Research On Android Platform Malware Detection Technology Based On Dynamic Stain Analysis

The rapid development of information technology and intelligent terminal technology has a profound impact on people's life,work and study.Mobile devices play a more and more important role,meanwhile,the operating system based on mobile devices has also made rapid development,and Android is the most popular mobile-side operating system.Mobile devices bring convenience to people,at the same time also lead to a series of security issues.Android as the most popular mobile-side operating system,has a large user base worldwide,it has also become a major malware target,facing a huge of security threats.In view of this,how to detect Android malware is a major problem to be solved urgently,which has become a hot topic in the field of mobile security concern one of the topics in recent years.For the problem of detecting Android malware,We propose a dynamic detection method based on permission,API call,component registration and behavior based on a thorough study of the existing detection methods and the characteristics of Android malware.The main contributions of this paper are as follows:(1)Proposed the realization of dynamic taint analysis technology based on Android platform on the research of Android system and its security mechanism,the characteristics of existing malware detection methods and the dynamic taint analysis technology.On this basis,this paper presents and the malware behavior based on dynamic stain analysis technology Detection method.For dynamic detection,we proposed a automatic execution and behavior trigger method for the Android application.Android application can be automatically executed from event-based and data-based,simulating application's click and other event operations,for receiving external data components,run components with the corresponding type of data,which can fully trigger its possible malicious behavior(2)Based on the characteristics of android malware's permission and API call,a combination of features is formed by extracting the features of the permission and the corresponding API calls,and to detect Android malware through the combination of features;We analyze the two components of broadcast receiver and content provider registered by the Android application;detect its response to system events and the use of privacy data,which is one of the characteristics of detecting malware.(3)Design and Implement an Android malware detection system based on the above detection method,which can automatically execute the application to be detected,trigger its malicious behavior and detect its maliciousness.from permissions,API calls,component registration and behavior.