| Android内核钩子的混合检测技术 |
| |
| 引用本文: | 华保健,周艾亭,朱洪军.Android内核钩子的混合检测技术[J].计算机应用,2014,34(11):3336-3339. |
| |
| 作者姓名: | 华保健 周艾亭 朱洪军 |
| |
| 作者单位: | 1. 中国科学技术大学 软件学院, 江苏 苏州 215123;
2. 中国科学技术大学 苏州研究院,江苏 苏州 215123 |
| |
| 基金项目: | 中国计算机学会—腾讯科研基金资助项目,苏州市科技计划项目 |
| |
| 摘 要: | 针对Android平台上内核级钩子检测的研究,提出了一种结合基于特征模式的静态检测技术和基于行为分析的动态检测技术的Android内核钩子检测技术,这两种技术的结合能够检测基于修改系统调用表项的攻击和基于内联钩子的攻击。为所提技术构建了软件原型系统并进行了实验评测,实验结果表明,提出的技术能够针对Android内核钩作出精确检测,并且运行时间开销在7%以内,具有良好运行效率,能够适用于Android内核钩子的混合。
|
| 关 键 词: | Android Linux 内核 检测系统 软件原型 |
| 收稿时间: | 2014-04-30 |
| 修稿时间: | 2014-06-23 |
Hybrid detection technique for Android kernel hook |
| |
| HUA Baojian,ZHOU Aiting,ZHU Hongjun.Hybrid detection technique for Android kernel hook[J].journal of Computer Applications,2014,34(11):3336-3339. |
| |
| Authors: | HUA Baojian ZHOU Aiting ZHU Hongjun |
| |
| Affiliation: | 1. School of Software Engineering, University of Science and Technology of China, Suzhou Jiangsu 215123, China
2. Suzhou Institute for Advanced Study, University of Science and Technology of China, Suzhou Jiangsu 215123, China |
| |
| Abstract: | To address the challenge of Android kernel hook detection, a new approach was proposed to detect Android kernel hooks by combining static technique based on characteristic pattern and dynamic technique based on behavioural analysis. The attacks including modifying system call tables and inline hook could be detected by the proposed approach. Software prototypes and test experiments were given. The experimental results show that the proposed method is effective and efficient in detecting Android kernel hooks, for most of the test cases, the runtime overhead is below 7%; and it is suitable to detect Android kernel hooks. |
| |
| Keywords: | Android Linux kernel detection system software prototype |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
