计算机科学

计算机科学 ›› 2016, Vol. 43 ›› Issue (5): 96-99.doi: 10.11896/j.issn.1002-137X.2016.05.018

• 信息安全 • 上一篇    下一篇

一种基于组合事件行为触发的Android恶意行为检测方法

张国印,曲家兴,付小晶,何志昌   

  1. 哈尔滨工程大学计算机科学与技术学院 哈尔滨150001,哈尔滨工程大学计算机科学与技术学院 哈尔滨150001;黑龙江省国防科学技术研究院 哈尔滨150001,哈尔滨工程大学计算机科学与技术学院 哈尔滨150001,哈尔滨工程大学计算机科学与技术学院 哈尔滨150001
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受黑龙江省国防科学技术研究院支撑项目:移动APP恶意行为识别与逆向分析技术研究(20150309)资助

Android Malicious Behavior Detection Method Based on Composite-event Trigged Behaviors

ZHANG Guo-yin, QU Jia-xing, FU Xiao-jing and HE Zhi-chang   

  • Online:2018-12-01 Published:2018-12-01

PDF (PC)

613

摘要: 当前Android恶意应用程序在传播环节缺乏有效的识别手段,对此提出了一种基于自动化测试技术和动态分析技术的Android恶意行为检测方法。 通过自动化测试技术触发Android应用程序的行为,同时构建虚拟的沙箱监控这些行为。设计了一种组合事件行为触发模型——DroidRunner,提高了Android应用程序的代码覆盖率、恶意行为的触发率以及Android恶意应用的检测率。经过实际部署测试,该方法对未知恶意应用具有较高的检测率,能帮助用户发现和分析未知恶意应用。

关键词: Android,恶意行为检测,动态分析,组合事件,自动触发

Abstract: For lack of effective means to identify Android malware application in transmission link at current time,this paper proposed an Android malicious behavior detection method based on automated testing techniques and dynamic analysis techniques. Android applications behavior is triggered by automated testing technology and monitored by a vir-tual sandbox.This paper presented a model of triggering malicious behavior named DroidRunner using combined operations on malware,which improves the Android application code coverage and the trigger rate of the malicious behavior.It benefits to improving the detection rate of malicious Android applications.After the actual deployment and testing,this method has a high detection rate to the unknown malicious applications.It can help users to find and analyze the unknown malicious applications.

Key words: Android,Malicious behavior detection,Dynamic analysis,Composite event,Automatic trigger

[1] Hu Wen-jun,Zhao Shuang,Tao Jing,et al.A Detection Method and System Implementation for Android Malware[J].Journal of Xi’an Jiaotong University,2013,7(10):37-43(in Chinese) 胡文君,赵双,陶敬,等.一种针对Android平台恶意代码的检测方法及系统实现[J].西安交通大学学报,2013,7(10):37-43
[2] Cai Zhi-biao,Peng Xin-guang.Detection of Android malwarebased on system calls[J].Computer Engineering and Design,2013,4(11):3757-3761(in Chinese) 蔡志标,彭新光.基于系统调用的Android恶意软件检测[J].计算机工程与设计,2013,4(11):3757-3761
[3] Blasing T,Batyuk L.An android application sandbox system for suspicious software detection[C]∥Proceedings of the 5th International Conference on Malicious and Unwanted Software.2010:55-62
[4] Hao Peng,Sarma C G B.Using probabilistic generative models for ranking risks of Android apps[C]∥Proceedings of the 2012 ACM Conference on Computer and Communications Security.2012:241-252
[5] Lu Cheng,Yang Yi-xian.Design and Implementation of Mal-wares Detection System on Android[D].Beijing:Beijing University of Posts and Telecommunications,2012(in Chinese) 路程,杨义先.Android平台恶意软件检测系统的设计与实现[D].北京:北京邮电大学,2012
[6] Android developers.Monkeyrunner.http://developer.android.com/tools/help/ Monkeyrunner_concepts.html
[7] Yang Huan,Zhang Yu-qing,Hu Yu-pu,et al.A Malware Beha-vior Detection System of Android Applications Based on Multi-Class Features[J].Chinese Journal of Computers,2014,37(1):15-27(in Chinese) 杨欢,张玉清,胡予濮,等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014,37(1):15-27
[8] Spreitzenbarth M,Freiling F,Echtler F,et al.Mobile-sandbox:having a deeper look into android applications[C]∥Proceedings of the 28th Annual ACM Symposium on Applied Computing.ACM,2013:1808-1815
[9] Hierarchy View.http://developer.android.com/tools/help/hierarchy-viewer.html
[10] Karami M,Elsabagh M,Najafiborazjani P,et al.BehavioralAnalysis of Android Applications Using Automated Instrumentation[C]∥Proceedings of the International Conference on Software Security and Reliability Companion.2013:182-187
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发