[1]王倩文,沈苏彬,吴振宇.基于安卓平台的恶意软件动态监测的研究[J].计算机技术与发展,2018,28(08):124-128.[doi:10.3969/ j. issn.1673-629X.2018.08.026]
 WANG Qian-wen,SHEN Su-bin,WU Zhen-yu.Research on Malware Dynamic Monitoring Based on Android Platform[J].,2018,28(08):124-128.[doi:10.3969/ j. issn.1673-629X.2018.08.026]
点击复制

基于安卓平台的恶意软件动态监测的研究()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
28
期数:
2018年08期
页码:
124-128
栏目:
安全与防范
出版日期:
2018-08-10

文章信息/Info

Title:
Research on Malware Dynamic Monitoring Based on Android Platform
文章编号:
1673-629X(2018)08-0124-05
作者:
王倩文1 沈苏彬1 吴振宇2
1. 南京邮电大学 计算机学院,江苏 南京 210003; 2. 南京邮电大学 物联网学院,江苏 南京 210003
Author(s):
WANG Qian-wen 1 SHEN Su-bin 1 WU Zhen-yu 2
1. School of Computer,Nanjing University of Posts and Telecommunications,Nanjing 210003,China; 2. School of Internet of Things,Nanjing University of Posts and Telecommunications,Nanjing 210003,China
关键词:
安卓平台恶意软件系统调用动态监测
Keywords:
Android platformmalwaresystem calldynamic monitoring
分类号:
TP393
DOI:
10.3969/ j. issn.1673-629X.2018.08.026
文献标志码:
A
摘要:
介绍了安卓签名机制与安卓安全架构各层的特点,分析了不同层面所存在的监测机制。 着重研究了应用程序框架层的 Hook API 方法和内核层的系统调用拦截方法,设计了一种基于安卓平台的恶意软件的动态监测方案。 该方案结合安卓签名机制,通过计算文件 MD5 值判断应用程序是否存在重打包迹象,进而实现样本过滤。 选定内核层监测方法修改系统调用表还原应用程序上层行为,并针对恶意软件的不同攻击行为给出相应安全策略。 为减轻手机端负荷,与 PC 端结合,利用 monkey 工具实现 apk 自动安装和卸载。 为验证该方案的可行性,选取 Malgenome Project 数据集中最具代表性的恶意软件类族在安卓模拟器上进行实验验证和测试。 实验结果表明,该方案能够有效地监测恶意软件行为,并向安卓手机用户发出警告。
Abstract:
We introduce the Android signature mechanism and the characteristics at each layer of the Android security architecture and an- alyze the monitoring mechanism at each layer. We focus on the Hook API method at the application framework layer and the system call interception method at the kernel layer and propose a malware dynamic monitoring scheme based on Android platform. The scheme deter- mines whether the application has been repackaged by calculating the MD5 value of the file combining with the Android signature mecha- nism,so as to filter the samples. Modifying the system call table of the kernel layer monitoring method is selected,which can restore the application’s high-level behavior. Also,corresponding security policies are given for different malware attacks. In order to reduce the mobile terminal load,the monkey tool is adopted to automatically install and uninstall the apk combining with the PC terminal. Experi- ments which select the most representative malware class in Malgenome Project data set for validation and testing have been conducted on the AVD to verify the proposed scheme. The results illustrate that the scheme can effectively monitor malware behavior and warn An- droid mobile users.

相似文献/References:

[1]袁志坚,王春平陈融,陈萍.Android平台安全威胁及其应对策略[J].计算机技术与发展,2013,(09):110.
 YUAN Zhi-jian[],WANG Chun-ping[],CHEN Rong[],et al.Security Threats on Android Platform and Their Coping Strategies[J].,2013,(08):110.
[2]冯博,戴航,慕德俊.Android恶意软件检测方法研究[J].计算机技术与发展,2014,24(02):149.
 FENG Bo,DAI Hang,MU De-jun.Research of Malware Detection Approach for Android[J].,2014,24(08):149.
[3]杨佳,张慧翔,罗怡,等. 基于自组织映射的安卓恶意软件分析研究[J].计算机技术与发展,2016,26(01):86.
 YANG Jia,ZHANG Hui-xiang,LUO Yi,et al. Research on Empirical Analysis of Android Malware Based on SOM[J].,2016,26(08):86.

更新日期/Last Update: 2018-09-10