Privacy Protection Oriented Malicious Application Analisis And Detection Method In Android Platform

With the rapid development of the android system and smart phones,android applications show explosive growth.As android third-party application market regulation is not strict,many normal applications are embedded malicious code,which can theft user privacy.Malicious applications are re-packaged and uploaded to the android market.Common means of stealing user privacy includes: Obtaining user privacy data by acquiring illegal permissions,reading user’s privacy data by monitoring specific system broadcast actions,bypassing traditional HIPS detection through customing API Hook to read user’s privacy Data and so on.Therefore,how to effectively ensure the privacy security of users is an urgent problem for android system to be solved.To solve the above problems,this paper analyzes the characteristics of android system and the privacy protection needs of android users.We put forward a malicious program analysis and detection framework(RbBayes)for privacy protection under the android platform,and we focus on breaking android broadcast action analysis,privacy awareness permissions analysis and malicious application detection and interception of three key technologies.The main research findings are as follows:1.We have proposed an android broadcast action analysis method based on naive Bayesian.Firstly,the method uses the keyword matching arithmetic to get application staticly registrated broadcast action in the manifest.xml;Secondly,we learn from the Xpose framework to Hook broadcast callback method onReceive()to find the actual operation of the application triggered broadcast event;At last,we analyze and summarize the possible leakaging user privacy broadcast action based on the Drebin malicious program dataset and naive Bayesian machine learning algorithm,for the follow-up android malicious application to provide the basis analysis.2.We have proposed a privacy privilege analysis method based on minimum authorization.Firstly,the method extract the manifest.xml file of android application based on APKTool,and we extract the permission information of the application registration by keyword matching.Secondly,the RBAC policy library is constructed based on the minimum authorization principle,and we define the minimum authority set of the legitimate android application.Finally,the experimental results show that the method has high detection accuracy rate for malicious android applications with illegal permissions on the real android device,and the RBAC strategy library.can provide suggestion for following android malicious interception.3.We have proposed a method for detecting and intercepting malicious malicious programs based on RBAC.Firstly,the method dynamically inserts the Linux kernel module,which realize the monitoring of the malicious application kernel function calling.Secondly,the malicious behavior detected by the kernel layer is passed to the user layer through Netlink technology,and the method determines whether the android application contains malicious broadcast action by the android broadcast action analysis Methods and builded the RBAC policy library,which leaks user privacy and whether there is a set of permissions that leaks user privacy.Across which to determine whether the application exists the risk of leaking user privacy.And then,we compared the method with the traditional HIPS system for security analysis,the result shows that the method of detection module is deployed in the kernel layer,which could prevent malicious applications bypass system detection by themselves Hook operation,so it has higer security.Finally,the results show that the proposed method has higher detection rate of malicious programs4.We have implemented RbBayes prototype.Firstly,based on the proposed android broadcast acion analysis method,privacy consciousness privilege analysis and malicious application detection and interception method,we put forward the design thought,architecture and execution flow of RbBayes prototype.Secondly,we simulate user scene on the real android device,then we deploye the RbBayes prototype,and finally,we compare our work with the classic malicious android application detection method,the experimental results show that RbBayes has a higher malware detection accuracy and better performance.