| With its high market share, the Android platform has become a growing target for mobile malware, which posed great threat to customers’safety. Meanwhile, malwares employed various techniques, taking code obfuscation for example, to evade detection. This thesis works on three points as follows:(1) A semantics-based malware detection approach named SFExt is proposed. In this approach, we extract source-sink flow from Android app which can resist common obfuscation techniques to generate semantics-based feature, and also use feature collection from code and app characteristics through static analysis. Real-world malware samples are used for experiments and the results of experiments have proved that this approach improved the efficiency with TPR of 2.49% higher than previous approach.(2) An improved FrequenSel feature extraction algorithm is presented. Considering the defects in low frequency field of the original FrequenSel algorithm, for features from code and app characteristics, we improve the FrequenSel algorithm by take word frequency into consideration. Experiment compares simplified Chi-Square, Information Gain with the improved FrequenSel algorithm, and proves that the improved FrequenSel algorithm get a higher rate in Accuracy and Recall.(3) The scheme of MRAnalysis to reveal the relationship between Android malwares is designed and implemented. Starting from content and properties of file, we extract meta-info feature and 2-gram Dalvik opcodes and operands, and use SPI (Simplified Profile Intersection)method to analysis similarity between malwares from Gnome project.Meanwhile, the threshold value which represents the relationship between malwares is defined to calculate and measure relationship of a given sample set. The original sample set can be reduced to a small set which is more representative by the process of MRAnalysis which can lead to the efficiency of future work. |
PDF Full Text Request