Research On Android Malware Detection Method Based On Hybrid Analysis

With the popularity of smartphones and the arrival of 5G,the latest generation of communication technology,Android has become the dominant mobile operating system in terms of market share and user base.However,due to the limitations of Android permission mechanism,the number of malware samples targeting the Android ecosystem has increased sharply in recent years,posing a serious threat to users’ mobile phone security.However,effective detection of Android malware is a huge challenge.With the continuous upgrade of the Android system,the technology of malware developers is also improving.The malicious means adopted are impossible to defend against,and the previous detection methods cannot meet,the current accurate and efficient detection needs.The main reasons are many factors,such as the selection feature of the detection process and the singleness of the classifier,the inability to deal with the new malware,and the high time cost of the model.At the same time,in recent years,most studies only focus on specific data such as API calls,permissions,and how to use various machine learning or deep learning methods to classify malware,instead of taking into account how the malware operates inside.Only considering the results without paying attention to the process will lead to the lack of interpretability of the analysis results.In order to deal with the current problems of Android malware,such as diverse means,rich quantity,wide range of harm,and user-oriented problems,this thesis focuses on Android malware detection as follows:This thesis proposes an Android malware detection scheme based on two-layer hybrid analysis.The detection of Android malware can be divided into static and dynamic analysis methods from the perspective of whether the software is actually running.Simply using one of the two methods cannot accurately track the malicious code in the software.In this thesis,a variety of representative features,such as sensitive permissions,are introduced into the first static analysis scheme and combined into feature vectors.At the same time,suspect components are roughly located as entry points to prepare for dynamic analysis.In the second dynamic analysis scheme,a dynamic monitoring method based on sensitive data streams is designed,which is supported by symbolic execution,blot analysis and other technologies to trigger more malicious behaviors and record sensitive data streams and corresponding runtime characteristics.Finally,we combine the improved static analysis and dynamic analysis to realize the automatic detection process of Android samples,effectively reducing the overall detection cost and overhead.To verify the effectiveness of this method,we used a large number of Android malware samples for testing.The experimental results show that compared with the single static or dynamic analysis methods,the hybrid analysis method proposed in this study can significantly improve the accuracy and efficiency of malware detection,and can track the risk of user privacy leakage,so it has good practicability and popularization value.