Design And Implementation Of Sandbox-based Android Malware Detection Engine

With the rapid development of Internet technology,especially the wide application of mobile application technologies,people are increasingly dependent on mobile applications.At the same time,there are more and more security issues that should be mobilized,such as fraudulent SMS,malicious sucking fee,data theft,etc.,resulting in a vast number of users of data,property,privacy and other threats.In response to these problems,domestic and foreign security researchers have also proposed a large number of malicious software detection programs,mainly based on static analysis and dynamic analysis of the two types of methods.However,these methods all have certain disadvantages when detecting Android malware.At the same time,due to defects in computing power and battery resources of mobile devices,the security problems of Android-based software are more prominent.Aiming at the disadvantages of the existing Android malware detection,this paper proposes the scheme and implementation method based on Android malware detection engine.The scheme and implementation of the engine enables mobile users,mobile developers,and security researchers to upload mobile applications to the engine through an API interface.And the engine automatically completes the security analysis of the mobile application,then the user obtains application detection results through the API interface.In this engine,the sandbox-based mechanism enables each test to be carried out in a separate,completely new environment.What's more,the malicious behavior of malicious programs in the sandbox cannot pose a threat to the host.At the same time,the engine combines static detection methods,dynamics detection method and linkage with well-known malware virus database can automatly detect the malicious code and synchronize the virus library in real time,so that it can well detect whether the Android application is malicious software.Compared with the traditional Android malware detection engine,the sandbox-based malware detection engine in this thesis has the following advantages: First,the sandbox-based mechanism,independent of the detection environment,makes each detection relatively independent,and the host computer is free from malicious software.damage.Secondly,through the API of the Hook Android system,it is linked with the online virus database and the detection results are more comprehensive and accurate.Third,the combination of Python language and sandbox technology makes the engine cross-platform.Fourth,interacting with the target user in the form of an API,the operation is simple and the compatibility is strong,so that the engine can be easily integrated with other platforms.On the basis of the design and implementation of the engine,a large number of mobile applications downloaded from the Internet are used to detect the engine.Through field testing,it has proved that the engine has a good ability to detect Android malware,which fully proves the effectiveness and practicability of this engine.