Research On The Static Detection Method Of Malware On Android

With the development of mobile Internet and the continuous improvement of hardware performance,Mobile terminals have occupied an important position in people's daily life.Mobile terminal devices include social,entertainment,communication,and more convenient.In recent years,mobile payment technology has greatly facilitated people's life,in which smart phones are an indispensable part of people's lives.However,as smartphones are more closely connected to people,their potential potential is becoming more serious.More and more malicious applications,driven by interests,threaten the security of the property and the security of the privacy of the user.The Android system,as the mainstream operating system,has become a gathering place for malicious applications.Once the user's mobile phone is infected with malicious applications,it will cause serious loss.How to effectively detect Android malicious applications is an urgent problem to be solved.This paper focuses on the static detection method of malicious applications in Android devices,and proposes a detection method using the combination of potential sensitive permissions and permission information.It uses machine learning method to detect Android applications and implements a complete detection system.The main research results in this paper are as follows:(1)The single permissions feature does not fully reflect the function and nature of the application.A static detection method based on the combination of sensitive permissions is proposed.This paper analyzes the correspondence of the permissions and functions in the Android application and the machine learning classifier based on the potential permissions combination in malicious applications.This method uses the Apriori algorithm to excavate the potential sensitive permissions combination in malicious applications,and finally trains the naive Bayes classifier to detect the test samples.At the same time,this paper proposes an additional feature method to solve the assumption that all the features of the Bayes classifier are completely independent,which is applied to the detection accuracy loss caused by the incomplete independent permissions feature.(2)Some malicious applications and benign applications are difficult to distinguish only by permission requests.A static detection method based on information gain is proposed in this paper.We analyze the characteristics of all permissions in the benign application and malicious application,and filter out the characteristics of information gain which are larger in malicious applications,and combine machine learning methods to detect Android applications.The Android permission request is used for detection in a more fine-grained way.(3)A complete static detection system for Android malicious applications is realized by combining the detection method proposed in this paper.This paper explains the detailed process of sample processing and algorithm implementation,analyzes the advantages and disadvantages of the two detection methods proposed in this paper,and combines them to improve the detection effect of the whole system.Finally,the present work is summarized through detailed experimental analysis and comparison,and the future work is prospected.