期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种易部署的Android APP动态行为监控方法

An easy-to-deploy behavior monitoring scheme for Android applications
下载PDF
导出
摘要 Android平台目前已经成为恶意代码攻击的首要目标,超过90%的Android恶意代码以APP的形式被加载到用户设备.因此,监控APP行为成为对抗Android恶意代码攻击的重要手段.然而,已有的监控手段依赖于对Android系统底层代码的修改.由于不同OEM厂商对Android系统的严重定制,直接改动商用Android系统的底层代码很难由第三方人员部署到用户设备.本文在分析Android进程模型和代码执行特点的基础上,提出一种在应用层实现的程序行为监控方案,通过动态劫持Android虚拟机解释器的方法,实现对应用程序代码执行情况的全面监控.由于不直接对Android系统源码进行任何改动,该方案可以灵活、快速地部署在不同型号、不同版本的Android移动终端上.通过对原型系统的实现和测试,发现该系统易于部署、监控全面并且性能损耗较低. Malicious applications pose tremendous threats to Android platform. More than 90% of malicious codes are introduced in the form of Android apps. Hence,behavior monitoring scheme for Android applications are required in order to resolve the problem. However,most of the schemes are based on system customization and hard to deploy on devices for Android's fragmentation problem.In this paper,an easy-to-deploy Android application monitoring method on the basis of process hijacking is proposed after analysis of Android process model and code execution details. The method depends on Dalvik interpreter entry point and system call interception. The authors created a fully usable prototype of the system,and the evaluation results show that the system is easy to deploy,provides a whole-scale behavior of Android applications,and incurs little performance overhead.
作者 王学强 雷灵光 王跃武
机构地区 中国科学院信息工程研究所 中国科学院数据与通信保护研究教育中心 中国科学院大学
出处 《中国科学院大学学报(中英文)》 CAS CSCD 北大核心 2015年第5期689-694,共6页 Journal of University of Chinese Academy of Sciences
基金 国家保密局保密科研项目(BMKY2013B12-2)资助
关键词 ANDROID APP 行为监控 Dalvik劫持 动态注入 Android APP behavior monitoring Dalvik hijacking dynamic instrumentation
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献10

  • 1Gartner.Gartner says smartphone sales accounted for 55 percent of overall mobile phone sales in third quarter of 2013[EB/OL].(2013-11-14)[2014-07-20].http: // www.gartner, com/newsroom/id/2623415.
  • 2Cisco.Cisco 2014 annual security report[R/OL].Cisco_2014_ASR.pdf.(2014)[2014-07-20].https://www.cisco.com/web/offer/gist_ty2_asset/.
  • 3Enck W,Ongtang M,McDaniel P.On lightweight mobile phone application certification[C]//Proceedings of the 2009 ACM Conference on Computer and Communication Security(CCS).2009:235-245.
  • 4Felt A P,Chin E,Hanna S,et al.Android permissions demystied[C]//Proceedings of the 2011 ACM Conference on Computer and Communication Security(CCS).2011:627-638.
  • 5Grace M C,Zhou Y,Wang Z,et al.Systematic detection of capability leaks in stock android smartphones[C]//19th Annual Network and Distributed System Security Symposium(NDSS).Internet Society,2012.
  • 6Jiang X X.Security alert:new sophisticated Android malware DroidKungFu found in alternative Chinese app markets[EB/OL].(2011-06-23)[2014-07-20].http ://www. csc. ncsu.edu/facu|ty/jiang/DroidKungFu, html.
  • 7Bl?sing T,Batyuk L,Schmidt A D,et al.An android application sandbox system for suspicious software detection[C]//5th International Conference on Malicious and Unwanted Software(MALWARE).2010:55-62.
  • 8Burguera I,Zurutuza U,Tehrani S N.Crowdroid:behavior-based malware detection system for android[C]//Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices(SPSM).ACM,2011:15-26.
  • 9Enck W,Gilbert P,Chun B G,et al.TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[C]//Proceedings of the USENIX Symposium on Operating Systems Design and Implementation(OSDI).2010:393-407.
  • 10Xu R,Sa?di H,Anderson R.Aurasium:Practical policy enforcement for android applications[C]//Proceedings of the 21st USENIX Conference on Security Symposium.USENIX Association,2012:539-552.
中国科学院大学学报(中英文)
2015年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部