Dissertation > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > General issues > Security and confidentiality

Research on Android Malware Detection Based on Object Reference Graph

Author LuLiang
Tutor LiDong
School Harbin Institute of Technology
Course Computer Science and Technology
Keywords Android Malware Dynamic Detecting Object Reference Graph VF2
Type Master's thesis
Year 2013
Downloads 1
Quotes 0
Download Dissertation

Today the smart phone industry is developing rapidly.Especially the Android smartphone is widely used and is becoming an important communication tool. But there aretoo many Android malwares. It brings users great threat on information security.Inessence, the key to solve the problem is software recognition technology. Staticidentification technology has many disadvantages. People are becoming more and moreconcerning about the dynamic methods to identify software.This paper makes someresearch on software memory fearture.The main purpose of this paper is to use object reference graph to detect Androidmalware.The main content is getting memeory data to make object reference graph andusing Subgraph Isomorphism algorithm to match object reference graphs.Firstly, this paper describes the overall architecture of the Android system,analyzes its security and application software. This paper also classifies androidmalware and analyzes their behavioral characteristics and attack principle. Getting thereferences among objects in memory is a difficulty. This paper implements extractingmemory data for a process under the Android platform.Objects and the their referencescan be made from the data.Secondly, this paper analyzes the widely used classical graph Isomorphismmatching algorithm,especially the VF2. Some changes are made on VF2algorithm. Anew parameter is added to control the accuracy of matching which makes it suitable forobject reference graphs.The time complexity and space complexity of VF2algorithmare analyzed.Finally,a detecting system for Android malware is built.and the effectiveness of themethod for detecting malware is tested. Experimental results show that after malwareschange their static characteristics via code obfuscation, the method still works.Inexperiment,it shows that false positive rate and false negative rate are changing withdifferent accuracy.Thus,the feasibility of the algorithm in practice are verified.

Related Dissertations
More Dissertations