期刊文献+

SysTracker:一种采用系统调用监测安卓应用资源使用的方法 被引量:1

SYSTRACKER: A SYSTEM CALL-BASED RESOURCES USAGE MONITORING TECHNIQUE FOR ANDROID APPLICATIONS
下载PDF
导出
摘要 安卓恶意应用行为大多源于对系统资源的非法使用,资源使用信息将有助于快速地分析恶意行为。然而,由于安卓系统使用权限机制对资源进行管理的特性,现有的基于系统调用监测安卓应用资源使用的方法并不行之有效。针对该问题,设计并实现了SysTracker:一种采用系统调用辅以API-系统调用映射关系来监测安卓应用资源使用的技术。SysTracker通过截获安卓应用程序中的系统调用,并对系统调用的相关信息进行解析,借助API-系统调用映射关系将特殊的系统调用序列还原为相应的API调用,从而识别出应用程序中资源使用信息。大规模的应用程序测试显示SysTracker对API调用的识别率高达99.2%。同时,通过对多款应用程序的分析表明,SysTracker能直观反映应用对资源使用的情况以快速识别出应用的恶意行为。 Most of malicious behaviours of android applications come from abuses of system resources, and the resources usage information serves to fast analysing the malicious behaviours. However, due to the characteristic of android system using permission mechanism in its management, current system call-based method does not effective in monitoring android applications resource usage. Aiming at this problem, we design and implement SysTracker, which is a technique based on system call and assisted with mapping relationship between API and system call to monitor the resource usage in android applications. By intercepting and capturing the system call in android applications and analysing the related information called by the system, the SysTracker restores the special system call sequence to corresponding API call with the help of mapping relation of API and system call, so as to recognise the resource usage information from the applications. Large-scale applications tests show that the recognition rate of SysTracker on API call reaches up to 99.2%, meanwhile, it is demonstrated by the analyses of a couple of applications that the SysTracker can intuitively reflect the situation of resources usage by the applications for quick identifying the malicious behaviours of the application.
出处 《计算机应用与软件》 CSCD 北大核心 2014年第10期244-250,共7页 Computer Applications and Software
基金 教育部-英特尔信息技术专项科研基金项目(MOE-INTEL-2012-02) 上海市科学技术委员会科研计划项目(11511504404)
关键词 ANDROID 敏感资源 系统调用 监测方法 Android Sensitive resource System call Monitoring technique
  • 相关文献

参考文献15

  • 1腾讯移动安全实验室.腾讯移动安全实验室2012年手机安全报告[EB/OL]. 2013 - 01 - 21. http://msm. qq. com/scan/news/secure_news__detail. jsp. id = 133.
  • 2王志国,侯银涛,石荣刚.Android智能手机系统的文件实时监控技术[J].计算机安全,2009(12):42-44. 被引量:19
  • 3Xu R, Saidi H, Anderson R. Aurasium: practical policy enforcement forAndroid applications [ C ] //Proceedings of the 21st USENIX conferenceon Security symposium,2012.
  • 4S trace Project[ OL] . http : //source forge, net/projects/strace/.
  • 5Shabtai. A,Fledel Y,Kanonov U,et al. Google Android: A Comprehen-sive Security Assessment[ J]. IEEE Security and Privacy,2010,8(2):35 -44.
  • 6OpenBinder documentation [ OL]. http://www. angryredplanet. com/- hackbod/ openbinder/ docs/html/.
  • 7Chin E,Felt A P,Greenwood K,et al. Analyzing inter-application com-munication in Android [ C ]//Proceedings of the 9th international con-ference on Mobile systems, applications, and services,2011.
  • 8Monkey [ OL ]. http ://developer, android, com/tools/help/monkey, ht-ml.
  • 9Felt A P, Chin E, Hanna S, et al. Android permissions demystified[C ] //Proceedings of the 18th ACM conference on Computer and com-munications security ,2011.
  • 10Zhou Y, Zhang X, Jiang X, et al. Taming information-stealing smart-phone applications ( on Android) [ C ] //Proceedings of the 4th interna-tional conference on Trust and trustworthy computing,2011.

二级参考文献1

  • 1毛德操,胡希明.Linux内核源代码情景分析[M]浙江大学出版社,2001.

共引文献18

同被引文献2

引证文献1

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部