The Research Of Mobile Application Behavior Analysis Based On Hybrid

Android malware applications are increasingly emerging with the update of the Android system and the development of mobile Internet.The complexity and concealment of malicious behaviors is a great challenge to the detection of Android application.In the recent research,the detection is mainly divided into two kinds:dynamic detection and static detection.Dynamic detection has high complexity and low code coverage,and static detection can not get accurate information.Based on this situation,this thesis proposes an Android API call analysis system based on multiple detection.The purpose is to extract application information through static detection technology and user behavior analysis to supplement the deficiency of dynamic detection,and analyze the mixed data to get a quantitative evaluation result.This article mainly includes the following research contents:(a)This thesis proposes a static data acquisition which includes the analysis of user behavior and the analysis of Android component.The technology analyzes the Android package through decompilation.Then the application interface associated with user interaction is analyzed and the user behavior model is established,which is used to establish the access probability of components.The usage of Android API is estimated based on the decompiled data and the access probability of component.This thesis tests 97 common applications in server environment.The static analysis proposed in this thesis can extract more information than the existing static analysis,which is a complementary addition to the results of dynamic analysis.This study making the data extraction more comprehensive.(b)Based on the static test results and dynamic detection results,this thesis designs and implements an application evaluation system which contains data process function and data analysis function.The data dimension of the two analysis results is filtered to obtain a common multi-dimensional behavior data.Then the dimensionality reduction method is used to process the mixed data to effectively reduce the difference between the dynamic analysis results and the static analysis result,which can improve the recognitive ability of the classifier.The output data of the dimensionality reduction methodis is analyzed by machine learning algorithm and the evaluation result of the application is obtained.Empirical evidence show that the recall rate of the system is 94.4%and the correct rate of classification is 94.3%,which represents a batter classified effection the Classification of dynamic analysis result.The test and verification show that the Android API call analysis system based on various detection methods proposed in this thesis has a certain value of research and practicality.And the system provides a reference for further research on Android malicious application detection.