Research On Anti-AV Technology Of Android Malware Based On Code Obfuscation

As the Android system has become the mainstream operating system in the field of smart phones,it has also become the target of many malware attacks.Therefore,security researchers have proposed malware detection technology based on the Android platform.At the same time,malicious programs have also derived Android Anti Anti-Virus Technology to escape the killing of various detection technologies.Due to the lack of system-level anti-virus tools on the market,security personnel use anti-virus software to test their AV(Anti-Virus)engines during the anti-virus software testing phase,which provides an opportunity for anti-virus programs.This article studies malware anti-virus technology based on code obfuscation,designs and implements a malware anti-virus system,designed to provide anti-virus software security vulnerability information,and provide security personnel with more anti-virus Trojan test cases to assist security personnel in anti-virus software Conduct a penetration test.The main research contents of this article are as follows:This article studies the obfuscation technology under the Android platform,uses the obfuscation technology to design the Android malware anti-virus solution,and conducts research on the anti-virus technology from the Java layer and the Native layer.The paper designs the Android malware anti-virus system,including: Java layer anti-virus subsystem,Native layer malware anti-analysis subsystem,and targeted anti-virus subsystem.According to the AV engine,the detection features of malicious APK extraction include: API call sequence,string,data flow and other features to design a Java layer malware anti-av subsystem to achieve string confusion,method confusion,image resource confusion,API Call sequence obfuscation,and specific API call obfuscation based on reflection technology.According to the security personnel's reverse analysis method,the Native layer malware has source code anti-av technology.The malware implements the core code at the Native layer,and provides the Native layer core node encryption scheme,core method encryption scheme,and the dynamics of encrypted So files.Decryption scheme.In the targeted Anti-AV subsystem,this paper proposes a quantitative assessment method based on "anti-av matrix",which uses the quantitative evaluation indicators such as confusion vector,confusion matrix,anti-av vector,anti-av matrix,etc.Quantitative assessment,and use this as a basis to construct targeted anti-av programs.Finally,the Android malware anti-virus system was tested.The test results show that: the Java layer anti-virus subsystem can achieve anti-virus for 60 AV engines in Virus Total;the Native layer anti-analysis subsystem can successfully encrypt So files and prevent IDA pro against So Reverse analysis of files;the targeted anti-av subsystem can generate corresponding anti-av matrices for 60 AV engines in Virus Total,and use the anti-av matrix to successfully achieve anti-av for 60 AV engines.It can be seen that for antivirus software developers,this system can provide batches of malicious samples and assist in penetration testing of antivirus software.