Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2014, Vol. 37 ›› Issue (s1): 104-107.doi: 10.13190/j.jbupt.2014.s1.020

• Reports • Previous Articles     Next Articles

Design on Android Malware Behavior Analysis System

LI Jing-hua, MU De-jun, YANG Ming-kun, HU Wei   

  1. School of Automation, Northwestern Polytechnical University, Xi'an 710072, China
  • Received:2013-11-08 Online:2014-06-28 Published:2014-06-28
  • Supported by:
     

Abstract:

Consisting of nDroidC (client) and nDroidS(server), a behavior-based Android malware analysis system: nDroidAS is proposed. Application installation events on the Android device are monitored by nDroidC, which generates analysis requests while an application is to be installed. The target application is installed in nDroidS, by which dynamic feature vectors of the application are collected and analyzed to detect the malicious ones. Meanwhile, to pre-analyze applications, an Android package(APK) fetcher is designed in nDroidS to fetch APK samples from app markets. Some key technologies of the system such as feature vectors selection and interaction simulation are also discussed. A simplified prototype of nDroidAS is built, which is able to analyze Android malwares dynamically and fetch APK samples in the wild. Experiments show that the proposed system architecture is feasible.

Key words: Android, malware, behavior analysis

CLC Number: