| 一种基于组合事件行为触发的Android恶意行为检测方法 |
| |
| 引用本文: | 张国印,曲家兴,付小晶,何志昌.一种基于组合事件行为触发的Android恶意行为检测方法[J].计算机科学,2016,43(5):96-99, 139. |
| |
| 作者姓名: | 张国印 曲家兴 付小晶 何志昌 |
| |
| 作者单位: | 哈尔滨工程大学计算机科学与技术学院 哈尔滨150001,哈尔滨工程大学计算机科学与技术学院 哈尔滨150001;黑龙江省国防科学技术研究院 哈尔滨150001,哈尔滨工程大学计算机科学与技术学院 哈尔滨150001,哈尔滨工程大学计算机科学与技术学院 哈尔滨150001 |
| |
| 基金项目: | 本文受黑龙江省国防科学技术研究院支撑项目:移动APP恶意行为识别与逆向分析技术研究(20150309)资助 |
| |
| 摘 要: | 当前Android恶意应用程序在传播环节缺乏有效的识别手段,对此提出了一种基于自动化测试技术和动态分析技术的Android恶意行为检测方法。 通过自动化测试技术触发Android应用程序的行为,同时构建虚拟的沙箱监控这些行为。设计了一种组合事件行为触发模型——DroidRunner,提高了Android应用程序的代码覆盖率、恶意行为的触发率以及Android恶意应用的检测率。经过实际部署测试,该方法对未知恶意应用具有较高的检测率,能帮助用户发现和分析未知恶意应用。
|
| 关 键 词: | Android 恶意行为检测 动态分析 组合事件 自动触发 |
| 收稿时间: | 2015/4/13 0:00:00 |
| 修稿时间: | 8/3/2015 12:00:00 AM |
Android Malicious Behavior Detection Method Based on Composite-event Trigged Behaviors |
| |
| ZHANG Guo-yin,QU Jia-xing,FU Xiao-jing and HE Zhi-chang.Android Malicious Behavior Detection Method Based on Composite-event Trigged Behaviors[J].Computer Science,2016,43(5):96-99, 139. |
| |
| Authors: | ZHANG Guo-yin QU Jia-xing FU Xiao-jing and HE Zhi-chang |
| |
| Affiliation: | College of Computer Science and Technology,Harbin Engineering University,Harbin 150001,China,College of Computer Science and Technology,Harbin Engineering University,Harbin 150001,China;Heilongjiang Province National Defense Science and Technology Institute,Harbin 150001,China,College of Computer Science and Technology,Harbin Engineering University,Harbin 150001,China and College of Computer Science and Technology,Harbin Engineering University,Harbin 150001,China |
| |
| Abstract: | For lack of effective means to identify Android malware application in transmission link at current time,this paper proposed an Android malicious behavior detection method based on automated testing techniques and dynamic analysis techniques. Android applications behavior is triggered by automated testing technology and monitored by a vir-tual sandbox.This paper presented a model of triggering malicious behavior named DroidRunner using combined operations on malware,which improves the Android application code coverage and the trigger rate of the malicious behavior.It benefits to improving the detection rate of malicious Android applications.After the actual deployment and testing,this method has a high detection rate to the unknown malicious applications.It can help users to find and analyze the unknown malicious applications. |
| |
| Keywords: | Android Malicious behavior detection Dynamic analysis Composite event Automatic trigger |
|
|
点击此处可从《计算机科学》下载全文 |
|
