The Research And System Design Of Android Application’s Safety Assessment Based On Behavior Analysis

With the rapidly growing popularity of Android platform, its security issues are also increasingly severe. Malicious developers crack applications and embed malicious code into applications, making the original applications have malicious behavior. In addition, some applications have access to sensitive resources such as privacy, and these applications have potential risks, because once being attacked, they will cause users’losses. Applications like repacked malicious applications and applications with potential risk have seriously threated the safety of Android users.To solve problems above, this paper proposed a detection model for repacked malicious applications and a risk assessment model for applications with potential risks based on behavior analysis. Then according to the models this paper designed and realized the safety assessment system for Android applications. Finally this paper proved the validity of the proposed models and the designed system through simulation experiments and system testing. This paper’s main work and achievements are as follows.(1) This paper analyzed the behavior characteristics of repacked malicious applications on android platform. Then defined and described the behavior patterns of android applications from the perspective of API through which the applications and the system interact directly, and using the applications’behavior patterns as the detection object of repacked malicious applications detection model. The detection model firstly builds single classifier by using SVDD (Spport Veetor Data Deseription) based on the normal application’behavior data, and then determine whether the application is maliciously repacked or not by using single classifier. The detection model solves the problem that the repackaged malicious applications behavior data is difficult to obtain. Simulation results showed the effectiveness of the model proposed in this paper.(2) Considering the potential threats of applications, an assessment model was designed to evaluate applications’security risk by analyzing the characteristic of malicious applications’behavior. The assessment model took the API as assessment objects. Firstly this paper defined and described the behavior risk events, the influence of behavior risk, the probability of behavior risk, the loss of behavior risk and the security risk loss of applications. Then the security risk assessment algorithm was designed by appling the information entropy theory. Finally by using the security algorithms to evaluate applications’security risk based on the behavior data. The assessment model quantifed the risk of applications, and avoided the deviation caused by single value determination method through using information entropy theory to calculate comprehensive behavior risk value combined with the subjective and objective behavior risk loss.The experiment proved this method had better rationality.(3) Based on detection model and assessment model, this paper designed and realized an comprehensive evaluation system. The system included application’s API monitoring and application’s behavior analysis. This paper described the detailed design of the initialization module, the behavior of security services module, repackaged malicious applications detection module and applications of risk assessment module and other modules. At last this paper implemented and verified the effectiveness of this safety assessment system.This paper focuses on the Android security field. The security model proposed has certain value in theory, and safety assessment system has instructive value in the project implementation.