北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2014, Vol. 37 ›› Issue (s1): 104-107.doi: 10.13190/j.jbupt.2014.s1.020

• 研究报告 • 上一篇    下一篇

Android恶意程序行为分析系统设计

李静华, 慕德俊, 杨鸣坤, 胡伟   

  1. 西北工业大学 自动化学院, 西安 710072
  • 收稿日期:2013-11-08 出版日期:2014-06-28 发布日期:2014-06-28
  • 作者简介:李静华(1986- ),男,博士生,E-mail:jovistar@gmail.com;慕德俊(1963- ),男,教授,博士生导师.
  • 基金资助:

    国家自然科学基金项目(61303224);高校博士点基金项目(20126102110036);西北工业大学研究生创业种子基金项目(Z2014018)

Design on Android Malware Behavior Analysis System

LI Jing-hua, MU De-jun, YANG Ming-kun, HU Wei   

  1. School of Automation, Northwestern Polytechnical University, Xi'an 710072, China
  • Received:2013-11-08 Online:2014-06-28 Published:2014-06-28
  • Supported by:
     

摘要:

提出了一种基于行为的Android恶意程序分析系统(nDroidAS)设计. nDroidAS加入客户端组件监控用户设备上的Android安装包(APK)安装操作,以及时分析待安装应用程序. 服务器端在虚拟环境中安装、运行应用程序,执行动态行为分析检出恶意程序;同时,抓取互联网中的APK程序包并提前分析,建立结果缓存,加快对用户分析请求的响应. 构建了简化的nDroidAS原型系统,分析了部分APK程序样本. 验证结果表明:nDroidAS能有效监控Android设备中的APK安装操作并及时响应客户端分析请求,是一种可行的恶意程序行为分析系统方案.

关键词: Android, 恶意程序, 行为分析

Abstract:

Consisting of nDroidC (client) and nDroidS(server), a behavior-based Android malware analysis system: nDroidAS is proposed. Application installation events on the Android device are monitored by nDroidC, which generates analysis requests while an application is to be installed. The target application is installed in nDroidS, by which dynamic feature vectors of the application are collected and analyzed to detect the malicious ones. Meanwhile, to pre-analyze applications, an Android package(APK) fetcher is designed in nDroidS to fetch APK samples from app markets. Some key technologies of the system such as feature vectors selection and interaction simulation are also discussed. A simplified prototype of nDroidAS is built, which is able to analyze Android malwares dynamically and fetch APK samples in the wild. Experiments show that the proposed system architecture is feasible.

Key words: Android, malware, behavior analysis

中图分类号: