一种基于Xposed框架的Android应用恶意行为检测方法
首发时间:2015-12-25
摘要:针对Android终端日益猖獗的恶意攻击,本文从恶意行为的触发和捕获两个方面对现有方法进行改进,提出一种基于Xposed框架的Android应用恶意行为检测方法。构建基于应用界面控件的控件树,通过对其遍历实现对应用控件全覆盖的自动化运行,尽可能多的触发恶意行为。然后利用Xposed框架编写监控模块,通过直接对Android系统敏感API调用的监控实现对应用恶意行为的检测,并且能获取调用行为及其参数的详细信息。实验表明,本方法能有效检测出Android应用的恶意行为,并且对应用的行为监控具有很强可扩展性。
关键词: Android终端 恶意攻击 敏感API 自动化测试 hook劫持
For information in English, please click here
A detection method of Android application malicious behaviors based on Xposed framework
Abstract:With the increasingly prominent malicious attacks of Android terminal, this paper proposes a detection method of Android application malicious behaviors based on Xposed framework to optimize the existing method both in trigger and capture. In the trigger aspect, the method build a tree based on interface elements and traversal it to carry out an automation test that can make a full coverage of the elements. It can trigger malicious behaviors as much as possible. As for the capture aspect, this method develops a dynamic sensitive API monitor module based on Xposed framework, with which we can detect the malicious behaviors through the direct monitor of Android system sensitive API call. And it can get more information about the call and its parameters. The experimental results show that this method can effectively detect the malicious behaviors. Furthermore, it is much more convenient to monitor the behavoirs with a strong scalability.
Keywords: Android terminal malicious attacks sensitive API automation test hook hijacking
论文图表:
引用
No.4672049112584114****
同行评议
共计0人参与
勘误表
一种基于Xposed框架的Android应用恶意行为检测方法
评论
全部评论0/1000