|
- 2015
一种易部署的Android APP动态行为监控方法
|
Abstract:
摘要 Android平台目前已经成为恶意代码攻击的首要目标,超过90%的Android 恶意代码以APP的形式被加载到用户设备.因此,监控APP行为成为对抗Android恶意代码攻击的重要手段.然而,已有的监控手段依赖于对Android系统底层代码的修改.由于不同OEM厂商对Android系统的严重定制,直接改动商用Android系统的底层代码很难由第三方人员部署到用户设备.本文在分析Android进程模型和代码执行特点的基础上,提出一种在应用层实现的程序行为监控方案,通过动态劫持Android虚拟机解释器的方法,实现对应用程序代码执行情况的全面监控.由于不直接对Android系统源码进行任何改动,该方案可以灵活、快速地部署在不同型号、不同版本的Android移动终端上.通过对原型系统的实现和测试,发现该系统易于部署、监控全面并且性能损耗较低.
[1] | <p> Gartner. Gartner says smartphone sales accounted for 55 percent of overall mobile phone sales in third quarter of 2013[EB/OL].(2013-11-14)[2014-07-20]. http://www.gartner.com/newsroom/id/2623415. |
[2] | Grace M C, Zhou Y, Wang Z, et al. Systematic detection of capability leaks in stock android smartphones[C]//19th Annual Network and Distributed System Security Symposium (NDSS). Internet Society, 2012. |
[3] | Jiang X X. Security alert:new sophisticated Android malware DroidKungFu found in alternative Chinese app markets[EB/OL].(2011-06-23)[2014-07-20]. http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu.html. |
[4] | Cisco. Cisco 2014 annual security report[R/OL]. Cisco_2014_ASR.pdf. (2014)[2014-07-20].https://www.cisco.com/web/offer/gist_ty2_asset/ |
[5] | Enck W, Ongtang M, McDaniel P. On lightweight mobile phone application certification[C]//Proceedings of the 2009 ACM Conference on Computer and Communication Security (CCS). 2009:235-245. |
[6] | Felt A P, Chin E, Hanna S, et al. Android permissions demystied[C]//Proceedings of the 2011 ACM Conference on Computer and Communication Security (CCS). 2011:627-638. |