Research On Android Malware Detection Technology Based On Sensitive Feature Set

Today is in the era of getting rapid growth in mobile Internet rapid development and intelligent mobile terminal users, and Android system has already become the world’s largest mobile smartphone operating system. The attendant is the spread of Android malware and it continues to expand, resulting in detection technology research is urgently needed. Although for heuristic detection on unknown malware has been studied and researchers have achieved impressive results, but heuristic detection techniques in feature selection, classifier training, anti-detection resistance, and time and detection performance have still large room for improvement. Therefore, the main research contents of this paper are as follow:1. Investigating and researching the Android malware/software detection technology researches at home and abroad in recent years, analyzing Android system architecture and security mechanism, and researching Android application and its file structure, program operation process and malicious program mechanism.2. Machine learning algorithms are introduced and used to classify Android software. Besides, the logical interface is designed for joining Android application and machine learning classification algorithms. It converses the real data which represents the software characteristics to the abstract data which can be identified by classification algorithm.3. Giving the related definition of sensitive feature set. Based on static sensitive functions feature set uses-permission and Smali API, proposing the mixed static heuristic detection technology with code confusion resistance and resistance on invoking sensitive functions by reflection; based on dynamic sensitive behaviors feature set, proposing the dynamic heuristic detection technology that implements in the sandbox with process anti-tracing resistance, and simulation of click and broadcast which can trigger application functions.4. Integrating the proposed static/dynamic heuristic detection technology and the accurate matching function by using MD5 of APK files and SHA1 of DEX files, then design the triple combined detection model of Android software.5. Through analysis and experimental verification, the heuristic detection performance of the combined detection model based on the sensitive feature set is better than that of the non sensitive feature set.