Design And Implementation Of Android Malicious Remote Control Software Detection System Based On Traffic

Android malicious applications seriously threaten the safety of users'personal property,such as stealing user privacy and remotely controlling devices.To address these malicious behaviors,there are existing research methods based on network signatures,statistical features,and vocabulary features.All of them have the problem of ignoring the malicious behavior returned by the server to the client.In view of the above problems,this thesis proposes an Android malware detection method based on traffic text semantics,designs and implements a traffic-based detection system for detecting Android malicious remote control software.The main research results of this thesis are as follows:Firstly,aiming at the malicious behavior returned from the server to the client,this thesis proposes an Android malware detection method.First of all,we analyze the traffic returned from the server to the client in a malicious application and find that its malicious behavior is mainly represented by JSON and Javascript types.Specifically,this method treats each HTTP stream as text,extracts text features using natural language processing techniques,and finally builds an SVM model based on semantic features.After experimental evaluation using 2000 benign samples and 2000 malicious samples,the results show that the method has the ability to identify the malicious behavior of traffic returned from the server to the client,and the accuracy of detecting malware is 98.15%,which is better than other detection methods.Secondly,starting from the market demand for effectively detecting malicious applications of network interaction,we have designed an Android malicious remote control software detection system,which includes five parts:front-end module,task scheduling module,traffic collection module,traffic detection module,and system storage module.In order to ensure the low coupling and load balancing of the system,the system designed a Redis message queue to coordinate the task scheduling module for task scheduling.In order to extract the application's traffic data sautomatically,a dynamic driving algorithm is designed in the traffic extraction module.Thirdly,based on the above design,an Android malware detection system is implemented.The system is finally presented to the user in the form of a web page,which can detect Android malicious applications online and provide relevant traffic evidence.At the same time,the use of multiple technologies to improve system performance,such as Quartz cluster,Redis cluster,etc.using Docker technology to achieve automated deployment.Finally,20 benign samples and 20 malicious samples were taken for functional testing.All samples are correctly identified,and the system can effectively prevent illegal file uploads and resist SQL injection attacks.