The invention relates to an Android malicious behavior dynamic detection method based on binary dynamic instrumentation, and belongs to the technical field of computer and information science. The method comprises the following steps: firstly, triggering all potential malicious behaviors of tested software through an Android dynamic detection framework; then, through a dynamic binary instrumentation technology, constructing a calling sequence of a program to a system API, using an N-Gram model to extract call timing relationship characteristics of a function; finally, inputting the generated time sequence relation characteristics into a trained GBDT (Gradient Boosting Decision Tree, Gradient Boosting Decision Tree) multi-classification algorithm detection model, identifying malicious software, and carrying out fine-grained classification on malicious behaviors of the software. According to the invention, a dynamic binary instrumentation technology is used.A system function calling timesequence feature of the software is extracted without knowing a program source code. Compared with the prior art, the Android malicious behavior detection method has high accuracy for Android malicious behavior detection, malicious behaviors of the software can be divided into six classes. More detailed detection conclusion granularity is achieved, and the detection efficiency of the Android malicious software is effectively improved.