Research On Android Security Detection And Analysis Technology

In recent years, with the rapid development of the mobile Internet,mobile intelligent terminal has become more and more popular all over the world, and Android mobile intelligent terminal has the highest market share. The rapid development of Android mobile intelligent terminal leds to the prosperity of its app store, also the safety problem caused by malicious application has become more and more serious. These safety problem such as privacy leak, malicious chargeback, system damage etc,has seriously damaged user's interests. Therefore, the research of Android malicious application analysis technology has very important significance.In recent years, with the popularity of mobile smart terminals in the world, Android platform, the number of users continue to grow, Android platform in the mobile terminal market share in terms of far away from other platforms. In the rapid development of Android mobile intelligent terminal, because of its open system security issues have become increasingly serious, all kinds of malicious attacks after another, seriously damaging the vital interests of users. Therefore, for the Android application security detection and analysis technology research is very important significance.Since the theory of inter-application correlation attacks has been put forward, domestic and foreign experts and scholars have been put into relevant research, various effective detection of related attacks have been put forward. At present, most researches on association attacks are only aimed at mobile intelligent terminals, and there is relatively little research on association security for mass applications, especially for the domestic Android application market, there is not a set of related security detection methods . Based on this, this paper combines the existing research results to analyze the characteristics of associated attacks, this paper presents a combination of risk-based risk and risk factor analysis for a combination of mass applications, especially for third-party application store association Security detection program. The main contributions of this paper are as follows:First of all, the details of the development of the Android platform and security situation, as well as domestic and foreign Android application security detection analysis of the status quo.Secondly, the principle of association attack between Android applications is researched in depth, and the necessary conditions for association attack are summarized. This paper proposes a method based on combination of risk authority and risk factor analysis, which is suitable for mass application, especially for domestic third-party application store Of the associated security detection program. The program is divided into three parts: application correlation analysis, hazard permission combination library screening and application risk coefficient analysis.The inter-application correlation analysis part is responsible for building the component call graph around the risk component according to the source code of the application, analyzing the association between the applications and extracting the application combination with the association relation; the risk authority combination library filtering part is responsible for using the FP-growth algorithm mining And the risk-privilege combination library is used to extract the association application association with the potential association attack threat. The risk factor analysis part is responsible for calculating the RR value of the application by using the PageRank algorithm, and analyzing the application danger Coefficient, extracted with a larger associated security risks of the application.Then, the related security detection scheme is designed and implemented. The related security detection scheme is designed. Then,each module is designed in detail, and the key technologies involved in each module are researched and analyzed.At last, we use the existing malicious application library of the laboratory as a mining sample to mine the dangerous permission combination library and crawl 100,000 applications in a third-party application store as the tested application. The reliability and effectiveness of the proposed security detection scheme are evaluated by experiments. The experimental results show that the proposed association detection scheme can efficiently and reliably detect the applications with associated security risks from the mass applications, and is suitable for the related security detection of domestic third-party application stores.