Privacy-preserving Malware Detection System Based On Reputation Evaluation

With the full popularity of intelligent mobile terminal devices,the mobile application industry is booming.At the same time,a large amount of mobile malware is pouring into the mobile application market.Mobile devices often contain important private information of users.The existence of mobile malware will introduce security vulnerabilities,cause economic losses to mobile users and bring privacy leakage and other problems.Therefore,it has become the focus of many researchers in the field of security to protect users from being harmed by mobile malware through detection and prevension.Nowadays,Android is the most widely used system,so we focus our research on malware detection in the Android system.The main goal of existing Android malware detection schemes is to improve detection accuracy.Through serious survey on Android malware detection,we found that during the Android malware detection process,data related to user privacy are used,and existing solutions do not fully take into account the protection of user privacy.Meanwhile,no study considers detection priority in the case of multiple applications needed to be detected in order to minimize the damage caused by malicious applications.Therefore,the focus of our research on Android malware detection is as follows.First,in real application scenarios,the detection scheme needs to be able to effectively and comprehensively detect whether an application is malware to protect user profits from being infringed.Second,the degrees of damage caused by different applications are different,so the detection of multiple applications should be prioritized,and applications with high levels of damage should assign high detection priority.Finally,in the actual application scenario,it is necessary to use cloud services or other third-party outsourcing services for malware detection.When users interact with the third-party services,they will upload data containing their own private information.Therefore,the detection scheme should protect user private data and preserve user privacy from being invaded.Based on the above research focus,we designed a hybrid detection system for Android malware that uses reputation evaluation to determine detection priorities and protects user privacy.The system consists of three entities: client,server and a third party.It contains three functional modules: reputation evaluation,static detection and real-time detection.Among them,the reputation evaluation module calculates the impact of the application based on the data of the user's behavior in using the applications.When detecting multiple applications,priority should be given to the applications with strong impact.The static detection module obtains the permission information by decompiling the application APK file,and completes the detection with the help of machine learning.The real-time detection module monitors the system call information of the application in real time and uses machine learning to complete the detection.It is important to note that implicit user privacy data are used in the reputation evaluation and real-time detection modules.Therefore,we propose a security model and use a data privacy protection method to protect the private data of users in these two modules,so as to comprehensively ensure the privacy of users in the system.After that,we implemented the above detection system and developed a malware detection App that can be installed in Android mobile terminals.In addition,we analyzed the security of the system based on the proposed security model,and evaluated the system's detection accuracy and operation efficiency.The test results show that the detection system proposed in this thesis has good operation efficiency and detection accuracy.The system's static detection accuracy can reach 0.990,and its real-time detection accuracy can reach 0.993.