The present invention relates to a malicious behavior detection method and system based on the smartphone radio interface layer. When an operating system performs data exchange communication with underlying radio hardware, a data instruction thereof is monitored and subjected to decoding analysis, and related information with respect to radio hardware data communication such as whether dialing, voice communication, data communication, short message communication and the like are being performed by an application layer of the operating system is precisely acquired from the underlying layer, so a system defect that in the smartphone operating system architecture, the current smartphone data communication state cannot be globally acquired from the underlying layer is overcome; and an acquired related application, communication state data information of the underlying radio hardware and a related application of a smartphone operating system user layer are subjected to intelligent behavior matching, so applications having legitimate data communication behavior and applications having illegitimate data communication behavior are distinguished, and then timely and powerful protection can be provided aiming at various malicious software behavior, thereby improving the security of smartphone users.
展开▼