Behavior-based Android Malware Detection

With the rapid development of the Android system,the number of Android mobile devices has surged to a record high.As the number of applications related to e-commerce,personal payment and social application on mobile devices continues to increase,more and more sensitive information stored by users on Android mobile phones is increasing.Android malware obtains sensitive information in Android mobile phones without permission,which seriously threatens the security and privacy of users.In order to protect users' privacy information from Android malware theft,the detection of malware on the Android system has become an important issue in recent years.In this paper,we analyze the Android platform architecture,Android security mechanism,Android automated testing and emulator environment detection,and design a behavior-based Android malware detection method.The main achievements in this paper are listed as follows:(1)A static Android malware detection method based on non-user operation sequences was designed.This method extracts the Application Programming Interface call information of application by reverse engineering technology analysis.Then,this method constructs the function-call graph of the application by using the breadth-first traversal algorithm,and extracts the non-user operation sequence from the function-call graph.And the edit distance algorithm is used to calculate the similarity between the sample to be detected and the non-user operation sequence in the malicious behavior library to identify the malware.Compared with Androguard and Flowdroid,our method promotes the detection effect of malware.(2)A new Android automatic testing method is designed.This method allows the application to be automated by using UIAutomator and Monkey automatic testing technologies.UIAutomator automatic testing technology is applied to standardize the test,and Monkey automatic testing technology is applied to randomize the test.This automated test method reduces test time,labor costs and increases code coverage.(3)A behavior-based hybrid Android malware detection method is proposed.The non-user operation sequence of the application is extracted through static detection to guide the standardized test method,and the randomized test method is used to automatically test the application.We extract the network behavior information of the application.The network behavior information of the application is compared with the network behavior information in the normal behavior library and the malicious behavior library to determine whether the application program is malicious software.The experimental results show that our method can effectively identify malware.