Research On The Key Technology Of Malware Detection Based On Android

With the development of the smart mobile terminals,mobile phones have replaced personal computer and has become another mainstream of the current network connection equipment,with the popularity of the mobile phone network,mobile phone malware and viruses increasing quickly,Android OS as the largest operating system for mobile phones,while the rapid development of Android OS,its potential security threats becoming more seriously.Since the malwares attack in Android OS have become increasingly severe,and it has become as serious problem that we have to face,as well as nowadays,the intelligent mobile teminals close connect with the 3G network,help in the 3 G network and intelligent terminals in close connection with the times,more heavy security risks Android system.A majority of current malware application comes from the Android market,but the management of the application market has a lot of imperfections,these vulnerabilities become the paradise of the malware.So it's urgently need to strengthen the Android malware detection technology research.Faced with the threat of malicious nature of the software,Android system uses its unique set of security mechanisms,Android system uses permissions binding many senesitive operations,and protect these operations from the nisusing,but the permission granting is judged by the users,so it made the effect of the permoissions little changed.The apply of the permission means that the application can use permission-related operations,which makes the role privileges established becomes small.With the help of permissions that if the application uses permission-related operations,then you can probably judge under the authority of the application in the phone to do any work,the more complexity of the combination of competence,to achieve the more complex functions,the more possible malicious action happens,this article uses data mining algorithms mining combination of permissions that malware commonly used,useing the application of these rights as a characteristic combination of application Naive Bayes classifier to classify the software,find the combination of these rights in accordance with the judgment of malware found the method can apply for permission to determine whether malware detection rate is relatively high,and the false positive rate was controlled within an acceptable range.The network monitoring for Android system is not very safe,any application after getting the permission to the network connection can be casual using the Internet,at the same time,many Android malsare s is through the network to achieve the purpose of thecorresponding.Through the study found that malicious software while using network flow and to generate the traffic generated by the time is diffient from the nomarl situation,compared with the user normally use the network,the traffic of a process is very large,and it will happen puickly.Through this feature,this paper expounds a kind of network traffic through the application of classification analysis to identify the malicious software.Capture traffic in mobile phone use traffic and network connection time,by the SVM classifier to classify characteristic vector,eventually determine whether the application for the malicious software.