| 一种易部署的Android APP动态行为监控方法 |
| |
| 作者姓名: | 王学强 雷灵光 王跃武 |
| |
| 作者单位: | 1. 中国科学院信息工程研究所, 北京 100093;
2. 中国科学院数据与通信保护研究教育中心, 北京 100093;
3. 中国科学院大学, 北京 100049 |
| |
| 基金项目: | 国家保密局保密科研项目(BMKY2013B12-2) 资助 |
| |
| 摘 要: | Android平台目前已经成为恶意代码攻击的首要目标,超过90%的Android恶意代码以APP的形式被加载到用户设备.因此,监控APP行为成为对抗Android恶意代码攻击的重要手段.然而,已有的监控手段依赖于对Android系统底层代码的修改.由于不同OEM厂商对Android系统的严重定制,直接改动商用Android系统的底层代码很难由第三方人员部署到用户设备.本文在分析Android进程模型和代码执行特点的基础上,提出一种在应用层实现的程序行为监控方案,通过动态劫持Android虚拟机解释器的方法,实现对应用程序代码执行情况的全面监控.由于不直接对Android系统源码进行任何改动,该方案可以灵活、快速地部署在不同型号、不同版本的Android移动终端上.通过对原型系统的实现和测试,发现该系统易于部署、监控全面并且性能损耗较低.
|
| 关 键 词: | Android APP 行为监控 Dalvik劫持 动态注入 |
| 收稿时间: | 2014-08-20 |
| 修稿时间: | 2014-11-27 |
An easy-to-deploy behavior monitoring scheme for Android applications |
| |
| Authors: | WANG Xueqiang LEI Lingguang WANG Yuewu |
| |
| Institution: | 1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
2. Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China;
3. University of Chinese Academy of Sciences, Beijing 100049, China |
| |
| Abstract: | Malicious applications pose tremendous threats to Android platform. More than 90% of malicious codes are introduced in the form of Android apps. Hence, behavior monitoring scheme for Android applications are required in order to resolve the problem. However, most of the schemes are based on system customization and hard to deploy on devices for Android's fragmentation problem. In this paper, an easy-to-deploy Android application monitoring method on the basis of process hijacking is proposed after analysis of Android process model and code execution details. The method depends on Dalvik interpreter entry point and system call interception. The authors created a fully usable prototype of the system, and the evaluation results show that the system is easy to deploy, provides a whole-scale behavior of Android applications, and incurs little performance overhead. |
| |
| Keywords: | Android APP behavior monitoring Dalvik hijacking dynamic instrumentation |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
|
