| Android is currently the most popular smartphone operating system,because of its powerful features,good performance and open source feature.As the number of Android users and applications are growing rapidly,the unrestricted online uploading and downloading of applications by users and third-party application stores make the quality of application difficult to monito.Moreover,a lot of malwares targeting at Android terminal have been found running on users’ mobile phones.Therefore,it is of great significance and application value to find an accurate and efficient method for Android malicious code detection,so as to protect the privacy and property of Android users.This paper mainly studies on the malware detection technology for Android terminal.The main contents are as follows: 1)In order to realize rapid detection of Android malicious code,and to fully describe the static characteristics of the Android malware family,this paper proposes a multi-class feature model of the malware family.By using static analysis method,multi-class features are extracted,based on which a malware detection mechanism is proposed.Experimental results show that the proposed method can guarantee high detection accuracy and efficiency.2)Since the static detection method can not get dynamic behavior of the application,this paper studies on the malicious code detection technique which combines both static and dynamic methods,uses Sandbox mechanism to track and monitor malware behavior,and provides methods for static preprocessing and dynamic feature extraction.Then a multi-label detection mechanism for Android malware using random forest is designed.Experimental results show that the combination of static and dynamic methods can effectively obtain malicious behavior of the software.Also,when the number of training samples is relatively large,the dynamic detection method based on machine learning has higher detection precision than the static method.In this paper,based on the above research,a malicious code detection system for Android terminal is designed and implemented.Experiment shows that the detection mechanism designed in this paper can effectively solve the problem of Android malicious code detection,and has better ability in terms of multi-label detection of Android malicious code. |