Research And Application Of Android Malware Detection Technology Based On Static And Dynamic Analysis

With the advancement of mobile technology,Android smartphones have quickly become a popular computational platform.However,at the same time,Android system suffers from various kinds of malware,which brings huge security risks to Android users.Therefore,researching Android malware detection to protect smartphone users from Android malware is a critical subject that needs to be studied emergently.In this thesis,an in-depth study of Android malware detection techniques is conducted,and the primary research tasks are as follows:(1)A static detection method for Android malware based on Stacking model fusion is presented.The method firstly decompiles APK samples using APKTool tool to obtain smali code feature files;secondly,generates Opcode N-gram features from smali code according to the set feature extraction and transformation rules;then,the Opcode N-gram features are feature vectorized and input to an integrated learning model built using multiple machine learning classifiers(SRXG-Stacking model)for training;Finally,the superiority of the performance of SRXG-Stacking classification model is experimentally verified,and the effectiveness of the method in static detection of Android malware is verified.(2)A dynamic detection approach of Android malware on the basis of behavioral features is presented.The method uses the analysis of behavior log features generated by Android application running to detect malware.Firstly,a dynamic analysis tool was designed,using which Droid Box was called to capture the dynamic behavior logs occurring during the simulation runtime of the APP;then the dynamic runtime logs are feature extracted from multiple perspectives,such as network transfer,file reading and writing,and API calls;secondly,the extracted behavior features are processed by vectorization and input to the SRXG-Stacking model;finally,the proposed dynamic detection technique for Android malware is experimentally verified to have a good detection effect.(3)Based on the above Android static detection method and dynamic detection method,a detection method based on the hybrid of static and dynamic detection is proposed.The method proposes a certainty threshold,which is used to compare with the determinism of the output outcome of static detection,and when the certainty of the classification result of static detection is greater than the certainty threshold,the detection result is output directly,otherwise,input APK samples into the second layer detection model for dynamic detection.The simulation experiments show that using the certainty threshold to measure the need for dynamic detection can achieve the complementary advantages of static and dynamic detection and improve the overall accuracy rate,indicating the superiority of this hybrid detection method.(4)Designed and implemented Android malware detection system.The overall includes four modules: sample upload,task scheduling,detection and analysis,and visualization.The system applies the above proposed hybrid detection method for Android malware based on the static-dynamic combination to the detection and analysis module,and is able to effectively detect the uploaded APK and display the analysis report to the user.