| According to the report by DCCI,more than 90% users of mobile intelligent terminal seem to lack of security awareness.They don’t make the appropriate safety testing when downloading the third party software application,but install it directly. About 46 percent of mobile end users don’t install the appropriate mobile security software on their smart terminal, which leading Android phone security risks emerg in endlessly, not inferior to the PC terminal security issues, such as: phishing sites, chargeback software, rogue software, mobile phone viruses, spam, resource-consuming software, databases malicious actions, automatic call software and so on. Due to the lack of personal security awareness and immature corresponding security detection technology, the disclosure of user’s own sensitive data is becoming more serious.Based on this, the article is designed to study the dynamic safety testing technology of Android applications systematically and dynamic detection instrumentation techniques for malicious behavior detection is proposed, which consists of three main parts : malicious API series modeling, instrumentation data capture and mobile applications behavior analysis. First, in accordance with the malicious API series modeling, dynamic stub behavior detection technology uses stub technology to insert implanted probe into the sensitive API function of framework layer;second, detection application name, the name of the API function being detected,testing conditions and instrumentation probe operating mode is setted up by the stub manager and stub policy files generated are deposited into the Android emulator system; then,by the listening module and the analytical results of the policy file the technology will real-time listen API functions of the pre-defined Framework, and send the content listened back to the stub manager.At the last, dynamic detection instrumentation techniques complete the dynamic detection of APP behavior.At the same time,this paper has designed the dynamic testing system,which is about dynamic detection instrumentation techniques for malicious behavior detection.First,makes malicious behavior API series modeling for the malicious deduction, privacy stealing and malicious downloading;Based on malicious behavior API series modeling,the system modifies framework jar file, implanting probes into the corresponding API function, which is used to intercept the application operating string,and we can modifies the core jar file to complete the probe design.Using the socket we can make a communacition of manager with the probes,which can send API operations string to the proxy of manager.At the same time, safety testers can get the execution permissions of the Android application. Experimental results show that the proposed method presented in this paper can detect, and monitor reading operation for phone number,mobile phone equipment identification number, domain name information, SMS messages, mobile phone setting of near distance communication,program reflection calls. |
PDF Full Text Request