| Android is the most popular intelligent terminal operating system.At present,more and more attackers take the Android platform as a prior attacking target,resulting in Android platform malicious code flooding,causing economic losses,privacy leaks and many other security risks for users.So the Android malware detection has become an urgent issue to be solved in the field of intelligent terminal security.Currently,the malware detection technology of Android platform is mainly based on static detection and dynamic detection,and most of them only pay attention to the characteristics of one aspects of the application.The characteristics of malware are not comprehensive,and the detection ability for different types of malware is in big difference.In order to solve this problem,an Android malware detection technology based on many kinds of characteristics is proposed.A malware detection system based on two aspects-code structure and behavior of application-is designed and implemented.Research content can be summarized as the following:1.A method of detecting malware by applying code similarity has been studied.In order to detect similar malware,this paper uses the code similarity of the application to detect malwares such as repackaging and homogeneous.By extracting the code structure information of the application,this paper presents a similarity calculation method,which can reflect the similarity between the applications and thus identify the similar malware.2.A dynamic test method for Android application based on operation path is designed.In order to solve the problem of low code coverage caused by the randomness of traditional tool test,this paper proposes an automated test method for Android application based on Operation path.By traversing the application interfaces,generating test scripts,simulating user actions,the new test method reduces the searching space and improves the dynamic test efficiency.3.By tracing the behavior of the Android application,this paper uses the sensitive API call sequence to detect malware.Combining the dependencies between API calls,the detection method based on short API sequence and the detection method of Markov chain are proposed.Experiments show that the method can improve the detection accuracy.4.The joint detection model based on multiple characteristics of Android malware is proposed,for the detection of various types of malware.Firstly,the detection method based on code similarity is used to detect the same or similar malware quickly.Then,the detection method based on application behavior is used to detect other malwares,the coverage of detection is improved,and the accuracy and fastness of detection is retained. |
PDF Full Text Request