摘要
针对Android恶意代码泛滥的问题,综合静态和动态分析技术,设计实现了Android恶意代码检测系统。在静态分析部分,提取Android程序中的权限、API调用序列、组件、资源以及APK结构构建特征向量,应用相似性度量算法,检测已知恶意代码家族的恶意代码样本;在动态分析部分,通过修改Android源码、重新编译成内核镜像,使用该镜像文件加载模拟器,实时监控Android程序的文件读写、网络连接、短信发送以及电话拨打等行为,基于行为的统计分析检测未知恶意代码。经过实际部署测试,所提检测方法具有较高的检测率和较低的误报率。所开发Android恶意代码检测系统已经在互联网上发布,可免费提供分析检测服务。
An Android malware detection system is designed and implemented to focus on the problem that malware on Android becomes widespread.The system combines static and dynamic analysis technologies.The APK features such as permission,API call sequences,component,resource and structure are extracted to form a feature vector in static analysis,and a similaritybased method is proposed to detect known malware samples using these features.Android source code is then updated to generate new kernel images in dynamic analysis.The new kernel images can monitor the Android program's behaviors such as file reading and writing,network connection,SMS sending and telephone calling,etc.Thus,unknown malware samples can be successfully identified through analyzing these behaviors.Experimental results show that the proposed system is efficient and performs well on detecting Android malware.The proposed system has been released online and free use of the system is available on the Internet.
出处
《西安交通大学学报》
EI
CAS
CSCD
北大核心
2013年第10期37-43,共7页
Journal of Xi'an Jiaotong University
基金
国家自然科学(61103241
61103240
91118005)
2012年华为创新基金资助项目(YB2012120173)
