使用Android系统机制的应用程序恶意行为检测

J4 ›› 2014, Vol. 36 ›› Issue (05): 849-855.

使用Android系统机制的应用程序恶意行为检测

吴俊昌1，罗圣美2，巫妍2，程绍银1，蒋凡1

（1.中国科学技术大学信息安全测评中心，安徽合肥 230027;2.中兴通讯，江苏南京 210012）

收稿日期:2012-10-22 修回日期:2013-03-19 出版日期:2014-05-25 发布日期:2014-05-25
基金资助:
高等学校博士学科点专项科研基金新教师类资助课题（20113402120026）；安徽省自然科学基金资助项目（1208085QF112）；安徽省高等学校优秀青年人才基金资助项目（2012SQRL001ZD）；中央高校基本科研业务费专项资金资助（WK2101020004）；中兴通讯研究基金资助项目

Detecting applications’malicious behaviors
using Android system mechanism

WU Junchang1,LUO Shengmei2,WU Yan2,CHENG Shaoyin1,JIANG Fan1

(1.Center of Information Technology Security Evaluation,University of Science and Technology of China,Hefei 230027;
2.ZTE Corporation，Nanjing 210012,China)

Received:2012-10-22 Revised:2013-03-19 Online:2014-05-25 Published:2014-05-25

摘要/Abstract

摘要：

Android中存在很多系统机制供应用程序使用，然而这些机制在不当使用时会对用户安全和利益造成很大的破坏性。提出一种基于程序分析的方法，检测应用程序使用这些机制时可能存在的恶意行为。针对函数本身的特征，构建与之相对应的函数摘要。在构建摘要时使用指令级的模拟执行，在检测恶意行为时使用函数级的模拟执行，通过这两种不同级别的模拟执行分析出应用程序中潜在的恶意行为。基于上述方法，设计和实现了一个原型系统。通过对公开的恶意应用样本进行检测，验证了本方法是有效的。

关键词: Android, 系统机制, 恶意行为, 函数摘要

Abstract:

Android applications can use many mechanisms provided by Android system.But the improper use of these mechanisms may make catastrophe to user’s security and benefits. The paper proposes a program analysis method,which detects malicious behaviors in the mechanism. According to the characteristics of function, the corresponding function summary is constructed.The instruction level simulation is used to construct function summary,while the function level simulation is used to detect malicious behaviors. Based on the method above,a prototype system is designed and implemented.We use the system to detect a public malicious application sample library,and the results show that our method is effective.

Key words: Android;system mechanism;malicious behavior;function summary

吴俊昌1，罗圣美2，巫妍2，程绍银1，蒋凡1. 使用Android系统机制的应用程序恶意行为检测[J]. J4, 2014, 36(05): 849-855.

WU Junchang1,LUO Shengmei2,WU Yan2,CHENG Shaoyin1,JIANG Fan1. Detecting applications’malicious behaviors
using Android system mechanism [J]. J4, 2014, 36(05): 849-855.

参考文献

［1］Gartner says worldwide smartphone sales soared in fourth quarter of 2011 With 47 percent growth［EB/OL］.［20120215］ http://www.gartner.com/it/page.jsp?id=1924314.
［2］IDC. Android Rises, Symbian 3 and Windows phone 7 launch as worldwide smartphone shipments increase 87.2% year over year［EB/OL］.［20110207］ http://www.idc.com/about/viewpressrelease.jsp?containerId =prUS22689111.
［3］Google android［EB/OL］.［20120215］.http://www.android.com/.
［4］Bell D.Samsung Galaxy Tab Android tablet goes official［EB/OL］.［20100902］. http://news.cnet.com/ 830117938_105200153951.html.
［5］GIZMODO ［EB/OL］. ［20100621］ http://gizmodo.com/5568458/toshibaac100netbookrunsandroidand hasmassivesevendaysofstandbybatterylife.
［6］Notion Ink. Adam Tablet［EB/OL］.［20110207］.http://www.notionink.in/.
［7］Google Play［EB/OL］.［20120314］. https://play.google.com/store.
［8］App Store［EB/OL］. ［20120314］. http: //itunes.apple.com/gb/app/applestore/id375380948?mt=8.
［9］Egele M, Kruegel C, Kirda E, et al. PiOS: Detecting privacy leaks in iOS applications［C］∥Proc of the 18th Annual Network and Distributed System Security Symposium, NDSS’11, 2011:2933.
［10］Fuchs A P, Chaudhuri A, Foster J S. SCanDroid: Automated security certification of Android applications［EB/OL］.［20120314］. http://www.cs.umd.edu/~avik/papers/scandroidascaa.pdf.
［11］Enck W, Octeau D, McDaniel P, et al. A study of Android application security［C］∥Proc of the 20th USENIX Security Symposium, 2011:21.
［12］Zhou W, Zhou Y, Jiang X, et al. DroidMOSS: Detecting repackaged smartphone applications in thirdparty Android marketplaces［C］∥Proc of the 2nd ACM Conference on Data and Application Security and Privacy, 2012:317326.
［13］Activity［EB/OL］.［20110207］. http://developer.andr oid.com/intl/zhCN/guide/components/activities.html.
［14］Android NDK［EB/OL］.［20110215］. http://developer.android.com/tools/sdk/ndk/index.html.
［15］DexClassLoader［EB/OL］. ［20110215］.http://developer.android.com/reference/dalvik/system/DexClassLoader.html.
［16］Baksmali［EB/OL］.［20110215］. http://code.google.com/p/smali/.
［17］IDA Pro［EB/OL］.［20110215］. http://www.hexrays.com/products/ida/index.shtml.
［18］Zhou Y, Jiang X. Dissecting android malware: Characterization and evolution［C］∥Proc of the 33rd IEEE Symposium on Security and Privacy (2012), 2012:95109.
［19］Android application development documentation［EB/OL］.［20110207］. http://developer.android.com/intl/zhCN/develop/index.html.

[1]	胡建伟，张玉，崔艳鹏. Android勒索软件防护技术研究[J]. 计算机工程与科学, 2020, 42(04): 610-619.
[2]	马刚，刘锋，朱二周. 一种基于改进的朴素贝叶斯算法的Android钓鱼网站检测方案[J]. 计算机工程与科学, 2018, 40(08): 1420-1428.
[3]	池鹏可，苏成悦，谢广泉，柳丁. Android平台上的多用户无线投影控制系统设计[J]. J4, 2015, 37(11): 2148-2153.
[4]	白小龙. Android应用程序权限自动裁剪系统[J]. J4, 2014, 36(11): 2074-2086.