Research On Android Malicious Application Detection Method Based On Dynamic And Static Combination

Mobile phone has become an indispensable tool for people's leisure,office and social life,by the rapid development of mobile Internet.Mature mobile payment greatly facilitates people's lives.However,with the convenience brought by smart phones,it also brings certain security risks.More malicious applications threaten the privacy of users,property security and so on.The operating system of current mobile smartphones mainly includes Android,IOS,and Windows Phone,and the Android system accounts for more than 85% of the entire market.It is the first operating system that deserves to be deserved,so it has become the target of malicious application attacks.Once the user's mobile phone is installed with a malicious application,it will cause immeasurable loss to the user.How to efficiently and accurately detect and identify the malicious application of the Android application is an urgent problem to be solved.Combined with the research status of Android malicious application detection at home and abroad,this paper detects and recognizes Android malware from static detection and dynamic detection,and proposes a comprehensive detection scheme using ensemble learning methods.The main work and innovations are as follows:(1)Aiming at the problem that a single feature cannot fully reflect the nature of Android applications,this paper proposes a method of combining sensitive permissions with API and using ensemble learning model for static detection.This method combines the permission and API features to make up for the shortcomings of a single feature that cannot fully discriminate the application,and uses mutual information to screen the features to avoid the problem of excessive feature information and high redundancy.Then use the ensemble learning model for data training and identification of unknown applications.It is verified by experiments that the method can reach 95.5% accuracy in distinguishing malicious applications.(2)Aiming at the fact that static detection cannot combat code transformation technology and dynamic malicious payload technology,a dynamic detection method based on API features is proposed.This method is based on the Xposed framework,which can intercept the call of the API function of the recording program through the Hook method during the running of the program.In order to trigger the behavior of the program faster and obtain characteristics,the Monkey source code in the Android SDK(Software Development Kit)has been modified so that it can simulate the user's rapid triggering of program events to collect API call information.Experiments have verified that the method can shorten the time for feature collection during dynamic detection,thereby reducing the time consumption of detecting malicious programs.(3)Combining the static detection method and dynamic detection method proposed in this article,a dynamic and static Android malicious application detection scheme is proposed.This not only makes up for the defect that static detection cannot effectively detect code obfuscation,but also improves the accuracy of malicious application detection,making the detection of malicious applications more comprehensive.Finally,experimental analysis and comparison of previous work show the feasibility of the scheme.