Analysis And Research On Malicious Behavior Of App Based On Android

Android has a high share of the favor by the majority of consumers in today’s market,and now users of Android mobile phone demand is growing very fast.However,with the increase in the number of Android mobile phones,The malicious applications of Android mobile phones have gradually increased,and it is a problem that can not be ignored now.By study the security mechanism for the Android system,as well as common Android malicious behavior.I found that some Android malicious software developers began to focus in Android network communication.It can generate some malicious behavior by connect some of the network server,such as privacy theft,virus implantation and forced download.The malicious code will be embedded in the normal Android application,and they don’t need to update the configuration file information,which makes some of the currently widely used program lose efficacy just like the program based on authority and API call detection scheme.In this paper,I design a malware detection scheme based on the pattern matching algorithm of intrusion detection model and it can exploit the malicious information between Android malicious application and network server.And it can improve the time efficiency and matching accuracy.The main research contents and results are as follows:(1)First I analyze the Android operating system vulnerabilities in security mechanism,it is concluded that Android system has weaknesses which can lead to it vulnerable to the invasion of malicious applications.After learned the route of transmission of the Android terminal code,I find how many ways Android malicious can attack,and what kind of characteristics each of they have.In the end I study the famous Android security monitoring software at home and abroad.(2)In view of the traditional intrusion detection model is analyzed.Firstly I introduce the traditional single pattern matching for malicious information mining algorithms such as KMP and BM,and then because the traditional algorithm is not well in time efficiency and accuracy,I present two improved strategies,which are based on the finite automaton DFSA respectively,and the improved strategy based on ordered binary tree data structure called SMA.(3)In this thesis,I put forward the C/S structure of intrusion detection scheme.I use the Android virtual machine as the client,and for the service side I adopted Ubantu operating system.It is used to simulate the Android network communication,transmate data message and detect.(4)For the verification experiment,I used Android malware application datasets offered by the north Carolina state university’s Android malware genome project.And for the non malicious application dataset I choose the Google Play Store’s application downloaded by Michael Grace and others.I use those to do sample training and test.