|
|
- 2016
基于沙盒的Android应用风险行为分析与评估
|
Abstract:
Android是移动领域市场占有率最高的操作系统, 其开源的系统、海量的应用使得Android的用户量与日俱增, 因此Android的安全问题受到业界的高度重视和广泛关注, 特别是Android设备上大量涌现的恶意应用, 已成为Android生态圈发展所面临的重大问题。该文基于Android 4.1.2设计并实现了一个沙盒, 能够对Android系统中应用的行为进行动态监视和记录; 提出了一种基于行为分析的应用风险评估方法, 以便用户对相关应用的风险有一个明确的预判, 从而提高和保障用户的安全; 通过对恶意应用和正常应用的样本分别进行实验和分析, 验证了该文所提出方法的有效性。
Abstract:Android has become the most popular operating system on mobile devices. However, the Android is an open source system with billions of applications. More users are choosing Android, so Android security problems are receiving much attention in the industry. Android of malware is already a major problem and cannot be avoided in the Android ecosystem. This paper describes a sandbox system based on Android 4.1.2 which can dynamically monitor and record application behavior. A risk assessment approach based on behavior analysis is given so that users can get an explicit risk prognosis for an application to improve their safety. Tests on malware and normal application samples verify the effectiveness of this risk assessment approach.
| [1] | CM3. CaffeineMark[Z/OL]. http://www.benchmarkhq.ru/cm30/info.html. |
| [2] | SCAP中文社区. Android漏洞信息库[Z/OL]. (2013-12-20). http://android.scap.org.cn. The SCAP Community of China. Android vulnerbilities database[Z/OL]. (2013-12-20). http://android.scap.org.cn. (in Chinese) |
| [3] | 赛门铁克安全响应中心. 《互联网安全威胁报告》[Z/OL]. http://www.symantec.com/zh/cn/security_response/publications/threatreport.jsp. Symantec Security and Response Center. A survey of global security threat on the internet[Z/OL]. http://www.symantec.com/zh/cn/security_response/publications/threa-treport.jsp. (in Chinese) |
| [4] | 张玉清, 王凯, 杨欢, 等. Android安全综述[J]. 计算机研究与发展, 2014,51(7):1385-1396. ZHANG Yuqing, WANG Kai, YANG Huan, et al. Survey of Android OS security[J].Journal of Computer Research and Development, 2014,51(7):1385-1396. (in Chinese) |
| [5] | Enck W, Gilbert P, Chun B G, et al. TaintDroid:An information flow tracking system for real-time privacy monitoring on smartphones[J].Communications of the ACM, 2014,57(3):99-106. |
| [6] | Reina A, Fattori A, Cavallaro L. A system call-centric analysis and stimulation technique to automatically reconstruct Android malware behaviors[C]//Proceedings of European Workshop on Systems Security. Prague, Czech Republic:EuroSec, 2013:135-141. |
| [7] | Wei X, Gomez L, Neamtiu I, et al. ProfileDroid:Multi-layer profiling of Android applications[C]//Proceedings of the 18th Annual International Conference on Mobile Computing and Networking. Istanbul, Turkey:ACM, 2012:137-148. |
| [8] | Yan L K, Yin H. DroidScope:Seamlessly reconstructing the OS and dalvik semantic views for dynamic Android malware analysis[C]//Proceedings of the 21st USENIX Conference on Security Symposium. Washington DC, USA:USENIX Security Symposium, 2012:569-584. |
| [9] | Zhang Y, Yang M, Xu B, et al. Vetting undesirable behaviors in Android apps with permission use analysis[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. Hangzhou, China:ACM, 2013:611-622. |
| [10] | Chen K Z, Johnson N M, D'Silva V, et al. Contextual policy enforcement in Android applications with permission event graphs[C]//Proceedings of 20th Annual Network & Distributed System Security Symposium. San Diego, USA:NDSS, 2013. |
| [11] | Wu D J, Mao C H, Wei T E, et al. Droidmat:Android malware detection through manifest and API calls tracing[C]//Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference. Tokyo, Japan:IEEE, 2012:62-69. |
| [12] | Bl?sing T, Batyuk L, Schmidt A D, et al. An android application sandbox system for suspicious software detection[C]//Malicious and Unwanted Software (MALWARE), 20105th International Conference. Nancy, France:IEEE, 2010:55-62. |
| [13] | Wikipedia. Java native interface[Z/OL]. http://en.wikipedia.org/wiki/Java_Native_Interface. |
| [14] | HAN T S, Kobayashi K. Mathematics of Information and Coding[M]. Washington, DC:American Mathematical Society, 2002. |
