Research On Code Security Detection And Assessment Method For Android

Android is an open source operating system for smart mobile terminals,which is widely favored by users for its openness and flexibility.With the increasing market share of the Android operating system,Android applications are exposed to serious security risks gradually.In order to covertly conduct illegal activities without the user's knowledge,malware of different families sneaks into the market through various channels.Once installed,users may be faced to security threats,such as malicious deductions,privacy theft,remote control,malicious transmission,tariff consumption,system damage,deceive fraud,and hooligan behavior.Security threats such as sabotage,deception,rogue behavior.At the same time,there is no absolute security.Normal Android applications can also present varying degrees of risks,especially the proliferation of overprivilege issues,which will cause trouble for users' normal use.In order to analyze the security and risks of Android applications better,and construct a healthy Android ecosystem,we have conducted in-depth explorations in Android code security detection and risk assessment methods.We have studied the statistical and structural pattern recognition methods of malicious code,and the qualitative and quantitative assessment of risky code.The main work of this article includes:1.Aiming at traditional machine learning methods such as SVM,which are difficult to detect malware with large-sample and multi-class malware effectively,a method for Android malware detection and family classification based on deep neural network is proposed.Based on the comprehensive extraction of statistical features such as application components,Intent Filters,permissions,and data flow,the method performs an effective feature selection to reduce dimensions,and conducts a statistical pattern detection of large samples and multiple classifications for malware based on deep neural network.The experimental results show that the method can conduct an effective detection and classification.The accuracy of binary classification between benign and malicious apps is 97.73%,and the accuracy of family multi-classification can reach 93.54%,which performs better than other machine learning algorithms commonly used for Android malicious code detection.2.In view of the fact that the existing few formal detection methods are faced with the problems of complex code modeling,incomplete and inaccurate expression of family properties,and excessive manual participation,a formal detection method for Android malware based on communicating sequential processes(CSP)is proposed.It converts the APK file of the application into an easy-to-analyze representation,Jimple,in order to model code behavior with CSP.The process describing the behavior of a sample is input into the FDR model checker to be simplified and verified against the process abstracted from malware automatically to express the property of a family.The classification of the sample is judged by detecting whether it has the typical behavior of any family property.The experimental results show that the automated method can characterize the behavior patterns of applications from the structure level,and a high family classification accuracy of 99.06% is achieved in comparison with another formal detection method.3.Most existing risk assessments of Android applications directly assign weights to factors according to experience,and calculate security risks by counting the frequency statistics of few factors.A method for classification risk assessment of Android applications is thus proposed based on multi-factor clustering selection,which can provide both quantitative and qualitative assessment.This method integrates multiple risk factors such as system permissions,API calls,the action properties of Intent Filter,and data flow,which are associated with the objects of security operations.The risks of factors are assigned according to the relationship between objects and security threats,and the weights of different types of factors are distributed based on hierarchical clustering.The analysis of the experimental results shows that the assessment method can reflect the real security risks of applications more effectively than Androguard.