中文摘要：

随着移动互联网的快速发展,移动终端及移动应用在人们日常生活中越来越重要,与此同时,恶意移动应用给网络和信息安全带来了严峻的挑战。Android平台由于其开放性和应用市场审查机制不够完善,使其成为了移动互联网时代恶意应用的主要传播平台。现有的恶意应用检测方法主要有静态分析和动态测试两种。一般而言,静态分析方法代码覆盖率高、时间开销小,但存在误报率较高的问题;而动态测试准确度较高,但需要实际运行应用,所需的时间和计算资源开销较大。针对上述情况,本文基于静动态结合的方法,自动检测恶意Android应用。首先,使用静态分析技术获取应用API的调用情况来判定其是否为疑似恶意应用,特别是可有效检测试图通过反射机制调用API躲避静态分析的恶意应用;然后,根据疑似恶意应用UI控件的可疑度进行有针对性的动态测试,来自动确认疑似恶意应用中是否存在恶意行为。基于此方法,我们实现了原型检测工具框架,并针对吸费短信类恶意行为,对由465个恶意应用和1085个正常应用组成的数据集进行了对比实验。实验结果表明,该方法在提高恶意应用检测效率的同时,有效地降低了误报率。

英文摘要：

Mobile devices and mobile applications are becoming more and more important with the rapid development of mobile Internet. Meanwhile, malicious applications have brought serious challenges for the security of network and information. Because the openness and poor review mechanism of the Android platform, it becomes the main transmission platform of malicious applications. At present, static analysis and dynamic testing can be used to detect malicious Android applications. Generally speaking, static analysis has high code coverage and low time costs, but it could cause high false alarm rates. While dynamic testing has high accuracy, but it has high time costs and requires much resource. Therefore, this paper combines static and dynamic detection technology to detect malicious applications automatically. Firstly, this paper uses static analysis to determine whether an application is potentially malicious according to sensitive API calls. Especially, to prevent hidden malwares from static analysis, we take into consideration the reflection call and can detect them effectively. And then, this paper confirms whether the application contains malicious behavior using dynamic testing base on suspicious degree of UI controls. Focus on malicious SMS applications, this paper implements a tool and makes experiments on 465 malicious and 1085 non-malicious applications in real. The experimental results show that the proposed method can effectively improve the detection efficiency and reduce the false alarm rate.