| The number of Android malware installation packages rose sharply from June 2012 to the second quarter of 2013. By the end of 2013, Android platform breed malware accounted for 97 % of all mobile malwares, while in 2012 this ratio was 79%. Considering the severe security situation of Androd platform, how to conduct an effective malicious detection against on the Android application has become a serious problem to be solved.According to the situation, this thesis proposes an approach by combining the dynamic and static analysis to track malicious behavior. The dynamic tracking scheme is based on the dynamic taint tag technology, monitoring and recording the malicious behavior of applications which running in the virtual machine. The dynamic taint tracking system is implemented in the Dalvik VM layer to ensure maximum system stability. The static analysis scheme decompiles the source code of the Android application and extracts critical information such as the requested permissions and API calls to analyze the possible malicious behavior. By combining the information obtained by two schemes, we can maximumly restore the possible malicious behavior of the Android application. The experiments of testing our own malware sample and the real malware samples shows that the proposed approach can not only carry out a comprehensive analysis of the application’s source files, but also trace and record the behavioral information of the application when running, accurately restore the behavior characteristics of the sample application.Our approach based on the analysis of the behavior of malicious applications, can effectively analyze the malicious behavior of the known or unknown malicious applications and record the detailed behavior information, which provides the basis for future rapid analysis, feature library and blacklist libraries. |
PDF Full Text Request