Research And Implementation Of Malicious Software Detection Technology For Intelligent Mobile Terminal

With the maturation and development of IoT technology and mobile Internet technology,more and more users are beginning to use smart mobile terminals.Android system has become the preferred operating system for smart mobile terminals due to its open source and stability.According to Gartner,the global sales of Android-powered smart phones ranked the first in 2017,accounting for 84.1% of the whole smartphone sales.However,the Android system is often attacked by malicious software.In 2017,Symantec website intercepted an average of 24,000 mobile phone malwares every day.Android malwares severely threaten system and user security in terms of privilege escalation,remote control,tariff theft,and privacy leakage.Therefore,it is of great importance and necessity to detect Android malwares.Currently,among the methods for Android malware detection,the privilege-based analysis method is simple but of less accuracy;the methods based on structural feature of control flow graph has a high accuracy.However in this method,a feature database needs to be maintained,besides the structural descriptions of the control flow graph are complex;the API-based methods are simple and of high accuracy,but these methods acquire a lot of redundant APIs and could not obtain the chronological API sequences.The chronological API sequences can help analyze the status and behavior of the application.By monitoring the application in real time the application's accurate timing information can be obtained.However,in order to ensure the integrity of the information,all functions of the application must be artificially triggered.This paper presents an Android malware detection method based on machine learning algorithm.First,construct the control flow graph of the application to obtain API information.Based on the API information,this paper innovatively constructs boolean,frequency,and time-series data sets.Based on these three data sets,three detection models for Android malwares detection at API calling,API frequency and API sequence aspects are constructed.This paper tests and compares the accuracy and stability of the three detection models through a large number of experiments.The experiments were conducted on 10010 benign applications and 10683 malicious applications.The results show that all the three detection models have high accuracy and stability,and the model based on time series data sets has the highest accuracy and stability.All the results consistent with the theoretical analysis in this paper.