Research On FlowDroid Static Detection Method Based On Permission

With the development of the mobile Internet,users can access rich resources and perfect services from Internet,by using smart devices such as mobile phones,tablets,and smart terminals.Android is open source and free for users.Today,it has the highest proportion of mobile device operating systems,and it brings lots of applications.While at the same time,malicious applications also widely developed and disseminated,posing a huge threat to system security and the privacy data such as text messages,accounts,etc.stored in user's smart devices.Due to the insufficiency of the security mechanism of the Android system itself,while the third-party application market security supervision is weak,there are endless malicious applications.Android application security detection has become a hot research.Android application static detection extracts the static feature information of the application from the source code layer,analyzes and judges its possible malicious behavior and identifies malicious applications.It has a wide detection range and low cost.The research of this paper is based on the Flow Droid static detection tool,with wide detection range and high analysis precision.However,there are some shortcomings in the current Flow Droid static detection.The specific performance is that the detection time and memory consuming are too large;the lack of targeted analysis brings a lot of redundant path detection,and the false positive path detection affects the accuracy.In addition,there has no further security decision for the contaminated data stream.In view of the above problems,this paper proposes an improved Flow Droid static detection method based on permissions.It eliminates the redundancy analysis in static detection,improves the detection efficiency,and introduces the combination of risk rating and pollution data flow detection to remove false positive paths and improve the accuracy of static detection.Based on the above methods,we design and implement the BPFlow Droid tool and design test experiments to evaluate the efficiency and accuracy of this tool.The core work of this paper includes the following points:First,study the working principle and operation mechanism of Flow Droid,analyze the framework,running process,stain tracking,etc.,and conduct practical application test experiments on common applications from third-party application stores.Pointed out the shortcoming of original Flow Droid from both theoretical and experimental.The defects and deficiencies existed as the basis for the improvement of this paper.Secondly,research on Static detection redundancy resolution based on feature extraction and risk rating.The feature extraction method based on chi-square checksum and clustering algorithm is designed and implemented,and the feature permission clusters with strong correlation with malicious applications and low correlation within clusters are obtained.Permissions have different threats to user privacy information and system security,while the threats caused by single permission and combination are different.This paper designs risk value assignment and calculation algorithm,and rating risks for single permissions and multiple permissions combination,extracting the detection path with a risk value greater than the threshold.A large amount of redundancy in static detection is removed.Thirdly,this paper designed and implemented the pollution path detection method based on data flow propagation rules.The data flow propagation rules are modeled and analyzed,and the analysis method combining control flow and data flow is introduced to generate a complete pollution data propagation path and the risk.The risk value is used as the auxiliary information of security determination of the traffic data propagation path.And we could remove the security misjudgment caused by the false positive detection path.This method improved the accuracy of the static detection.Finally,based on the above research scheme,this paper designed and implementd BPFlow Droid tool,and designed test experiments to evaluate the function,efficiency and accuracy of this tool.We performed a complete inspection process for self-developed malicious applications to verify the basic functions and usability of the tool,and performed tests on the actual application test,record and analyze the experimental result data and compare it with the native Flow Droid.It has been proved that this tool has high detection accuracy and greatly reduces the time and memory consumption during static detection.