Android Malicious Application Detection System Based On Sequence Matching Of Behavior Feature Values

Nowadays,mobile devices have widely covered people's work and life.Smartphones are the most popular mobile devices,and more and more people are socializing,shopping,entertainment,and work in smart phones.What‘s more,network supervision is becoming more and more strict,many account registrations on smart phones require real-name system.Therefore,mobile devices store a large amount of personal privacy information,and the privacy information on these mobile devices becomes the main object attacked by malicious viruses.Because the Android system is the vast majority of systems in smartphones,various Android applications appear in the Android application market in large numbers.Various malicious applications are hiden in those Android applications,which can steal user privacy information and limit the freedom of users to use the device normally.These malicious applications pose a great threat to the user.Therefore,research on the detection of malicious applications on Android systems is one of the important topics in network security research today.This paper analyzes the existing Android malicious application attack methods and anti-detection methods.The existing deficiencies in the methods for detecting malicious applications and the parts that can be improved are analyzed.Combined with the system mechanism of Android system,a detection method based on behavioral feature value sequence is designed and a system based on this method is implemented.The main research results of this paper are as follows:(1)A malicious application detection method based on sequence matching of behavior feature values is designed.The method obtains a sequence of behavioral feature values of malicious application samples by means of a Hook-sensitive API,and obtains a sequence of behavioral feature values of the same kind of malicious application.The behavior characteristic value sequence of the behavior of the detection object is matched with the sequence of the behavior characteristic value of the malicious application,and if the matching similarity exceeds the threshold,the method of malicious application can be evaluated.This method has a good detection effect for malicious applications of anti-static detection,and this is convenient for maintenance and update,and can achieve higher accuracy.(2)A C/S detection system based on behavioral feature value sequence matching detection method was developed.The system is divided into two parts: client and server.The client is software running on the Android system,listening to the application's call to the sensitive function,as the behavior of the detection object application,it will be arranged into a sequence of behavior feature values in chronological order,and uploaded to the server.The server has a database for storing a sequence of malicious behavior feature values,and performs matching detection with the sequence of behavior characteristic values of the detection object to obtain a detection result.(3)A decision result determination scheme consisting of three sets is proposed.A collection is used to store a malicious application type whose behavior characteristic value matches successfully;a collection is a single malicious behavior that stores a sequence of malicious behavior feature values that are not present in any matching success;a collection stores a suspicious malicious sequence,indicating that although The matching result is benign software,but there are cases of suspicious behavioral feature value sequences.This solution effectively detects variants or new types of malicious applications.In this thesis,there are 16 figures,17 tables and 88 references.