ANDROID MALICIOUS APPLICATION PROGRAM DETECTION METHOD, SYSTEM AND DEVICE

摘要

Disclosed in an embodiment of the present invention are an Android malicious application program detection method, system and device, the detection method comprising: a server simulates the execution of an Android application program, matches the sensitive characteristic information of a system function invoked by the Android application program with the sensitive characteristic information stored in a sensitive data introduction rule base, and marks the variable of the successfully matched system function as sensitive data; the server matches the function containing the sensitive data with the malicious behavior characteristic information stored in a malicious behavior detection rule base, and marks the successfully matched function parameter as a malicious behavior. The technical solution in the embodiment of the present invention can detect an Android malicious application program without relying on human analysis of characteristic code, thus reducing the workload of technical personnel.