firstly,based on the applications malicious behavior and the ICC mechanism used maliciously,this thesis analyzes the existing static analysis technology and dynamic detection technology.For the dynamic detection technology is complex and many malicious application may bypass the detection mechanism and other reasons,this thesis presents two types of static analysis techniques based on machine learning analysis and formal analysis.Secondly,for the malicious behavior in applications,such as leaking user sensitive data,because of its malicious characteristics,we use machine learning technology for checking.The analysis scheme first extracts the permissions and API features based on the known good and malicious samples;then uses a variety of machine learning methods to train different classifiers;and finally uses the classifiers to determine whether the unknown sample is a good applications or a malicious applications.Thirdly,in addition to malicious code written by attackers,there may be threats caused by improper use of various types of mechanisms.In order to detect the potential attack paths caused by the developers using the ICC mechanism Incorrectly,it is necessary to analyze the data flows between the applications components.In this thesis,we choose the formal detection scheme to detect it.This scheme first accesses to the components using ICC,intents,permissions and sensitive flows information based on the FlowDroid and Soot;this scheme then establishes the formal model of the Android ICC mechanism and applications model information using the formal language;and this scheme then establishes the model detection sentences according to the common attack models,uses the formal analyzer to perform the model detection;finally,the test results are fed back to the users.At last,in order to find the classifier which has the highest accuracy,this thesis uses eight different machine learning algorithms and three different static features to train different classifiers.The experiment shows that the random forest classifier achieves the highest accuracy(98.08%).Simultaneously,In order to verify the validity of the formal analyze scheme,this thesis conducts automatic tests,correctness tests and performance tests.The tests show that this scheme can detect attacks between multiple applications and provide test reports,facilitate user to identify the risks of these applications,but the performance needs to be optimized.At present,there are still many challenges in the research of security analysis technology based on Android.The methods proposed in this thesis provides a new way for the researchers and provide theoretical and technical support for enhancing the research and development of safety analysis.