| With the popularity of Android smartphones,apps such as WeChat,alipay and taobao have become indispensable to people's lives.While enjoying the convenience of smart phones,people also face the increasingly serious problem of mobile phone security.At present,the malware detection of the Android platform is mainly divided into static detection and dynamic detection.Static detection is mainly for the APK source code decompression,check and contrast the normal software differences.Because the raw data is needed for comparison,static detection has great limitations on the detection of unknown malware.Dynamic detection is mainly used to detect malicious behaviors by monitoring the state of the system,and then the status information is extracted for evaluation and judgment.The detection of unknown malicious software can be evaluated by dynamic detection,which makes up for the deficiency of static detection.At present,the dynamic detection scheme based on API tracing needs to modify the system kernel and destroy the security and stability of the native system.The dynamic detection scheme based on machine learning algorithm only considers the system status information as the research data,and ignores the user's influence on the application behavior.In this paper,a malicious behavior detection system based on Markov model is proposed,and the monitoring function is realized by using the system broadcast mechanism,and the user behavior pattern is added to the detection model.It makes the malicious software detection algorithm more effective and accurate in evaluating malicious behaviors.The main research contents of this paper are as follows:1.Background monitoring:Background monitoring is mainly used to detect sensitive behavior in mobile phone system.By analyzing the behavior characteristics of malicious software,this paper selects sensitive behaviors with high incidence and high recognition degree as the monitoring objects.At present,the behavior monitoring scheme can realize the tracking of sensitive behaviors by modifying the kernel layer or application framework layer,which can destroy the original security and stability of the system.For example,sensitive information is tagged with dynamic stain tracking technology,and process injection is used to monitor interprocess communication and so on.The monitoring scheme of this paper is mainly based on the system broadcast listening mechanism,without the need to modify the system and the resident background,and can effectively monitor the sensitive behavior.2.Malicious behavior detection :The detection of malicious behavior is mainly used to evaluate whether the abnormal behavior is malicious.At present,the machine learning algorithm mainly carries out pattern recognition and classification analysis by extracting system characteristic data.For example,SVM algorithm.Such algorithms do not consider the feature information of the application behavior itself,nor consider the impact of user behavior on malicious behavior identification.Based on the research of application behavior pattern and user behavior pattern,this paper puts forward a malicious software dynamic detection scheme based on hidden Markov model.The case can effectively identify malicious ACTS.3.Malicious software dynamic detection system:The detection system consists of background monitoring module,malicious activity detection module and user interaction module.Background monitoring module by monitoring the sensitive behavior start testing system,and then the malicious behavior detection module through the model parameters to evaluate malicious behavior,the final user interaction module test results will be visible to the user... |
PDF Full Text Request