Researching Android Feature Extraction Library Based On Reverse Engineering

Along with the rapid popularity of smart phones in recent years,the number of malicious apps for smart phone users is growing.In the face of malicious code behavior secondary reuse development and a malicious APP automatically generated technology makes a malicious act of APP development efficiency greatly improved,and the existing library the malicious behavior characteristics of the complex,the phenomenon such as good and bad are intermingled.So a comprehensive,stable,extensible malicious feature library is needed,the precision of malicious behavior software can be effectively improved and it can deal with malicious behavior evolve phenomenon.Based on reverse engineering of APP,the malicious feature library based on text mining and information retrieval research method is proposed.A malicious behavior evolution relationship tree is established to analyze the evolution relationship between malicious behavior.The following is the specific work.First,a malicious application characteristics of the library can be established by decompiled App.Then the output can be represented as SCFG flowcharts.The experimental results show that this step can greatly reduce the final size of the library of malicious application characteristics of the library.Second,through the text mining algorithms to construct a malicious feature library,compute weights of code block in the corresponding malicious eigenvector,and through the automatic classification experiment,the experiment results show that text mining algorithm to build malicious behavior characteristic library is feasible for automatic classification of malicious behavior.Third,through clustering analysis algorithm to the malicious behavior analysis can get the evolution of the relationship between the family of malicious behavior.The results show that the species evolutionary tree also can be applied to the evolution of the relationship between malicious applications.Experimental results show that this method can effectively deal with malware applications,and the malicious behavior of evolutionary tree can be used to analyze the evolution of the relationship between malicious application,also it is advantageous for the analysis of the unknown malicious applications.After the experiment,the result proved that the proposed construction of malicious behavior feature library method for static analysis of malicious applications provides a reliable basis,and can effectively improve the malicious behavior detection precision and efficiency.