Dynamic Detection Technology Of Malicious Code For Android System

With the rapid development of science and technology,Internet and chip technology has gradually become mature which bulkily changes appearances of people's methods of living,studying and working.Android system developed by Goggle Company is a Linux-based open source operating system.Since Android system first appeared in August.2008,its unique openness has been sought after by software developers and mobile device vendors which has captured the hearts and minds of customers.As of 2016,Mobile devices equipped with Android system have exceeded 2 billion.Security issues could not be ignored as mobile devices equipped with Android system play an important role in our lives.In recent years,the number of attacks using malicious code to steal user privacy is increasing with the annual speed of more than 200% on the Android platform,which has now reached tens of millions.As more and more malware and malicious code on Android system,the detection and defense technology of malicious code attack has become one of the focuses and hotspots in the field of Internet Security.According to the APK file permission call and the API function in Android system,this paper proposed a dynamic detect method based on API interception technology to detect the malicious code.Based on this method a prototype of detection system is implemented.The main research work as followed:1.Based on the research of Android system architecture and running mechanism,a method for dynamic detection of embedded malicious code based on API is proposed.First of all,in this paper we summarize the security mechanism of Android system and analyze the system architecture and inter-process communication mechanism of Android System,the specific application software operation process.Next,we summarize the most common embedded execution mechanism of malicious code,monitoring mechanism of mobile phone behavior,data theft,transfer pathways and efficient detection method for the malicious code.After that,through further research on the above two points,a widely used dynamic detection method is proposed for common malicious code.In this method,the software behavior is chosen as element of back-check.Telephone,SMS,location,photos and other more sensitive user privacy categories for key research and testing are chosen as testing content.Finally,through the study of the behavior characteristics of malicious code,a detection criterion based on training model and threshold determination is proposed.2.Based on this method,the prototype of the detection system is implemented and test for related malware and code is done.Based on the design of detection method,we put forward a detailed solution,and realize the prototype of detection system which can be used to detect malicious code and malicious software,intuitive display malicious behavior and directivity of malicious code,effectively preventing the misjudgment of damage.