| Android is an open-source mobile operating system released by Google in 2007.It is both open and efficient,widely favored by mobile phone manufacturers and developers,and now has highest market share in the mobile operating system.However,due to its openness and popularity of the Android system,Android operating system has become the main target of malicious applications.Currently,malicious applications are constantly emerging on the Android platform,meanwhile,and the means by which malicious applications use to evade existing detection tools are becoming increasingly complicated.It is necessary to seek a more efficient detection technology to automaticly and intelligently detect Android malicious application.Based on the above background,this article conducts in-depth research on the Android malicious application detection.Also this article designs and implements an Android malicious application detection system that combines static malicious detection technology and dynamic malicious detection technology to ensure automation and intelligence for Android application detection.The system ensures both the accuracy and efficiency of malicious application detection.The main research results are as follows:1.A static malicious application detection model based on N-gram is proposed.This model decompiles the Android APK file by reversing engineering,and uses N-gram technology to extract features directly from the bytecodes.It avoids the dependence on expert knowledge in Android security.At the same time,the model uses a deep belief network to learn quickly and accurately.By testing 1267 malicious samples and 1200 benign samples,the result shows that the overall detection accuracy of the model can reach up to 98.34% when length of N-gram equals to 7.2.Designs and implements a non-invasive dynamic malicious detection tool in Android platform.The detection tool can record the runtime behavior of the Android application without any modification of the application.At the same time,the detected application will not perceive the presence of the detection tool so that it eliminates the influence of malware's evasion machenism.3.Designs and implements an Android malicious detection system that combines static and dynamic malicious detection.In the static detection module,the system uses the static detection based on N-gram and the static detection based on sensitive APIs and permissions to detect and analyze the application respectively.The dynamic detection performs further detection and analysis on the static detection results.The experimental results show that none of static analysis is misreported,and the dynamic detection analysis can effectively analyze the applications which static analysis module is not certain about. |
PDF Full Text Request