Android plug-in maliciousness detection method based on function call graph

The invention relates to an Android plug-in maliciousness detection method based on a function call graph, and belongs to the field of mobile security. The method is divided into two parts, the first part is plug-in environment detection, and the detection method comprises the steps of function call graph extraction, call graph extraction, call graph quantification and similarity comparison. The second part is malicious function detection of the plug-in, and the detection method comprises the steps of API permission mapping, list file permission extraction and plug-in function judgment. According to the method, whether the APK contains the plug-in environment or not is judged through a function call graph similarity method, and whether the plug-in contains maliciousness or not is judged on the basis of the plug-in environment. 本发明涉及一种基于函数调用图的Android插件恶意性检测方法，属于移动安全领域。该方法分为两部分，第一部分为插件化的环境检测，检测方法包括：函数调用图提取、调用图抽取、调用图量化、相似度比较。第二部分为插件的恶意性功能检测：检测方法包括：API权限映射，清单文件权限提取、插件功能判断。本发明提出了通过函数调用图相似性的方法来判断APK是否含有插件化环境，并基于插件化