Current Android applications vary in quality,while there exist many potential malwares threatening privacy and information safety. In order to cope with this particular predicament,a new solution using SimHash algorithm for Android malware detection is pro-posed on the basis of analysis of signature detection technology based on MD5,which consists of three steps including APK signature-text extraction,signature-text digital fingerprint generation and results contrast. In order to textualize APK files,malware analyzing program androlyze. py is introduced. Meanwhile,considering the efficiency of Android signatures,Android program permission,call function,re-ceiver and services have been converted into composite signatures APK text. Then,the composite signatures text has been converted into string,of which the Hamming Distance is counted as measurement for the security level. In addition,after practically analyzing and com-pared with 360 Anti-virus Software the overall detecting efficiency is proved to be better,thus considered as an effective method of An-droid malware detection.%针对当前Android应用程序良莠不齐,存在大量的恶意程序对个人隐私和信息安全构成严重威胁的现状,在分析基于MD5的传统特征代码检测技术的基础上,提出了利用SimHash算法,经过APK文件特征文本提取,特征文本数字指纹生成,数字指纹比对及比对结果分析三个步骤,进行Android恶意程序检测的新方法.为实现APK文件特征文本化,引入恶意软件分析程序androlyze.py,同时,考虑到Android特征的有效性,经研究需要选取Android程序的权限及调用映射、广播接收器、服务等核心信息组合成对应APK文件的复合特征文本,将复合特征文本转换为字符串后利用程序进行海明距离计算,由海明距离判断待测试APK文件的安全性.通过实验进行实例分析,并将得到的检测效果与360杀毒软件做比较,发现基于SimHash算法的恶意程序检测方法,检测率高于360,可以作为Android恶意软件检测的一种有效方法.
展开▼
