针对日益严重的Android终端恶意攻击问题,本文提出了一种基于Xposed框架的Android应用恶意行为检测方法。在触发方面,通过构建界面元素树并遍历执行自动化测试,实现元素的全面覆盖,尽可能触发恶意行为。在捕获方面,开发了动态敏感API监控模块,直接监控Android系统的敏感API调用,获取更多调用和参数信息。实验结果显示,该方法能有效检测恶意行为,且监控方式具有高可扩展性。
A detection method of Android application malicious behaviors based on Xposed framework
Wang Sai
1
王赛(1990-),女,硕士研究生,主要研究方向:移动互联网安全
Guo Yanhui
1
郭燕慧(1974-),女,副教授,研究方向:内容安全,软件安全
Wu Qiuxin
2
吴秋新(1967-),男,副教授,主要研究方向:信息安全
Liu Yuandong
1
刘元冬(1991-),男,硕士研究生,主要研究方向:信息安全
1、Software Security Center,Beijing University of Posts and Telecommunications,Beijing 100876
2、School of Applied Science,Beijing Information Science and Technology University,Beijing 100196
Abstract:With the increasingly prominent malicious attacks of Android terminal, this paper proposes a detection method of Android application malicious behaviors based on Xposed framework to optimize the existing method both in trigger and capture. In the trigger aspect, the method build a tree based on interface elements and traversal it to carry out an automation test that can make a full coverage of the elements. It can trigger malicious behaviors as much as possible. As for the capture aspect, this method develops a dynamic sensitive API monitor module based on Xposed framework, with which we can detect the malicious behaviors through the direct monitor of Android system sensitive API call. And it can get more information about the call and its parameters. The experimental results show that this method can effectively detect the malicious behaviors. Furthermore, it is much more convenient to monitor the behavoirs with a strong scalability.
扫一扫
2069
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
