基于smali的Android静态检测方法
首发时间:2015-12-29
摘要:随着移动互联网的发展,移动应用软件的安全问题也日渐突出。本文对当前Android静态分析技术进行了概述,对Android应用软件反编译获取的中间语言smali进行语法研究,根据smali语法树的相关结构进行信息提取,获取数据流、控制流及函数依赖图等信息,与维护的规则库进行检测,最终设计并实现了一个基于中间语言smali的移动应用软件静态行为检测系统。通过大量样本实验证明,基于中间语言smali的静态行为检测系统对比基于源代码的静态检测系统效率有极大的提高,并且有漏报率有一定程度的降低。。
For information in English, please click here
Static analysis for Android based on smali
Abstract:With the development of mobile Internet, mobile software security problem has been more serious. In this paper, we provide an overview of the current Android static analysis methods ,and study the Android application software acquired decompiled smali, according to the related information extraction of smali grammar tree, access to the data flow, control flow and function dependency graph and other information, compare to the rule database.Finally design and implement a static behavior detection system of mobile applications based on smali . Proved by large number of samples, the efficient of this detection system has greatly improved contrast to detection system based on source code, and there is a certain degree of false negative rate decreases.
Keywords: smali static analysis sensitive behavior Android
基金:
论文图表:
引用
No.4672739112675814****
同行评议
勘误表
基于smali的Android静态检测方法
评论
全部评论0/1000