Research On Key Technology Of Abnormal Behavior Detection Based On Android Application

In recent years,mobile Internet and smart terminal have been developed quickly.Smart devices have advantages of convenient network access and powerful computing capacity.Thus,it has been widely used in human's daily.However,while we are enjoying the great convenience of the use of smart devices,we are also facing serious security problem,especially on Android platform.Android platform has quantities of application markets that hosted by third parties.But their security inspection mechanisms are uneven.Many malwares would introduce themselves to users in the disguise of normal applications like games or tools.However,they actually do some malicious behavior like illegal deduction or stealing privacy,which also bring serious threaten to our privacy and economic security.To overcome this problem,the technology of Android application abnormal behavior detection is investigated from two aspects,static detection and dynamic detection,in this paper.The main research is as follows:To realize static detection,an algorithm which can be used to compute the similarity of two Android applications is proposed here.We can use this algorithm to compute the characteristic codes of two applications quickly,and then output an average similarity of their instruction logic sections as the similarity of two Android applications.By using the proposed algorithm,we can effectively measure the similarity between malicious applications and normal ones,as well as distinguish the former from the latter.For the dynamic detection,we mainly researched the key technology involved in the whole dynamic testing process.The risk sensitive behavior in Android applications is summarized first,and then Android system framework layer source code is modified,the records is also embedded in each of Android system function module which performs sensitive operations.Moreover,the installation and operation of applications is simulated by the use of Monkey tool.Real behavior information of the application is also detected in the background of Andorid virtual machine.In addition,as an experimental supplement to dynamic detection technology,we also simulate the scene of some malicious operations by the control commands,and then record these behaviors into the Test Results.