317 / 1971-01-01 00:00:00

A Malicious Processes Detection Method Based On Android Physical Memory

Android; physical memory; suspicious process; malware detection

With the continuous expansion of the Android system market, more and more Android malware arise, Android security problems become increasingly prominent. This paper presents a malware detection method based on Android physical memory. Address conversion algorithm is proposed by analyzing the physical memory address mapping mechanism. This method uses the traversal algorithm to traverse process list, and proposes a suspicious process detection method on this basis. Experimental results show that this method can effectively detect Android malicious processes in the memory.