Android Malware Detection And Defense System

As mobile devices start to appear our daily life,the number of smart phones has been increasing.Complex mobile malware,especially Android malware,can acquire our information without permission.According to the statistics of 360 Internet security center,nearly 14.1 million Android malware samples were intercepted in 2016,The average increase is 38,000 everyday,which is an astonishing number.So it is very necessary to propose a techniques to analysis and defense Android malware.The existing methods to detect Android malware use many different features of APK,such as sensitive APIs involving security?the system calls?control-flow constructions and information flow combine with the machine learning classification algorithm to achieve accurate detection.At the same time,there are many different detection methods,such as behavior checking,the use of license based analysis,static analysis and dynamic analysis in the detection software of malware and antivirus software.This dissertation summarizes the advantages and disadvantages of Android malware detection scheme now,and makes full use of the cloud resources,then designs and implements the Android malware detection and defense system,which combines with static detection and dynamic monitoring.The server side will experiment with a large number of Android samples of the known normal and malware,and machine learning technology to establish a classification of prediction model,which is run in the static detection process of malware,and then return the corresponding test report.The client first performs preliminary filter the detection software by comparing the malicious software blacklist library,and then monitors the behavior information of the software in real time after the installation is completed.And it provides the defense processing measures for users,and realizes the malicious detection to the known and unknown applications,By testing the system,we knew that it can improve the detection accuracy of the malware,and the resource cost is further reduced,and the learning ability of the new sample is improved.So it has certain theoretical and practical application value.The main research results of this dissertation are as follows:(1)In the server,this dissertation will experiment with machine learning technology and the soaring number of Android malware samples to establish a classification of prediction model,which is run in the static detection process of malware.First,during feature extraction we obtain the permissions and the dangerous API information of Android applications,the permissions feature in its android manifest.xml file by decompiling apk files and its dangerous API features by translating decompiles class.dexfiles into smali files together with the baksmali tool.Then in the weka tool of data mining,we use multiple classification algorithms and preprocessing algorithm to compare the accuracy rate of a single feature detection and the conjoint features detection.The experimental results show that the accuracy rate of the conjoint features detection is higher than that of a single feature detection,and the accuracy is up to 97.5%.(2)In the client,the Android proactive monitoring and defense system has designed and implemented.It can intercept and defense the malicious behaviors with Android system with radio monitoring mechanism,such as the users' privacy information behavior and deduction behavior and so on.Meanwhile it can integrate the server with the client as a whole.and the server and the client are connected together to realize the static detection and the dynamic monitoring simultaneously,which ensures the accuracy of the detection results and achieves the real-time and at the same time,The system has the advantages of expandability,which enable users to protect and detect their own personal information security and set up their own awareness of the information security.(3)The functional tests of the system were performed by selecting individual samples.The test results showed that the function was basically consistent with the functions proposed in the requirements analysis phase.Then a set of(10,20,50,100,500,1000)different number of samples was selected as the test sample pair.The system's detection time,detection accuracy rate,false alarm rate and other performance indicators were tested.The test results show that,as a whole,the detection time is relatively fast and has certain advantages.It can be used as a rapid detection system,but it is not correct.With a high reporting rate,the accuracy rate needs to be further improved.Therefore,the system can be used as a rapid lightweight detection system to implement certain protection for the user's mobile phone security.