Research On Malicious Behavior Detection Technology In Android Application

With the popularity of mobile Internet,intelligent terminal equipped with Android system,brought people’s lives a lot of convenience,has been widely used as an indispensable tool for people’s lives,because of its superior openness,rich third-party applications,user-friendly interface and a good user experience and other significant advantages.Android intelligent terminal penetration has reached the world’s first.Intelligent terminal with android system can be installed on a wealth of applications,such as socialsoftware,online banking,electronic payment and other software,these software has a lot of user information with application value,once the leak will give users an incalculable economy loss.However,the openness of the Android system also makes the number of malware for its development increased year by year,a variety of illegal malware to the user has brought serious security risks.At present,for the Android platform,malware has been to malicious behavior detection technology has brought some challenges.On the one hand,the openness of the Android system,the complexity of the user permissions,the application of digital signature software without third-party certification of these features,resulting in software malicious behavior is complex and hidden,the traditional malicious behavior detection technology is difficult to identify.On the other hand,equipped with Android system,mobile terminal platform,energy and computing power is limited,the traditional PC domain malicious behavior detection technology and programs difficult to port to the Android system.Therefore,the research of this article to carry the Android system,intelligent terminal for the object,put forward a number of suitable for Android system software malicious behavior detection technology and methods.The main contributions of this paper are as follows.1.This paper proposes a dynamic detection mechanism of malicious behavior of Android software based on Markov chain.First,using the software behavior description language based on binary mapping,the Android software is mapped to a binary group arranged at the execution timing.Then,a set of behavior reduction rules is proposed to extract the "fingerprint" of malicious behavior from the behavior transition probability map.According to the behavior fingerprint,it judges whether the software has malicious behavior.Finally,the validity and usability of the method are evaluated by experimental verification.2.This paper proposes an Android malicious behavior detection scheme based on multi-strategy combination.In this work,a novel four-level detection framework is designed,including feature extraction module combined static detection style and dynamic one,primary detection module,weight-learning module based on neural network algorithm and decision module based on the voting strategy.First of all,using a mixed strategy with static and dynamic styles collects software behavior features from multi-dimensions,and at the same time,using multiple well-known machine learning algorithms(such as SVM,Bayesian Network,and kNN)detect possible malicious behaviors.Then,to improve the detection capability,the proposed system adopts neural network technology to modify the weights of primary detection algorithms.Finally,the effectiveness of the proposed strategy is verified by experiments.3.This paper proposed a cloud platform based on the lightweight Android software malicious behavior detection method.First,propose a malware detection model for Android mobile phone client,construct the program code CPU running cycle and power consumption mapping relationship,in the implementation of the program interpretation,by comparing the energy consumption and program "standard "The relationship between energy consumption to mark the existence of the relevant process" suspected malicious.Second,according to the characteristics of the code and run-time network conditions,the use of the task "bundling" strategy to migrate the corresponding tasks online to the cloud,the strategy in the task of migration while taking into account the user experience and task migration brought additional energy.Then,in the cloud through the use of virtual machine introspection technology to track the migration of its code "run track".Finally,it is proved by experiment that the proposed detection architecture can reduce the detection time and energy cost while ensuring high detection rate.In general,this paper systematically studies the malware behavior detection technology of Android system.Focussing on static detection and dynamic detection of malicious behavior,we creatively design a set of for detection of malicious behavior transformation probability graph reduction rule set.Reducing the false alarm rate and false negative rate at the same time,the proposed strategies greately improve the detection efficiency.In addition,combining with the rise of cloud computing technology,this paper puts forward the malicious software detection method based on the cloud platform,which views the energy consumption fluctuation caused by malicious behavior as the detection element and moves the process of malicious behavior detection into the cloud.It greately increase the security of the Android mobile phone at the same time,through the use of bundled migration strategy,it can parallelly implemente the migrated code in cloud,which takes care of the user experience.Moreover,extended research can be done in our work.