Research On Abnormal Behavior Analysis And Detection Methods Of Android System Application Permissions

Android system is the most popular opera ting system in the world.It gets the user’s favorite by its strong functions,rich applications and friendly interface.Android system provides people that lets convenient to travel and generate economic benefits for people.At the sam e time,Android system is attached by outlaws and m alicous applicationsincreases fast.So,to protect user’s security for information and property,The research of malicious application detection on Android system is imminent.In order to improve the accuracy of dete cting malicious applications,this paper proposes a combination of chi-square test,naive Bayesian classification and Apriori algorithm to detect malicious applications.The main contents of this paper are as follows:(1)Analysis of the Android system four-tier architecture,security mechanisms and cross-process communicationin Android system.Android system is based on the Linux operating system,in addition to some of the Linux security mechanism,it has its own unique security mechanisms and architecture design,but there are still som e security vulnerabilities.In or der to protect the Android system security,we m ust study its security mechanism.Understand the authority of the Android system is an indispensable important component,all sens itive API calls need to apply for the appropriate permissions,through the study of au thority is an effective way to detect malicious applications.(2)A method based on Apriori algorith m,naive Bayesian classifier and chi-square test is propos ed.Through the existing Andr oid malicious application detection program research,taking into acc ount the advantages and disadvantages of static detection and dynamic detection,the final choice of static detection.Through the preprocessing of the perm ission for chi-square test,the com putational complexity is reduced,and then the frequent pattern m ining is carried out to find the m aximum frequent itemsets in the conf idence level,which is the c lassification of the naive Bayesian classifier training.(3)The NApriori detection schem e was va lidated by experim ent.In order to improve the accuracy o f the experim ent,the experim ent uses a lar ge number of malicious applications and non-malicious applications as a sam ple,using ten fold cross method to verify.The experimental results show that NApriori detection scheme has higher accuracy th an other schem es,and the ratio of nor mal application to detection of malware is 82% and 83%.