摘要
目前Android手机上恶意APP安全检测方法大致分为两种,静态检测和动态检测.静态检测利用逆向分解手机安装文件,对APP安装文件进行分解,提取其代码特征和正常应用样本数据库中样本进行对比,判定APP是否存在恶意行为.动态监测基于对系统信息和应用行为的监控结果来判断APP是否为恶意应用.静态方法由于样本库规模的的限制很难检测病毒变种和新型病毒,动态检测需要事实监控系统行为,占用大量手机资源并且检测识别率不高.本文以Markov链模型为基础结合了动态监控应用行为和用户行为的方法得出的Android平台恶意APP检测方法.最后结合静态检测对apk文件进行分析,以增加动态监控方法的准确性.
At present,there are two kinds of security detection methods on Android mobile phone,the static detection and the dynamic detection.Static detection uses the reverse decomposition of installation APK file,extracting the code characteristics and comparing with the database of the sample to judge if there is malicious behaviors. Dynamic monitoring determines the APP is malicious applications or not based on the system information and application behavior monitoring.The static method is difficult to detect the variety virus and the new virus because of its monotonous sample library and the dynamic detection need to monitor the behavior of the system all the time,it consume lots of mobile resources and the detection rate is not high.In this paper,the Android platform is proposed with the Markov model based on the combining of the dynamic monitoringing on application and user behaviors.In the lash the apk files are analysised to increase the accuracy of the dynamic monitoring methods.
出处
《天津理工大学学报》
2016年第2期27-31,共5页
Journal of Tianjin University of Technology
基金
天津市自然科学基金(15JCYBJC15600)
