Research And Improvement Of Static Detection Technology Android Malware

With the rapid development of Internet,PC Internet is becoming saturated,and the mobile Internet is developing at an amazing speed in recent years.A large number of smart phones,tablet PCs and other mobile smart devices are used.Today has entered the era of mobile Internet.More and more users tend to complete their daily entertainment,learning and even work on mobile smart devices.Mobile intelligent devices have been in every aspect of people's daily life,and become a necessity of life.In recent years,Android has occupied the highest market share of mobile smart devices operating system because of it's openness.At the same time,the market is flooded with a large number of malicious applications,which brings great inconvenience to people's daily life,and it is a great threat to the security of users' property and personal information.Therefore,a method that can effectively distinguish the malicious application and protect the interests of users is necessary.Currently the results of the Android security research,the detection of malicious applications can be divided into two kinds:static detection method and dynamic detection method.Static detection method has become the mainstream of malicious program detection method,because it is easy to implement and needs less resources for the equipment,while intelligent devices have a great limit in computing power and battery power.According to the different contents of the detection method,the static detection method can be divided into the feature based and the behavior based method.Each of the two methods has its advantages and disadvantages.Based on the idea of the two methods,this paper proposes a static detection model based on behavior feature.The model needs to reverse the process to get the source code file and get permissions,classes,methods,and API from the file as an application's behavior characteristics.N-gram feature set is obtained by using the N-gram model from the characteristics,which is used to compare the similarity of two applications.A sample library containing a large number of malicious programs and normal procedures is needed.Finally,the classifier is used to classify the unknown programs,which is used to accomplish the identification of malicious programs.The model is verified by the experiment.The model proposed in this paper can achieve a very good recognition effect on the malicious program through the analysis of the experimental results.