Research On Android Malware And Privacy Leak Detection Method Based On Sensitive Data Flow

Since the advent of Android smart phone,mobile devices have covered all aspects of life,and diverse applications have brought convenience to people's lives.However,the application market is full of various malicious software.Malicious applications dig deep into the loopholes in Android's security mechanism,and try to obtain private information for profit.The rapid growth of malicious applications seriously threatens the privacy of users.Therefore,to better protect the security of the Android system,it is necessary to do researches in the detection of Android malicious applications and privacy leaks.Existing research and analysis techniques mainly include static analysis and dynamic analysis.Dynamic analysis requires higher environmental requirements and consumes more resources and time,so we use static analysis methods to complete the preliminary Android application analysis.However,static analysis is susceptible to confusion methods and cannot obtain operating information,resulting in a high false positive rate.In addition,current research methods only consider the characteristics of a single application,ignoring the relationship between applications.A heterogeneous information network based on sensitive data flows of applications is proposed to enrich the static representation of Android applications.It takes semantic relations between applications into accounts.Simultaneously,this study uses heterogeneous network representation learning to learn the node representation.The corpus is obtained by the method based on meta-path random walk,and the word vector is learned by using natural language processing.Considering the samples that have not appeared in the network,this paper proposes a node representation method that aggregates neighbor information to improve the node representation.In addition,this paper uses the Inception structure to optimize the convolutional neural network to complete Android application detection.The accuracy of the experiment reached99.40%,and the false positive rate and false negative rate were reduced to less than1%.At the same time,this paper introduces adversarial learning to the detection phrase.The gradient-based adversarial sample generation method is used to improve performance.In addition,there may exist some problems after malware detection.For example,some benign applications use sensitive information beyond their authority.This study further analyzes the use of private information and leakage of the applications.This paper acquires and analyzes the application privacy policy documents combined with analyzing the actual behavior of the applications obtained by static analysis.Then,this paper do consistency detection as privacy leakage detection.For the inconsistent behaviors,it is considered as a privacy leak.After further verification with manual methods,it is found that more than 80% of the applications have inconsistent behaviors.Moreover,for the sensitive APIs corresponding to the inconsistent behaviors,the Hook plugin based on Xposed framework is developed to dynamically monitor them.By using the plugin,it provides user safety warnings which can initially realize privacy protection.