随着近年来移动互联网的兴起,智能手机飞速发展。由于Android的开源性,使得Android平台的恶意软件与日俱增,并且具有数量大、传播快、变种多等特点。文章提出了一种检测和防范Android恶意软件的策略及方法。首先通过静态分析的方法提取大量的正常Android应用程序和恶意程序样本的权限,然后统计样本结果,对比正常应用与恶意程序所调用权限的区别,重点研究良性软件和恶意程序中调用最频繁的权限的区别。该统计结果很好地反映了恶意软件与良性软件在权限选择上有许多不同侧重点;最后引入信息增益概念,来研究每项权限对于判断一个应用程序为恶意软件的可能性的影响大小,对应用程序的权限进行分级评分,从而形成一个可靠有效的安全测评机制。通过实验证明,该方法能有效的检测和防范恶意软件,从而更好地保护Android手机安全。
In recent years, Android smart phones have developed rapidly, along with increasing developed software on the android platform. However, due to Android's open source property, the malware is growing in android platform. Currently, a large number of malicious software has been rapidly spread. Therefore, it is a must to protect Android smart phones. The main work of this paper are as follows: first, extract a large number of permissions from normal applications as well as malicious applications through static analysis. Secondly, draw histograms based on the permissions to show what permissions are most important. We pay much attention to finding out which permission is most frequent between benign application and malware. The statistical results reflect that there are many different priorities between benign application and malware. Lastly, depending on the information gain concept to estimate the risk which a application is a malware. We rank permissions based on information gain. In this way to form a effective and safe assessment mechanism. This paper provides a method for detecting malware. Through experimental results, the method has the opportunity to become malware detection and prevention mechanisms to better protect Android phone.