| With the rise and development of mobile internet services,a variety of smart mobile terminal applications have become a necessity in conducting people's daily routines.However,mobile terminal frameworks are similar to the traditional PC platforms.Internet as a service is increasingly witnessing evolving security threats such as viruses and intrusion from hackers.These security threats on the Android Systems are particularly outstanding because of its open source nature;which makes many malicious software focus on it as the main target of attack.In order to solve security threats on Android systems,Google adds a variety of security mechanisms including;Linux Kernel security mechanisms,Dalvik Virtual Machine security mechanisms and among those mechanisms which are specific for the Andrew system.However,many of the current anti-virus software and security mechanisms still face many deficiencies in preventing malicious software.This is coupled with the complexity,diversity and the hidden features of the ever evolving malware.Hence,Android still lacks the ability to proactively prevent security threats.In this thesis,Android platform security is regarded as a fundamental starting point to guarantee applications protection.The study deeply analyzes abnormal behaviors in Android' s terminal applications,using an anomaly detection algorithm.An detection model which is based on abnormal behaviors score mechanism was then designed in several stages,which includes:Firstly,collection of a mobile networks behavior data about Android System Applications under normal conditions such as the(number of packets,bytes flow,stream start time,duration and a series of networks behavior Eigen values),together with the network packets that each application sends and receives.These data are then integrated into the network flow.Secondly,using some pre-processed and the incoming data from the previous step,establish a normal behavior framework using a clustering algorithm by monitoring the real-time applications' data.The anomaly detection algorithm uses similarity computations to calculate abnormal scores from application(s),where an abnormal scores function determines whether the current application program is normal or abnormal.The study concluded with verifying the validity and feasibility of the suggested anomaly detection algorithm;as well as testing its efficiency through some comparison experiments,where preliminary results showed that the anomaly detection algorithm's accuracy was higher than other benchmark anomaly detection algorithm.In addition,the false detection rate was less,using our method than with the benchmark anomaly detection algorithm. |
PDF Full Text Request