Research And Implementation Of Static Detection Technology Of Malicious Code On Android Platform

With the development of science and production and improvement of people’s daily life, intelligent mobile has got widely spread. Among the intelligent mobile operating system, Android has surpassed Symbian, iOS, BlackBerry to become a intelligent operating system that has the highest market share, because of its advantages such as open source and portability. The popularity of Android, on one hand, has brought people conveniences such as sending e-mails, chatting, shopping and so on, on the other hand, because of the open source of Android, more and more malware on android has appeared, by the way of stealing privacy, hidden downloading, they has brought about serious economic damage on people’s daily life. On the platform of Android, the number of malicious application keep increasing, and the type keep changing, they spread by bluetooth, Wifi and other methods. So strengthen the detection of malicious code on Android platform has become a more and more important subject, but the traditional detection technology has certain disadvantage, based on this background, this thesis puts forward a new static detection framework of malicious code on Android platform--AndroidSec.Firstly, this thesis studies the development of Android and the research on Android safety at home and abroad, and analyses the framework, component, interaction mechanism and file structure of Android application. Secondly this thesis conducts thorough research on Android safety and the type, damage of malicious code on Android platform, and analyses the advantage and disadvantage of current detection technology of malicious code on Android platform. This thesis researches the character and realization principle of malicious code on Android platform by analyzing a malicious sample on code level, and gets the knowledge of malicious code on Android platform on deeper level. Basing on the disadvantage of current detection technology and character of malicious code on Android platform, and the background of rapid development of cloud computing, this thesis puts forward the detection framework of malicious code on Android platform based on static detection--AndroidSec, this framework treats dex file as object of study, and risk API calls as character, by using the TF-IDF algorithm in data mining, abstracts the malicious sample as text, through computing the similarity with the help of background monitor and black-list matching, this thesis detects the malicious code on Android platform. The research of this thesis maximum reduces the hardware consuming of intelligent mobile terminal in detection of malicious code, by detecting the similarity, this thesis better makes up the disadvantage of static detection on malicious application variant in static detection technology of malicious code on Android platform.