| With the rapid development of broadband wireless access technology and mobile terminal it is hoped that people will easily obtain information and services on the internet at any time and any place even when they are moving. However, owing to the gradual improvement of computing ability on mobile intelligent terminal recently, sophisticated functions of these mobile intelligent devices bring about the increasing number of mobile operation system problems and relative security events. The mobile intelligent terminal based on the Android has occupied most of the market, and Android system has become a main target for malicious software. Therefore, nowadays how to make the security detection effectively for the security of application has become the focus of research facing with the increasingly complex security and defense technologies of Android applications.The major work and contributions of this paper can be summarized as follows:Firstly, we further points out the possible loopholes and safe hidden trouble of Android applications based on the security mechanism. It shows that the behavior of malicious threats applications may cause serious losses for users by making use of those holes.Secondly, owing to the flaws of poor readability and misinformation the source code about the binary detection technology, we improve a static security detection method of mobile intelligent terminal based on the Smali intermediate language. It shows that the proposed method has better detection accuracy and low rate of false positives by experiment compared with safety testing Java source code-based. In addition, the principle and characteristics of the more possible malicious behavior about associated applications have been analyzed based on the feature of permissions and the static behavior of the safety testing technology, respectively, and then a security detection method of malicious behavior application has been proposed. The process as follows:first, we can extract permissions characteristics of associated application analysis and generate a characteristic vector by defectively matching the base of association rule and characteristic vector. Then we can build the associated application for further static security detection in order to determine the specific possible security threats.Finally an Android application system of security audit and authentication has been designed. It is composed of security audit platform based on web application and APK security authentication subsystem in intelligent terminal. It can safeguards the security of APK file fundamentally from APP market to intelligent terminal based on APK repeating signature and three security detections on the mobile intelligent terminal, such as static detection, dynamic detection and virus detection. Furthermore, the system can finish the tasks of parallel processing and scheduling of big data in order to meet the balance requirements of the load. Therefore, it can realize the effective disposal and recycling of Android platform, and it have many advantages such as high efficient, reliability, fault tolerance and scalability. In addition, the test results of detection show that the system of security audit certification have more merits like high practicability, flexibility and extensibility, by contrast with analysis detection of Android application on the third party application market. In a word, our research is of great application and popularization value. |
PDF Full Text Request