Research On Android Malware Detection Based On Permission And Behavior

With the rapid development of smart terminals and mobile Internet,the share of Android system in the mobile phone market has leapt to the first by its advantage of free open source.It is also precisely because of the openness of the Android platform and the growing of Android market share which attracting a large number of attackers leading to the malicious software of Android system deluged.Therefore,the detection of Android platform malware has become an important research area in the field of security.The specific work of this paper is as follows:First of all,the architecture and security model of Android system are introduced.The Android system,as one of the free opening source operating system of mobile intelligent terminal,is powerful and has its unique security mechanism,including four sides such as the Linux kernel,run-time,the framework of applied program and the applied program.But there are still security risks and vulnerabilities.Through an analysis of Android security,it is understood that the explicit sharing of resources and the method of data are the additional function which is not provided to state required permissions to obtain the base sandbox.Secondly,starting from the unique security model of Android system,a detection method of malicious software based on rights is put forward.This method extracts the features of the permissions by static analysis application and the behavioral characteristics by dynamically analytical application,and maps the behavioral characteristics to the privilege feature.But only through a single authority cannot reflect the characteristics of the Android application,because a malicious behavior usually needs the cooperation of multiple permissions,the authority out of the combination has no great threat.Therefore,this paper uses the association analysis algorithm to further explore the association rules among the permission features in the process of the extraction of permission feature,which makes the set of the feature more effective to detection of malicious application.Finally,the shortage of the detection method malware based on permissions is analyzed and the Naive Bayesian classification algorithm is improved by Laplace calibration and probabilistic ratio optimization.By using the permissions feature as a classification feature,behavioral characteristic is added in and become classification feature of Naive Bayesian classification algorithm.And a malicious application detection method is put forward based on the permissions and behavior.Forming a malicious application testing system by implementing the method in Android system,and ultimately through the experiments to validate the effectiveness and veracity of the detection system.