android恶意软件实现及检测分析word格式论文.docxVIP

AbstractThe mobile phone becomes more and more popular since it is invented for the convenience it brings to people. With the continuous evolution of mobile phone, it is endowed with many features. Users can install software from third-party service provider in their mobile operating system, and access internet through mobile communication network. However, the threat of malware also appears. Android has become the one of the most popular mobile operating system after the population of J2ME, Symbian and WM platform. At the same time, the development of mobile malware has also reached new heights.The main forms of Android malware are the Premium Rate Number Billing, Privacy (e.g. IMEI, SD card data) Spyware and Transaction Authentication Number Stealing. The hackers usually release a malware by decompiling normal Android application and then embed malicious module into it. Therefore, the implementation of malware behavior and detection has a practical significance to protect users from attacks.The pre-detection and real-time block are two usual ways against malware. Pre-detection means detect Android APK before it is installed. While real-time block means block malicious behavior when Android APK is running. This paper mainly focous on the previous way, and the main accomplishments are as follows:Implement and reproduce Android malware behavior, display the essence of malware from the code level.Reveals the main procedure of How malware developers implant malicious module into users smart phone system, and provider user with the appropriate preventive measures.Design a static behavior detection solution with the conclusion drawn from the above two points. Firstly, by matching critical System API, this solution deployed in local can effectively detect malicious behavior. At the same time, by introducing signature check mechanism on the cloud, this solution deployed in the cloud can detect re-signed application effectively. As the result, the whole system improves dete