关键词: Android, 恶意软件, 静态检测, 函数调用图, API调用

Abstract: Nowadays, Android is the most popular mobile operating system. In order to effectively detect the malware on the Android platform , a static detection method based on non-user operation sequences was proposed. Firstly, constructing the malware's function-call graphs through extracting the API call information of malware. Then, extracting non-user operation sequences from function-call graphs to form malicious behavior database. In the end, detecting malware by calculating the edit distance between non-user operation sequences of the test sample and the malicious behavior database. The experimental results show that the method in this paper can reach 90.8% of the recall rate and 90.3% of the accuracy rate. Compared with the Android malware detection system Androguard and Flowdroid, this method has a remarkable promotion on malware detection.

Key words: Android, malware, static detection, Function-call graphs, API call